Upload
lumension
View
621
Download
1
Tags:
Embed Size (px)
Citation preview
Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
Made possible by:
© 2011 Monterey Technology Group Inc.
Brought to you by
Speakers• Chris Chevalier, Senior Product Manager• Chris Merritt, Director of Solution Marketing
http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
Preview of Key Points
Whitelisting is critical for defense-in-depth against endpoint malware
Challenges with traditional whitelistingMaking whitelisting intelligent
Treat each PC as uniqueTrusted agents of changeIntelligent trust decisions
© 2011 Monterey Technology Group Inc.
Whitelisting is critical for defense-in-depth against endpoint malware
No substitute for patch and AV but both are: ReactiveNegative security model Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers
Whitelisting is critical for defense- in-depth against endpoint malware
For real defense-in-depth Additional layer needed
Fundamentally different approach
Application whitelistingProactivePositive security model
Whitelisting also helps addressrisks inherent with local admins
Neither patch or AV protect against end-users with admin authority Adding unwanted softwareAccessing/modifying restricted system settings
• Regedit, ftp, telnet, security settings
Whitelisting prevents local admins From installing new, unauthorized softwareOr accessing restricted system components
Challenges with traditional whitelisting
Each PC is uniquePCs are not staticStarting from a pristine
environment unrealisticIdentifying trusted
applications
Challenges to Application Whitelisting
Identifying ALL trusted applications
Endpoint uniqueness and Constant Change
Existing PCs
Needing Immediate Protection
Making whitelisting intelligent
Acknowledge the uniqueness of each PC Ensure user productivity by making more
intelligent trust decisionsRecognize trusted agents of change Progressive implementation
Treat each PC as unique
Implement local whitelist for each PCBased on software already present
New malicious or unwanted software instantly stopped
Existing unwanted software addressedBlacklistLater policy development
Centrally build list of all software present throughout all endpoints To be leveraged as prevalence knowledge
Trusted agents of change
Whitelists require continual maintenance since PC software is constantly updated
Specify trusted agents of change e.g. patch agents, system management processes and other software deployment agents
No coordination or maintenance required by IT staff when software updated
More intelligent trust decisions
Trusted updaters Trusted publishers Trusted paths Denied applications Trusted authorizersLeverage
Prevalence information collected by agents
Progressive Implementation
Bottom Line
© 2011 Monterey Technology Group Inc.
Patch management and AV aren’t enough Don’t provide defense-in-depth
Application Whitelisting provides a 3rd and fundamentally different approach
All 3 together provide synergistic, true defense-in-depth Intelligent whitelisting addresses the traditional problems of
application whitelisting by Acknowledging uniqueness of each PC Making more intelligent trust decisions Automatically updating whitelist with changes made by trusted
agents Allowing progressive implementation with existing fleet of PCs
Brought to you by
Speakers• Chris Chevalier, Senior Product Manager• Chris Merritt, Director of Solution Marketing
http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx