According to the article, “Top five strategies for combating modern computer security threats,” today’s surreptitious, very low profile cyber threats are exploiting any vulnerability they can to get malware onto a user’s laptop or computer. These computer viruses require organizations to proactively defend their networks from a growing volume of malicious software that can mutate within hours or even minutes to evade detection.
One of the recommended techniques for protecting computer systems from unauthorized and malicious software is application whitelisting. Clearly, we are biased, but we completely agree more with those across the industry (including the author of the article) who are recognizing the anti-malware benefits of application whitelisting over reactive blacklisting products.
Furthermore, we also agree with some of the cited shortcomings around basic application whitelisting technologies. For example, solutions must be able to prevent attacks that “subvert known good applications” like memory exploits. Solutions must also be able to handle dynamic environments without frustrating users or killing IT productivity–unless they are simply lockdown mechanisms for “static” environments like POS terminals, control systems and ATMs (though these systems are really less “static” than most would realize).
While these are valid concerns if all you are looking at is a whitelisting product, leading solutions like CoreTrace Bouncer have evolved beyond simple whitelisting and into “Total Application Control” (TAC) solutions. TAC solutions include enforcement mechanisms that prevent memory exploits and other attacks against authorized applications. TAC solutions also have trusted change mechanisms to address dynamic environments, provide intelligence about all installed applications and assess application risk via cloud-based reputation services. TAC includes learning/assessing what is in your environment, planning and establishing policies, and then enforcing those policies on the endpoint.
In short, application whitelisting at its core is an excellent anti-malware enforcement mechanism to protect endpoints from modern malware attacks. But it is only the first rung on the ladder to Total Application Control.
by JT Keating
No comments:
Post a Comment