Application White Listing Vs. Malware

21
Jun
by Jennifer LeClaire Technology Reporter 0 Comments
Forums: Discussions
Blog Post: 
Application White Listing Vs. Malware

This is the continuation of a look at 2011 malware trends by Jennifer LeClaire. Also read Rising Malware Threats Rock Security World.

Google and China are facing down over Gmail hacks. The Pentagon is crafting plans for an official policy on cyber war. PBS has been defaced with the “Tupac is alive” incident. Sony has been hacked and hacked again. And even Mac malware is making headlines.

What in the world is going on?

“It’s basically a tornado of cyber security news from all directions—nation-states, hacktivists and crime syndicates,” says Tom Murphy, Chief Strategy Officer for Bit9, a whitelisting and endpoint security company in Waltham, Mass. “We are in the midst of a sea change in terms of the general population’s perception and understanding of the today’s cyber threat climate. Most, if not all, of these attacks could have been prevented with application whitelisting.”

Changing Face of Malware Threats
Malware threats have evolved over the past five years, and security experts say these threats will continue to exploit weaknesses in new Web platforms for distribution—and enhance their social networking capabilities for propagation.

“Given the fact that malware will always be able to stay two steps ahead of desktop protection platforms,” Gunter Ollmann, vice president of Research at Atlanta-based cyber security firm Damballa. “Organizations have to shift to the new paradigm of managing their response to breaches by assuming that these events are the norm rather than the exception—and focusing new efforts on promptly detecting breaches and efficiently orchestrating the mitigation process.”

As Murphy sees it, malware defense strategies need to shift to default-deny that is proactive. “Today’s cyber criminals can test their latest malware against commercially available defenses that are based on signatures, behaviors, and even sandboxing to ensure it evades protection,” he says. “A trusted-only model will proactively stop tomorrow’s malware today with no prior knowledge of the threat.”

Today, any malware strategy should be flexible enough to adapt to the changing threat landscape, so it can block new types of malware, according to Rami Habal, director of product marketing at Proofpoint, a Sunnyvale, Calif.-based cloud-based e-mail security and compliance solutions firm.

“Malware writers will always be playing cat and mouse with law enforcement,” Habal says. “You can be sure that the next-generation of botnets built will include controls so that command and control servers can't be seized.”

Can AWL Combat the Threat?
Enterprises can combat malware, in part, with application whitelisting. Also known as application control, whitelisting is one of the original security models. Rather than keeping up with a list of known malware and targeted attacks, application whitelisting can block the unknown and give employees the freedom to check e-mail or surf the Internet without fear of spreading viruses across the organization.

It is widely accepted that application whitelisting is more effective than any other endpoint protection. The real point of contention is whether application whitelisting can be adaptive enough to meet the demands of a dynamic environment that has an open culture. Says Murphy, “The combination of a cloud-based reputation service and IT-driven policies delivers the most adaptive approach to ensure new and custom software automatically gets approved for end users without delay or intervention.”

Application whitelisting attempts to monitor all endpoints in real time to ensure that only authorized programs can run, and that those programs have not been modified by malware. Application whitelisting applied as the foundation of an endpoint security program gives teams complete visibility and control of executing applications. The downside is this approach is both laborious and wrought with implementation mishaps, says Carl Herberger, vice president of Security Solutions at Radware, a Mahwah, NJ-based integrated application delivery solutions provider.

“Security organizations find that application whitelisting software provides the answer to the shortcomings of traditional anti-virus endpoint security,” says Herberger. “Since malware often secretly modifies a program to run attack code, the ability to block execution of applications that fall out of compliance is an essential capability in protecting endpoints against threats that evade detection by traditional anti-virus products.”

Also read part one: Rising Malware Threats Rock Security World.

  • share

2010 All Rights Reserved
Brought to you by Lumension
Privacy Policy