Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware

Made possible by:

© 2011 Monterey Technology Group Inc.

Brought to you by

Speakers• Chris Chevalier, Senior Product Manager• Chris Merritt, Director of Solution Marketing

http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx

Preview of Key Points

Whitelisting is critical for defense-in-depth against endpoint malware

Challenges with traditional whitelistingMaking whitelisting intelligent

Treat each PC as uniqueTrusted agents of changeIntelligent trust decisions

© 2011 Monterey Technology Group Inc.

Whitelisting is critical for defense-in-depth against endpoint malware

No substitute for patch and AV but both are: ReactiveNegative security model Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers

Whitelisting is critical for defense- in-depth against endpoint malware

For real defense-in-depth Additional layer needed

Fundamentally different approach

Application whitelistingProactivePositive security model

Whitelisting also helps addressrisks inherent with local admins

Neither patch or AV protect against end-users with admin authority Adding unwanted softwareAccessing/modifying restricted system settings

• Regedit, ftp, telnet, security settings

Whitelisting prevents local admins From installing new, unauthorized softwareOr accessing restricted system components

Challenges with traditional whitelisting

Each PC is uniquePCs are not staticStarting from a pristine

environment unrealisticIdentifying trusted

applications

Challenges to Application Whitelisting

Identifying ALL trusted applications

Endpoint uniqueness and Constant Change

Existing PCs

Needing Immediate Protection

Making whitelisting intelligent

Acknowledge the uniqueness of each PC Ensure user productivity by making more

intelligent trust decisionsRecognize trusted agents of change Progressive implementation

Treat each PC as unique

Implement local whitelist for each PCBased on software already present

New malicious or unwanted software instantly stopped

Existing unwanted software addressedBlacklistLater policy development

Centrally build list of all software present throughout all endpoints To be leveraged as prevalence knowledge

Trusted agents of change

Whitelists require continual maintenance since PC software is constantly updated

Specify trusted agents of change e.g. patch agents, system management processes and other software deployment agents

No coordination or maintenance required by IT staff when software updated

More intelligent trust decisions

Trusted updaters Trusted publishers Trusted paths Denied applications Trusted authorizersLeverage

Prevalence information collected by agents

Progressive Implementation 

Bottom Line

© 2011 Monterey Technology Group Inc.

Patch management and AV aren’t enough Don’t provide defense-in-depth

Application Whitelisting provides a 3rd and fundamentally different approach

All 3 together provide synergistic, true defense-in-depth Intelligent whitelisting addresses the traditional problems of

application whitelisting by Acknowledging uniqueness of each PC Making more intelligent trust decisions Automatically updating whitelist with changes made by trusted

agents Allowing progressive implementation with existing fleet of PCs

Brought to you by

Speakers• Chris Chevalier, Senior Product Manager• Chris Merritt, Director of Solution Marketing

http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx