BOUNCER: Change-ready Application Whitelisting

Change-ready Application Whitelisting Introducing BOUNCER by CoreTrace™ September 2008

Today’s Endpoint Control Challenges
Current generation endpoint security solutions are no longer effective:
Malware is more targeted and increasing in volume and sophistication
Blacklisting and heuristics-based solutions are failing to catch zero day attacks
The Security — IT Operations balancing act
Frequent patching
Image management
Preventing UNAUTHORIZED change and rapidly allowing AUTHORIZED change
Help Desk burden
Compliance & Governance

Malware Is a Booming Business!
www.av-test.org — 2008

Even Blacklist-based Vendors Agree — A New Approach Is Needed!
“ The relationship between signature-based antivirus companies and the virus writers is almost comical. One releases something and then the other reacts, and they go back and forth. It's a silly little arms race that has no end.”
Greg Shipley • CTO, Neohapsis
“ If the trend continues and bad programs outnumber good ones, then scanning for legitimate applications (whitelisting) makes more sense from both an efficiency and effectiveness perspective.”
Mark Bregman • CTO, Symantec Corp.
“ Authenticate software that is allowed to run and let nothing else run. Anti-virus is a poor IT Security solution because it doesn’t do that. Instead it tries to spot software it thinks is bad. Anti-virus comes from a bygone era and that is where it belongs.”
Robin Bloor • Partner, Hurwitz & Associates
SC Magazine Poll, Ogren Group Webinar, 2008 Do you think signature-oriented security suites make your systems secure?

The Future is Coming… Quickly!
Security Vendors Embrace Application Whitelisting
Antivirus is 'completely wasted money': Cisco CSO
Security experts look to 'whitelisting' future
Coming: A Change in Tactics in Malware Battle
Whitelisting and Trust
The Real Dirt on Whitelisting
Black versus White
Redefining Anti-Virus Software
McAfee CEO: Adware is killing AV blacklisting

Ogren Group: The Three Tenets of Endpoint Security
Control what you know
Easier to control what is known than try to control unknown attacks.
Control at the lowest possible level
Only security software that functions in the kernel can reliably deliver the controls that IT requires.
Control transparently
Security must be transparent to end-users and not create administrative burden to operational staff.

Kernel-Level Application Whitelisting
Protect from within the OS
Enforce a whitelist of approved applications only
Provide memory protection
Provide network filtering
Utilize minimal system resources
User Space Kernel Space / OS System Resources Whitelisted Application Rogue Application

BOUNCER’s Mission: Dramatically Lower Endpoint TCO
Dramatically improve security — with significantly less effort
Reduce or eliminate expenses resulting from malware damage or theft
Reduce patch frequency time and expense
Automatically prevent unauthorized & unplanned change
Automatically maintain images
Reduce help desk expenses from unexpected application conflicts
Easily allow authorized & planned change
Enable users to easily add acceptable & required applications themselves
Seamlessly allow approved application updates
Automatically meet compliance requirements for control and visibility
“ The notion of patching every Windows system in the company after Microsoft issues its monthly Patch Tuesday security bulletins is impractical for reasons related to asset logistics as well as the need to keep IT systems up and running to support Morgan Stanley's internal users, partners, and customers” Matt Hines • Infoworld

Trusted Change: BOUNCER’s Key to Lowering Endpoint TCO
Whitelisting without Trusted Change isn’t practical
Trusted Change allows you to:
Define boundaries of trust in advance
Specify what can modify your systems
Control systems and keep them secure without hampering user productivity
BOUNCER with Trusted Change fits your organization — not the other way around.
BOUNCER with Trusted Change seamlessly keeps policies up-to-date for you and keeps you informed on what changed

How BOUNCER Provides Easy, Immediate, and Ongoing Endpoint Control Auto-Generate Custom Whitelist for Each Endpoint Automatically Enforce Whitelist (Stopping Unauthorized Applications & Malware) Report on Security or Configuration Issues Establish Trust Models in BOUNCER Console Deploy BOUNCER Client to Multiple Endpoints Update Custom Whitelist for New Trusted Applications

Summary
Application Whitelisting is the new foundation of endpoint control
Application whitelisting solutions must be able to easily and immediately handle change
BOUNCER dramatically lowers endpoint TCO
Automatically prevents unauthorized & unplanned change
Easily allows authorized & planned change
Automatically meets compliance requirements for control and visibility
Dramatically improves security — with significantly less effort

Questions or Further Information: [email_address] www.coretrace.com

BOUNCER: Change-ready Application Whitelisting

by CoreTrace Corporation on Sep 08, 2008

Accessibility

Categories

Tags

Upload Details

Usage Rights

3 Embeds 18

Statistics

BOUNCER: Change-ready Application Whitelisting — Presentation Transcript

http://lambertthesheepishlibrarian.wordpress.com	8
http://www.slideshare.net	7
http://blogtest.coretraceblogs.com	3