Whitelisting is getting a second look by some enterprises worried that unknown threats might get past antivirus and other blacklisting systems. Whitelisting, the process of spelling out exactly which applications can run on a client machine, traces its roots to the mainframe and is typically considered overkill in today’s networks, as well as a potential management headache. But the rise in zero-day attacks and paranoia about users running whatever they want on their machines (think peer-to-peer apps), or introducing malware via USB sticks, has led some organizations to think retro.<\/p>\n","protected":false},"excerpt":{"rendered":"
“It’s back to the future with some of this,” says Andrew Jaquith, program manager for security research at the Yankee Group. Jaquith says the current approach of identifying and blocking the bad is starting to fail, with malware samples increasing at a rate of around 50 percent annually. “Whitelisting is increasingly becoming part of a well-balanced diet on the client,” he says.<\/p>\n
And it’s quietly and slowly catching on beyond vendors such as SecureWave, Savant Protection, and Bit9 that have made a business out of whitelisting applications. <\/p>\n
Many of the early whitelisting adopters today are small- to medium-sized organizations, where deploying this technology across desktops wouldn’t be as major an undertaking at say, a major Fortune 100 company. SourceMedia has been testing Savant Protection’s endpoint software with whitelisting for several months. “Conceptually, it makes a ton of sense,” says Ivan Latanision, vice president of information technology for SourceMedia, who adds the company hasn’t made its final decision on whether to purchase the tool yet.<\/p>\n
Savant uses unique cryptographic algorithms and signature keys for each application on each desktop, rather than a server-based access control list. Patton Harris Rust & Associates has been running SecureWave’s Sanctuary software for whitelisting since last year — initially for device control and later for application control as well. John Loyd, vice president and director of IT for PHR&A, says the company installed the software for protection against zero-day attacks, ensuring its users aren’t installing illegal software, and to ensure the quality of apps its engineers use. Dennis Szerszen, vice president of marketing and corporate strategy of SecureWave, says antivirus blacklisting and Sanctuary’s whitelisting work best together. “We need to be triggering the AV processes so they can clean up what” they found.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=107320&WT.svl=news2_1<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2157","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2157"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2157\/revisions"}],"predecessor-version":[{"id":4644,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2157\/revisions\/4644"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}