Tag Archives: whitelisting

When Antivirus Fails, All Is Not Lost

It’s at times like these that defense in depth really shines!

To detect targeted threats, companies must first be more aware of what is going on in their networks, Percoco says. By watching for events — and not just suspicious activity — a company can detect the existence of an infection. Known as indicators of compromise, or IOCs, these events can tip a company off that something unwanted is inside the firewall.

[…]

Finally, companies can take the “deny all” approach to applications, just like the recommended practice for firewall rules. Known as whitelisting, the defensive technology allows only known good programs to run on systems. With millions of variants of malware being generated every year, focusing on the 10,000 to 25,000 programs running on a typical system make more sense, Bit9’s Sverdlove says.

I expect whitelisting to become more popular, and hopefully, much easier.  The main problem I’ve seen with whitelisting is that the basic set of apps is easy to enumerate and whitelist, but then as patches get rolled out — nearly every other week for Java and Firefox — the app must be re-whitelisted.   It just doesn’t seem to scale well when you have lots of users roaming around with lots of applications, and lots of updates, and lots of broken, no-longer-whitelisted applications.

via When Antivirus Fails, All Is Not Lost – Dark Reading.

Malware Advancing Faster Than Companies Can Analyze It – Dark Reading

IT is worried: More than half of IT leaders say malware sophistication is outpacing their ability to analyze it.

A new study conducted by Forrest Anderson Research and commissioned by Norman ASA found that 62 percent of IT pros have this concern, while 58 percent say their biggest worry is the growing number of threats.

Problems like this are going to make whitelisting a nearly mandatory strategy.

via Malware Advancing Faster Than Companies Can Analyze It – Dark Reading.