Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
 

Like this? Share it with your network

Share

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

on

  • 824 views

Download this presentation to learn how your organization must implement a defense-in-depth approach that goes beyond standalone anti-virus to effectively prevent malware. In this presentation, you ...

Download this presentation to learn how your organization must implement a defense-in-depth approach that goes beyond standalone anti-virus to effectively prevent malware. In this presentation, you will:

*Learn what intelligent whitelisting is and how it addresses the challenges associated with traditional whitelisting technologies in dynamic environments
*Explore how intelligent whitelisting delivers a proactive defense that fills gaps left open by reactive solutions such as anti-virus
*See a live demonstration of Lumension Intelligent Whitelisting and how it integrates three levels of endpoint malware defense – patch management, antivirus and application whitelisting – into a single solution and workflow with one agent and one console

Statistics

Views

Total Views
824
Views on SlideShare
824
Embed Views
0

Actions

Likes
1
Downloads
38
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware Presentation Transcript

  • 1. Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
    • Made possible by:
    © 2011 Monterey Technology Group Inc.
  • 2. Brought to you by
    Speakers
    Chris Chevalier, Senior Product Manager
    Chris Merritt, Director of Solution Marketing
    http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
  • 3. Preview of Key Points
    Whitelisting is critical for defense-in-depth against endpoint malware
    Challenges with traditional whitelisting
    Making whitelisting intelligent
    Treat each PC as unique
    Trusted agents of change
    Intelligent trust decisions
    © 2011 Monterey Technology Group Inc.
  • 4. Whitelisting is critical for defense-in-depth against endpoint malware
    No substitute for patch and AV but both are:
    Reactive
    Negative security model
    Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers
  • 5. Whitelisting is critical for defense- in-depth against endpoint malware
    For real defense-in-depth
    Additional layer needed
    Fundamentally different approach
    Application whitelisting
    Proactive
    Positive security model
  • 6. Whitelisting also helps addressrisks inherent with local admins
    Neither patch or AV protect against end-users with admin authority
    Adding unwanted software
    Accessing/modifying restricted system settings
    Regedit, ftp, telnet, security settings
    Whitelisting prevents local admins
    From installing new, unauthorized software
    Or accessing restricted system components
  • 7. Challenges with traditional whitelisting
    Each PC is unique
    PCs are not static
    Starting from a pristine environment unrealistic
    Identifying trusted applications
    Endpoint uniqueness and Constant Change
    Existing PCs Needing Immediate Protection
    Identifying ALL trusted applications
    Challenges to Application Whitelisting
  • 8. Making whitelisting intelligent
    Acknowledge the uniqueness of each PC
    Ensure user productivity by making more intelligent trust decisions
    Recognize trusted agents of change
    Progressive implementation
  • 9. Treat each PC as unique
    Implement local whitelist for each PC
    Based on software already present
    New malicious or unwanted software instantly stopped
    Existing unwanted software addressed
    Blacklist
    Later policy development
    Centrally build list of all software present throughout all endpoints
    To be leveraged as prevalence knowledge
  • 10. Trusted agents of change
    Whitelists require continual maintenance since PC software is constantly updated
    Specify trusted agents of change
    e.g. patch agents, system management processes and other software deployment agents
    No coordination or maintenance required by IT staff when software updated
  • 11. More intelligent trust decisions
    Trusted updaters
    Trusted publishers
    Trusted paths
    Denied applications
    Trusted authorizers
    Leverage
    Prevalence information collected by agents
  • 12. Progressive Implementation 
  • 13. Bottom Line
    © 2011 Monterey Technology Group Inc.
    Patch management and AV aren’t enough
    Don’t provide defense-in-depth
    Application Whitelisting provides a 3rd and fundamentally different approach
    All 3 together provide synergistic, true defense-in-depth
    Intelligent whitelisting addresses the traditional problems of application whitelisting by
    Acknowledging uniqueness of each PC
    Making more intelligent trust decisions
    Automatically updating whitelist with changes made by trusted agents
    Allowing progressive implementation with existing fleet of PCs
  • 14. Brought to you by
    Speakers
    Chris Chevalier, Senior Product Manager
    Chris Merritt, Director of Solution Marketing
    http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx