In the article, “Conficker Expects to Dominate Botnets and Malware in 2010″, some of the industry’s top security experts say that perpetrators will continue to use Conficker to collapse PCs, block users from accessing certain websites, cause hazardous security breaches, and spread its infection in 2010. And as Conficker continues to evolve and gets more sophisticated, there may be nothing security managers can do to completely stop it.

While understanding the way cyber criminals work is good advice, stopping them at the outset like Neustar senior technologist, Rodney Joffe, suggests will not effectively stop criminals from taking new approaches to spreading the virus. Where there’s a will, there’s a way. And fraudsters are becoming more innovative every day.

With many anti-virus technologies still focused on detecting new forms of malware from entering their networks, as the article suggests, more complex Web-based malware is making it harder to do so. Instead of trying to keep up with cyber criminals who continue to re-invent the game, organizations need to focus on strengthening their own systems. They need to build a security defense that’s not based on criminals making the rules, but making their own rules to better protect their IT infrastructures. Application whitelisting is one such solution that puts organizations in control of their own network security by simply not allowing any unauthorized software to run on their network.

A recent article in SearchSecurity.com, “Hackers to sharpen malware, malicious software in 2010″, points to increasing sophistication in cybercriminals’ use of social networking sites. Robert Westervelt writes:

In an effort to sustain growth and pick up new users, more social networks are opening up their architecture to allow third-party applications. Cybercriminals can take advantage of this by developing applications out of the social network environment to target users. In addition, access to social network APIs gives attackers a roadmap to vulnerabilities in legitimate third-party applications and a way to tap into user accounts.

Changes in this environment means that businesses will be more pressed than ever to set policies around the use of social networks on company IT resources and this won’t be popular. It will be made all the more difficult by the fact that social networks aren’t just for personal use any more. More businesses than ever are engaging in social media and using it to connect to customers, provide service, and promote their company.

Expect web site access control, application whitelisting and software asset management solutions to play an even more important role than ever on corporate networks. It will be essential that businesses both understand and control what applications their employees are using to defend against an increasingly prevalent threat.

“My overall impression: this is an elegant and effective solution to some of the security challenges we face with Windows servers and workstations in control systems.”

Jason hits on many of the reasons why application whitelisting has been so popular in the energy industry and why, more than ever, it is being used to protect critical SCADA and DCS systems as well as met NERC CIP requirements.

He goes on to say:

“If you have NERC CIP responsibility, some light bulbs are probably going off about now. Can I deploy a product like Bouncer and not have to do AV updates and patches? The CEO of Encari (Matthew Luallen) and the Midwest-ISO chairman (Paul Feldman) make a case for meeting “both the spirit and letter of the law” in this whitepaper: Malicious Software Prevention for NERC CIP-007 Compliance. The case is pretty clear for anti-malware. For patching it may at least buy you some time as a compensating control.”

Our customers have been discovering that for their control system and SCADA needs that application whitelisting is a more effective alternative than blacklist anti-virus and patching. Not only is it significantly cheaper and easier to protect your systems in this way, it doesn’t incur the significant performance penalty that comes from today’s anti-virus solutions.

We think that application whitelisting is starting to gain significant momentum as an alternative to blacklist anti-virus. Adoption is accelerating in the area of single purpose machines like those in control systems, but is also generating significant interest as a viable alternative in the enterprise as well. The bottom line is that existing endpoint security is simply so broken that people are actively seeking an alternative to the legacy systems they have in place.

To me the key to this issue is that a fix won’t be included in today’s Microsoft security patch release. There simply wasn’t enough time to identify, code and test the patch before it was released. Microsoft complained that the security researcher didn’t report the vulnerability responsibly. While this may be true, it certainly highlights the weakness of a desktop security plan that relies on patching and antivirus signatures.

Time is the issue. Last week John Pescatore of Gartner Group wrote we need to start over on desktop security and he’s right. The pace of security exploitation is simply too fast to expect operational procedures to fix things. It is time for a serious discussion about a complete shift in the way we protect our critical endpoints.

• We need a system that can protect against threats rather than react to them.
• We need a system that doesn’t significantly degrade the performance of our significant IT investments.
• We need a system that allows our users to deal with advancing technology and doesn’t disrupt the end user experience.

Application whitelisting can meet these needs. It’s time to begin discussing how the transition will take place.