whitepaper: Whitelisting Without The Complexity

Similar documents
9 Steps to Protect Against Ransomware

Intelligent, Collaborative Endpoint Security

Network Security Protection Alternatives for the Cloud

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

McAfee Embedded Control

The Artificial Intelligence Revolution in Cybersecurity

A Guide to Closing All Potential VDI Security Gaps

Data Center Consolidation and Migration Made Simpler with Visibility

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

MIS Week 6. Operating System Security. Windows Antivirus

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Getting over Ransomware - Plan your Strategy for more Advanced Threats

PATCH MANAGER AUTOMATED PATCHING OF MICROSOFT SERVERS AND 3RD-PARTY APPS

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

Ritz Camera Leverages Whitelisting for Picture Perfect Security

Symantec Endpoint Protection

STREAMLINING THE DELIVERY, PROTECTION AND MANAGEMENT OF VIRTUAL DESKTOPS. VMware Workstation and Fusion. A White Paper for IT Professionals

NetDefend Firewall UTM Services

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Get BitDefender Security for File Servers 2 Years 5 PCs computer new software download ]

MIS Week 6. Operating System Security. Windows Antivirus

Cyber Essentials Questionnaire Guidance

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

locuz.com SOC Services

Un SOC avanzato per una efficace risposta al cybercrime

Reducing the Cost of Incident Response

AT&T Endpoint Security

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Product Guide. McAfee Web Gateway Cloud Service

VNC Connect security whitepaper. Cloud versus direct with VNC Connect

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Comprehensive Database Security

Cloud versus direct with VNC Connect

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Getting Started Guide. This document provides step-by-step instructions for installing Max Secure Anti-Virus and its prerequisite software.

Free Download BitDefender Client Security 1 Year 50 PCs softwares download ]

Improving Your Network Defense. Joel M Snyder Senior Partner Opus One

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Top 5 Reasons. The Business Case for Bomgar Remote Support

Mobile County Public School System Builds a More Secure Future with AMP for Endpoints

The 2017 State of Endpoint Security Risk

SYMANTEC DATA CENTER SECURITY

CA Security Management

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

THE ACCENTURE CYBER DEFENSE SOLUTION

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

An AlgoSec Whitepaper MANAGE SECURITY AT THE SPEED OF BUSINESS

Cracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ]

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Least privilege in the data center

Symantec Endpoint Protection

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

McAfee Embedded Control for Retail

Comodo IT and Security Manager Software Version 6.6

More about Windows OS Security

Mapping traditional AV detection failures. October 2017

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Real-time, Unified Endpoint Protection

PCI DSS Compliance. White Paper Parallels Remote Application Server

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

ANATOMY OF AN ATTACK!

Endpoint Protection : Last line of defense?

Comodo IT and Security Manager Software Version 5.4

McAfee Public Cloud Server Security Suite

Maximum Security with Minimum Impact : Going Beyond Next Gen

The Hidden Costs of Free Database Auditing Comparing the total cost of ownership of native database auditing vs. Imperva SecureSphere

LEAST PRIVILEGE ADOPTION VIA

Herd Intelligence: true protection from targeted attacks. Ryan Sherstobitoff, Chief Corporate Evangelist

Kaspersky Security Network

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Seqrite Endpoint Security

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Three Security Options That Can Jeopardize Your Virtual ROI

ConnectWise Automate. What is ConnectWise Automate?

crush malware that hasn't even been seen before. Alright, so not really like traditional antivirus. Cleans an already infected Mac, 14- day Premium

Comodo IT and Security Manager Software Version 6.4

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS

Get BitDefender Client Security 2 Years 30 PCs software suite ]

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

Layer by Layer: Protecting from Attack in Office 365

HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018

A manual for understanding and using the Impex Control Center. SYSCTL AB - version 1.5

AWS Reference Design Document

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

2012 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, Lync, Outlook, SharePoint, Silverlight, SQL Server, Windows,

Survey Results: Virtual Insecurity

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

McAfee Embedded Control

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

Symantec Endpoint Protection 14

Streamline IT with Secure Remote Connection and Password Management

SIMATIC. Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration. Using virus scanners 1. Configuration 2. Commissioning Manual

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

The Business Case for Network Segmentation

Beyond Testing: What Really Matters. Andreas Marx CEO, AV-TEST GmbH

Transcription:

: Whitelisting Without The Complexity

The Endpoint Security Advantages of Whitelisting: A Whitepaper for System Administrators In the 10-year time frame from 2002 to 2012, the volume of known-good executable code has roughly doubled from 17 Million to 40 Million. During that same period, the amount of known-bad malware has skyrocketed 40 times from 2 million to over 80 million. In 2002, keeping out the bad guys with antivirus was a correct and rational decision. Now, in 2012 that is no longer the case. The more rational decision is to continue using traditional (blacklist) antivirus but combined with gray- and whitelisting and only allow known-good to run. It s a simple, powerful idea that stops malware dead in its tracks. It allows you to run your network with an iron fist in a velvet glove. Essentially, it s time to put your endpoint security on its head. This tells you why. 90m 80m 70m 60m 50m 40m 30m 20m 10m 0m 2002 17,000,000 2,000,000 GOOD BAD Solution: Antivirus 90m 80m 70m 60m 50m 40m 30m 20m 10m 0m 2012 82,000,000 40,000,000 GOOD BAD Solution: Antivirus + Whitelisting 1

Introduction Malware has skyrocketed in volume in the last decade, and at the same time has gone pro. Malware has become highly sophisticated; the Zeus trojan is a good example. Traditional antivirus has trouble keeping up, as cybercrime generates 100,000 new malware executables per day. Antivirus companies have struggled trying to improve their product and added lots of new features, without being able to change their blacklisting model to what by now really is required: whitelisting. The result is antivirus bloatware, with a significant performance impact on workstations, and ineffective protection against malware. C-level executives frown as they see the yearly Total Cost of Ownership per workstation rising, while at the same time security effectiveness going down. IT is being asked to do more with less budget and a lower headcount. It s time to put endpoint security on its head. We are not advocating throwing your existing antivirus out the window. Antivirus has its place, and should be kept, but it only provides half the functionality it needs to. Whitelisting, also sometimes known as Application Control, can stop malware dead in its tracks and actively lowers the cost of maintaining systems across your network. The smart approach is to add whitelisting as an additional layer to your defense-in-depth strategy. Next, use intelligent graylisting to decide about the code that falls in between the white- and black lists. The most successful strategy for the next decade is a combination of white-, gray- and blacklists which requires an absolute minimum of admin time. This combination will dramatically reduce malware infection rates and improve network security without end-user productivity problems. Block Zero-Day Attacks Small, but very high risks are zero-day exploits. No known security tool except whitelisting has a guaranteed defense against zero-day attacks. Being able to block any unknown process to run protects your network against all malware, zero-day and targeted attacks. Whitelisting Complexities There are several drawbacks to first-generation whitelisting however, from a system administrator perspective. Let s have a look at these: - Updates, how are they managed? - How about users with lots of apps? - How much additional IT workload to manage the lists, and add apps? - How fast can IT respond regarding an end-user approval request? - Is whitelisting agile enough for our environment? First-generation whitelist solutions have been forced to deal with this complexity by adding a substantial management layer, causing additional IT workload. A new approach was needed to make whitelisting a workable solution for IT at all sites, not just the Fortune 500. That solution was not available at the time first-gen solutions were designed. A next-generation, cloud-based whitelisting solution was needed and that architecture does solve the whitelisting complexity. Cloud-based Lists There is twice as much malware as there is known-good, and that ratio is getting worse by the day. Tracking every Trojan, virus and worm has become literally impossible. The problem is that when antivirus vendors can t keep up, malware makes its way through, infecting workstations and opening up your network to the bad guys. 2

Keeping cloud-based lists of known-good with all their related meta-data, combined with an efficient communications mechanism to keep your local lists up-to-date, is the only way to keep whitelisting simple to manage. It needs to be a set-it-and-forget-it solution that noticeably cuts IT workload, and shows a dramatic decrease in malware infections. How Whitelisting Works No Performance Penalty Antivirus software has lots of moving parts to keep all kinds of malware out, and can cause considerable overhead on systems, especially when scans are performed. However, the CPU cycles needed to decide if a process is Good/Bad is less than 5% of what an antivirus application takes, as whitelisting only needs to check a process against a list of checksums. This means you can run whitelisting on all systems without any performance degradation, and add it to any system that has AV running without penalty. The local database on your workstation or server is empty when installed. The cloud-based lists are as close as possible a real-time picture of all valid processes, as well as the processes that are defined as part of the Gray and Black lists. Your local database (on your local server and local workstations will be build up gradually as the whitelisting software is being used, and contains little more than the hash-values, so there is hardly any local disk space used. New processes are being checked in the cloud when encountered for the first time. This type of traffic is hardly measurable. In short: super low CPU, very little disk space utilization and miniscule network overhead. Server Whitelist Cloud Whitelist Architecture Management There are three components. The master list with all its metadata lives in the cloud. A local server contains a subset of that master list, related to all the files within your organization. Each workstation contains a small subset of the list on the server. Workstations only communicate to your local the server, they do not directly talk to the cloud. Your admin console lives on your local server, and talks to the cloud. Update Management The intelligence in the Cloud service automatically approves files updated by Microsoft and other large software developers giving you as an administrator the option to auto-approve these updates via the management console. Workstations Whitelist Whitelisting is also a great way to stop applications that other methods like tightened security permissions or least-user privileges are unable to block. The best example is the Chrome browser which can be installed by any nonprivileged end-user without admin rights or permissions. Whitelisting Helps With Compliance You can keep an eagle eye on costly software licenses and prevent users from running programs (such as FPT or P2P) that are security risks. Additionally, whitelisting can help you show stringent controls to auditors, which makes compliance with industry regulations much easier. 3 But, let s be real. Whitelisting is not just a bed of roses. It can have its own challenges. If not done right, a large-scale deployment has the potential to become political. Ultimately, there must be policy and agreement on an approved list of applications. Combine that with a process to add new apps when required, whitelisting can take some time to deploy. And sometimes whitelisting runs into resistance from end-users that feel they should be able to run anything they want. Compliance and security are very strong and convincing arguments though. Let them work for you for a change, and make sure that you get Senior Management buy-in from day one.

Running in Audit Mode Whitelisting programs are able to run in audit-mode so you can create baseline lists to start with. You can set up a (virtual) machine with a standard image; then run the audit process, and the program builds the whitelist. Run this for a few weeks, review and make changes before rolling out deny-mode. Some organizations create a single master PC that has all the apps installed that could run in the organization. Sometimes it is needed to have a few baseline images, each for a different department or business unit. You can do that using virtual machines. Causing end-user productivity issues is the last thing IT wants. Run the whitelisting app in a test-bed to start off with. Have some end-users do their normal job on these test machines to see if there is any adverse impact. Only when that s successful, deploy in audit mode and see what is going on in your production environment. Servers usually are much more stable and have less variables compared to end-user workstations, so they are a lot simpler to set up and manage. Have a backup plan in place, and plan a rollback (with written procedures) just in case. That can save your bacon in a worst-case scenario. Test your rollback plan in the test-bed to make sure it works as planned. Admin Console The admin console has easy access to the cloud-based lists so you can approve a comprehensive set of known apps up front. It is extremely easy for an administrator to add some obscure program to the whitelist that's crucial to an end-user. It really takes less than a minute. Having a fast process prevents end-users from complaining that IT is not responsive to their needs. The admin console includes a way for an end-user to submit an.exe for analysis to be included/excluded from the whitelist. The gray list allows for granular customizations, and is the future of IT s first-line malware defense. Customization for your own environment is the interesting part. Steps For Success As we stated above, security needs to be turned on its head and a shift from blacklisting to whitelisting needs to occur. Since the early eighties, IT departments have suffered from end-users running rampant with PCs under their own control. In the current security environment this is no longer a responsible approach. Whitelisting allows IT to get control back and rule with an iron fist in a velvet glove. Handling potential end-user resistance up front is an important tactic to make the roll-out a success. You need top-management buy-in from day one, as VPs complaining to the CEO that IT does not let them do their work is something that needs to be prevented from happening. The benefits of whitelisting are enormous, since traditional security defenses are becoming less effective by the year. A smart deployment of whitelisting is a great asset to any IT administrator who just wants the phone to stop ringing for a change. Defense-in-Depth Any professional IT team has a defense-in-depth approach that allows for maximum flexibility. You need AV scanning of web-traffic in your firewall, combined with AV scanning on your Email gateway/server and AV on the desktop level. You can decide if that needs to be on-demand or on-access AV scanning at the desktop. And you need to add a layer that wasn t needed a few years ago. The ROI is simple: whitelisting pays for itself. With that deployed, your security will improve significantly, support tickets decrease, your total endpoint TCO actually goes down, you have (a lot) more control, and the end-user productivity goes up. Now, who wouldn t want all that in one neat package? 4

KnowBe4, LLC 601 Cleveland Street Suite 930 Clearwater, FL 33755 Tel: 855-KNOWBE4 (566-9234) www.knowbe4.com Email: sales@knowbe4.com 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback