Today’s host-based security tools are facing an unprecedented number of issues. These issues stem mainly from the increase in both complexity and volume of enterprise applications and threats to these applications. For more than a decade, organizations have applied blacklisting -- blocking and alerting applications and behaviors based on signatures and heuristics -- to protect their networks and eventually their end point systems.
While still a powerful and highly useful technology, blacklisting is up against rapidly reproducing malware variants and malicious behaviors. For this reason, many organizations are reinforcing blacklisting with real-time analysis techniques that incorporate behavior, reputation, and threat correlation. However, for malware that uses adaptive signature-morphing methods to outpace the end point’s ability to adapt (the way Storm and Conficker worms do), lighter and more agile prevention techniques are essential. Agility is particularly important for dedicated systems and devices (such as remote point-of-sale terminals) which can neither carry big signature files nor be online to check for signature updates.
Whitelisting -- accepting only applications and behaviors that are on the approved list and denying everything else -- provides a lighter means to protect end points.
Read this report to learn how whitelisting, if implemented correctly -- with gold builds and flexible updating capabilities -- can be particularly useful for securing legacy applications and systems as well as embedded systems and kiosks. It is also a helpful addition for any robust end point security plan, as it can reduce detection errors as well as work with preventative measures to block malicious code from installing.
