Change-ready Application Whitelisting Introducing BOUNCER by CoreTrace™ September 2008
Today’s Endpoint Control Challenges <ul><li>Current generation endpoint security solutions are no longer effective: </li><...
Malware Is a Booming Business! <ul><li>www.av-test.org — 2008 </li></ul>
Even Blacklist-based Vendors Agree — A New Approach Is Needed! <ul><li>“ The relationship between signature-based antiviru...
The Future is Coming… Quickly! <ul><li>Security Vendors Embrace Application Whitelisting </li></ul><ul><li>Antivirus is 'c...
Ogren Group: The Three Tenets of Endpoint Security <ul><li>Control what you know </li></ul><ul><ul><li>Easier to control w...
Kernel-Level Application Whitelisting <ul><li>Protect from within the OS </li></ul><ul><li>Enforce a whitelist of approved...
BOUNCER’s Mission: Dramatically Lower Endpoint TCO <ul><li>Dramatically improve security — with significantly less effort ...
Trusted Change: BOUNCER’s Key to Lowering Endpoint TCO <ul><li>Whitelisting without Trusted Change isn’t practical  </li><...
How BOUNCER Provides Easy, Immediate, and Ongoing Endpoint Control Auto-Generate Custom Whitelist for Each Endpoint Automa...
Summary <ul><li>Application Whitelisting is the new foundation of endpoint control </li></ul><ul><li>Application whitelist...
Questions or Further Information: [email_address] www.coretrace.com
Upcoming SlideShare
Loading in...5
×

BOUNCER: Change-ready Application Whitelisting

2,769

Published on

With the demise of blacklist-based antivirus, a new approach has emerged--application whitelisting. It is a simple concept: rather than chase all the bad programs (malware) on the Internet, simply only allow your approved (whitelisted) applications to run.

But, application whitelisting is not practical unless it can easily and safely handle changes--like new applications being installed by every user in an organization--without involving IT every single time.

BOUNCER by CoreTrace is the only solution that combines security and flexibility with its patent-pending "Trusted Change" model.

View our presentation and then learn more at www.coretrace.com.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,769
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
33
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

BOUNCER: Change-ready Application Whitelisting

  1. 1. Change-ready Application Whitelisting Introducing BOUNCER by CoreTrace™ September 2008
  2. 2. Today’s Endpoint Control Challenges <ul><li>Current generation endpoint security solutions are no longer effective: </li></ul><ul><ul><li>Malware is more targeted and increasing in volume and sophistication </li></ul></ul><ul><ul><li>Blacklisting and heuristics-based solutions are failing to catch zero day attacks </li></ul></ul><ul><li>The Security — IT Operations balancing act </li></ul><ul><ul><li>Frequent patching </li></ul></ul><ul><ul><li>Image management </li></ul></ul><ul><ul><li>Preventing UNAUTHORIZED change and rapidly allowing AUTHORIZED change </li></ul></ul><ul><ul><li>Help Desk burden </li></ul></ul><ul><li>Compliance & Governance </li></ul>
  3. 3. Malware Is a Booming Business! <ul><li>www.av-test.org — 2008 </li></ul>
  4. 4. Even Blacklist-based Vendors Agree — A New Approach Is Needed! <ul><li>“ The relationship between signature-based antivirus companies and the virus writers is almost comical. One releases something and then the other reacts, and they go back and forth. It's a silly little arms race that has no end.” </li></ul><ul><ul><li>Greg Shipley • CTO, Neohapsis </li></ul></ul><ul><li>“ If the trend continues and bad programs outnumber good ones, then scanning for legitimate applications (whitelisting) makes more sense from both an efficiency and effectiveness perspective.” </li></ul><ul><ul><li>Mark Bregman • CTO, Symantec Corp. </li></ul></ul><ul><li>“ Authenticate software that is allowed to run and let nothing else run. Anti-virus is a poor IT Security solution because it doesn’t do that. Instead it tries to spot software it thinks is bad. Anti-virus comes from a bygone era and that is where it belongs.” </li></ul><ul><ul><li>Robin Bloor • Partner, Hurwitz & Associates </li></ul></ul>SC Magazine Poll, Ogren Group Webinar, 2008 Do you think signature-oriented security suites make your systems secure?
  5. 5. The Future is Coming… Quickly! <ul><li>Security Vendors Embrace Application Whitelisting </li></ul><ul><li>Antivirus is 'completely wasted money': Cisco CSO </li></ul><ul><li>Security experts look to 'whitelisting' future </li></ul><ul><li>Coming: A Change in Tactics in Malware Battle </li></ul><ul><li>Whitelisting and Trust </li></ul><ul><li>The Real Dirt on Whitelisting </li></ul><ul><li>Black versus White </li></ul><ul><li>Redefining Anti-Virus Software </li></ul><ul><li>McAfee CEO: Adware is killing AV blacklisting </li></ul>
  6. 6. Ogren Group: The Three Tenets of Endpoint Security <ul><li>Control what you know </li></ul><ul><ul><li>Easier to control what is known than try to control unknown attacks. </li></ul></ul><ul><li>Control at the lowest possible level </li></ul><ul><ul><li>Only security software that functions in the kernel can reliably deliver the controls that IT requires. </li></ul></ul><ul><li>Control transparently </li></ul><ul><ul><li>Security must be transparent to end-users and not create administrative burden to operational staff. </li></ul></ul>
  7. 7. Kernel-Level Application Whitelisting <ul><li>Protect from within the OS </li></ul><ul><li>Enforce a whitelist of approved applications only </li></ul><ul><li>Provide memory protection </li></ul><ul><li>Provide network filtering </li></ul><ul><li>Utilize minimal system resources </li></ul>User Space Kernel Space / OS System Resources Whitelisted Application Rogue Application
  8. 8. BOUNCER’s Mission: Dramatically Lower Endpoint TCO <ul><li>Dramatically improve security — with significantly less effort </li></ul><ul><ul><li>Reduce or eliminate expenses resulting from malware damage or theft </li></ul></ul><ul><ul><li>Reduce patch frequency time and expense </li></ul></ul><ul><li>Automatically prevent unauthorized & unplanned change </li></ul><ul><ul><li>Automatically maintain images </li></ul></ul><ul><ul><li>Reduce help desk expenses from unexpected application conflicts </li></ul></ul><ul><li>Easily allow authorized & planned change </li></ul><ul><ul><li>Enable users to easily add acceptable & required applications themselves </li></ul></ul><ul><ul><li>Seamlessly allow approved application updates </li></ul></ul><ul><li>Automatically meet compliance requirements for control and visibility </li></ul>“ The notion of patching every Windows system in the company after Microsoft issues its monthly Patch Tuesday security bulletins is impractical for reasons related to asset logistics as well as the need to keep IT systems up and running to support Morgan Stanley's internal users, partners, and customers” Matt Hines • Infoworld
  9. 9. Trusted Change: BOUNCER’s Key to Lowering Endpoint TCO <ul><li>Whitelisting without Trusted Change isn’t practical </li></ul><ul><li>Trusted Change allows you to: </li></ul><ul><ul><li>Define boundaries of trust in advance </li></ul></ul><ul><ul><li>Specify what can modify your systems </li></ul></ul><ul><ul><li>Control systems and keep them secure without hampering user productivity </li></ul></ul><ul><li>BOUNCER with Trusted Change fits your organization — not the other way around. </li></ul><ul><li>BOUNCER with Trusted Change seamlessly keeps policies up-to-date for you and keeps you informed on what changed </li></ul>
  10. 10. How BOUNCER Provides Easy, Immediate, and Ongoing Endpoint Control Auto-Generate Custom Whitelist for Each Endpoint Automatically Enforce Whitelist (Stopping Unauthorized Applications & Malware) Report on Security or Configuration Issues Establish Trust Models in BOUNCER Console Deploy BOUNCER Client to Multiple Endpoints Update Custom Whitelist for New Trusted Applications
  11. 11. Summary <ul><li>Application Whitelisting is the new foundation of endpoint control </li></ul><ul><li>Application whitelisting solutions must be able to easily and immediately handle change </li></ul><ul><li>BOUNCER dramatically lowers endpoint TCO </li></ul><ul><ul><li>Automatically prevents unauthorized & unplanned change </li></ul></ul><ul><ul><li>Easily allows authorized & planned change </li></ul></ul><ul><ul><li>Automatically meets compliance requirements for control and visibility </li></ul></ul><ul><ul><li>Dramatically improves security — with significantly less effort </li></ul></ul>
  12. 12. Questions or Further Information: [email_address] www.coretrace.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×