Earlier this week, Toney Jennings wrote about step two in the rational transition to application whitelisting: the purification stage. Today we announced another step in that stage: a collaboration with SignaCert, the provider of the largest known-provenance whitelist repository in the world, SignaCert’s Global Trust Repository (GTR). Continue reading this post…
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 2 Purify
This is the third post in a series addressing what we see as an inevitable, protection focused, transition to application whitelisting and how that should take place practically. The posts already up on our blog are:
- Intro – Here we provide an overview of what is driving this transition.
- Part 1 Protect – This post highlights the need for companies to consider immediately adding application whitelisting to protect their endpoints.
We think that the transition will take place in three logical steps. First, adding protection to existing systems. Second, purifying those systems of any remnants of malware over time. Finally, providing a strong change management process that will allow users to be productive and deal with the inevitable changes to approved applications while still ensuring the protection that application whitelisting affords.
This blog entry deals with cleaning of endpoints that have gone through the protection step of the process. Continue reading this post…
Microsoft Warning Highlights Broken Security Model
The associated press is reporting that Microsoft is warning of a vulnerability that isn’t yet patched in their operating system. Details on how to protect yourself can be found in the link above.
The proposed solution from Microsoft involves pushing out a large registry change (that you must assemble yourself) that disables the compromised ActiveX control – that then must be applied to each and every system. Continue reading this post…
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Step 1 Protect
The question of whether or not application whitelisting has an important role in the future of endpoint security is officially over. It does. Not only that, it is clear that legacy blacklist antivirus has lost the ability to provide any protection to endpoints and instead is relegated to an after the fact role geared at detecting infections and cleaning them up. I highlighted many of these trends toward application whitelisting and the changing role of antivirus in my intro to this series of blog posts. More evidence of this trend came yesterday when Symantec announced that they are adding application whitelisting capabilities into new reputation based technology code-named Quorum. The bottom line in all of this is that if you are responsible for the endpoint security of your company’s PCs and you aren’t thinking about how whitelisting changes things, you should start now. Continue reading this post…
Endpoint Protection – A Case For a Rational Transition to Whitelisting: Intro
In the past couple of months, whitelisting has been in the news through multiple different avenues. We at CoreTrace feel that the raising awareness that blacklist-based antivirus simply can no longer protect PCs is passing a critical point—a point that is going to lead businesses and eventually consumers to a whitelisting model that can prevent infection, not just detect and clean up the infection after the fact. Here is a look at some key news around this area: Continue reading this post…