Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

768 views
666 views

Published on

Download this presentation to learn how your organization must implement a defense-in-depth approach that goes beyond standalone anti-virus to effectively prevent malware. In this presentation, you will:

*Learn what intelligent whitelisting is and how it addresses the challenges associated with traditional whitelisting technologies in dynamic environments
*Explore how intelligent whitelisting delivers a proactive defense that fills gaps left open by reactive solutions such as anti-virus
*See a live demonstration of Lumension Intelligent Whitelisting and how it integrates three levels of endpoint malware defense – patch management, antivirus and application whitelisting – into a single solution and workflow with one agent and one console

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
768
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

  1. 1. Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware <br /><ul><li>Made possible by:</li></ul>© 2011 Monterey Technology Group Inc.<br />
  2. 2. Brought to you by<br />Speakers<br />Chris Chevalier, Senior Product Manager<br />Chris Merritt, Director of Solution Marketing<br />http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx<br />
  3. 3. Preview of Key Points<br />Whitelisting is critical for defense-in-depth against endpoint malware<br />Challenges with traditional whitelisting<br />Making whitelisting intelligent<br />Treat each PC as unique<br />Trusted agents of change<br />Intelligent trust decisions<br />© 2011 Monterey Technology Group Inc.<br />
  4. 4. Whitelisting is critical for defense-in-depth against endpoint malware<br />No substitute for patch and AV but both are: <br />Reactive<br />Negative security model <br />Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers<br />
  5. 5. Whitelisting is critical for defense- in-depth against endpoint malware<br />For real defense-in-depth <br />Additional layer needed<br />Fundamentally different approach<br />Application whitelisting<br />Proactive<br />Positive security model<br />
  6. 6. Whitelisting also helps addressrisks inherent with local admins<br />Neither patch or AV protect against end-users with admin authority <br />Adding unwanted software<br />Accessing/modifying restricted system settings<br />Regedit, ftp, telnet, security settings<br />Whitelisting prevents local admins <br />From installing new, unauthorized software<br />Or accessing restricted system components<br />
  7. 7. Challenges with traditional whitelisting<br />Each PC is unique<br />PCs are not static<br />Starting from a pristine environment unrealistic<br />Identifying trusted applications<br />Endpoint uniqueness and Constant Change<br />Existing PCs Needing Immediate Protection<br />Identifying ALL trusted applications<br />Challenges to Application Whitelisting<br />
  8. 8. Making whitelisting intelligent<br />Acknowledge the uniqueness of each PC <br />Ensure user productivity by making more intelligent trust decisions<br />Recognize trusted agents of change <br />Progressive implementation<br />
  9. 9. Treat each PC as unique<br />Implement local whitelist for each PC<br />Based on software already present<br />New malicious or unwanted software instantly stopped<br />Existing unwanted software addressed<br />Blacklist<br />Later policy development<br />Centrally build list of all software present throughout all endpoints <br />To be leveraged as prevalence knowledge<br />
  10. 10. Trusted agents of change<br />Whitelists require continual maintenance since PC software is constantly updated<br />Specify trusted agents of change <br />e.g. patch agents, system management processes and other software deployment agents<br />No coordination or maintenance required by IT staff when software updated<br />
  11. 11. More intelligent trust decisions<br />Trusted updaters <br />Trusted publishers <br />Trusted paths <br />Denied applications <br />Trusted authorizers<br />Leverage<br />Prevalence information collected by agents <br />
  12. 12. Progressive Implementation <br />
  13. 13. Bottom Line<br />© 2011 Monterey Technology Group Inc.<br />Patch management and AV aren’t enough<br />Don’t provide defense-in-depth<br />Application Whitelisting provides a 3rd and fundamentally different approach<br />All 3 together provide synergistic, true defense-in-depth<br />Intelligent whitelisting addresses the traditional problems of application whitelisting by<br />Acknowledging uniqueness of each PC<br />Making more intelligent trust decisions<br />Automatically updating whitelist with changes made by trusted agents<br />Allowing progressive implementation with existing fleet of PCs<br />
  14. 14. Brought to you by<br />Speakers<br />Chris Chevalier, Senior Product Manager<br />Chris Merritt, Director of Solution Marketing<br />http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx<br />

×