Download - Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
![Page 1: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/1.jpg)
Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware
Made possible by:
© 2011 Monterey Technology Group Inc.
![Page 2: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/2.jpg)
Brought to you by
Speakers• Chris Chevalier, Senior Product Manager• Chris Merritt, Director of Solution Marketing
http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx
![Page 3: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/3.jpg)
Preview of Key Points
Whitelisting is critical for defense-in-depth against endpoint malware
Challenges with traditional whitelistingMaking whitelisting intelligent
Treat each PC as uniqueTrusted agents of changeIntelligent trust decisions
© 2011 Monterey Technology Group Inc.
![Page 4: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/4.jpg)
Whitelisting is critical for defense-in-depth against endpoint malware
No substitute for patch and AV but both are: ReactiveNegative security model Straining to deal with pace and sophistication of today’s financially- / politically-motivated attackers
![Page 5: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/5.jpg)
Whitelisting is critical for defense- in-depth against endpoint malware
For real defense-in-depth Additional layer needed
Fundamentally different approach
Application whitelistingProactivePositive security model
![Page 6: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/6.jpg)
Whitelisting also helps addressrisks inherent with local admins
Neither patch or AV protect against end-users with admin authority Adding unwanted softwareAccessing/modifying restricted system settings
• Regedit, ftp, telnet, security settings
Whitelisting prevents local admins From installing new, unauthorized softwareOr accessing restricted system components
![Page 7: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/7.jpg)
Challenges with traditional whitelisting
Each PC is uniquePCs are not staticStarting from a pristine
environment unrealisticIdentifying trusted
applications
Challenges to Application Whitelisting
Identifying ALL trusted applications
Endpoint uniqueness and Constant Change
Existing PCs
Needing Immediate Protection
![Page 8: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/8.jpg)
Making whitelisting intelligent
Acknowledge the uniqueness of each PC Ensure user productivity by making more
intelligent trust decisionsRecognize trusted agents of change Progressive implementation
![Page 9: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/9.jpg)
Treat each PC as unique
Implement local whitelist for each PCBased on software already present
New malicious or unwanted software instantly stopped
Existing unwanted software addressedBlacklistLater policy development
Centrally build list of all software present throughout all endpoints To be leveraged as prevalence knowledge
![Page 10: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/10.jpg)
Trusted agents of change
Whitelists require continual maintenance since PC software is constantly updated
Specify trusted agents of change e.g. patch agents, system management processes and other software deployment agents
No coordination or maintenance required by IT staff when software updated
![Page 11: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/11.jpg)
More intelligent trust decisions
Trusted updaters Trusted publishers Trusted paths Denied applications Trusted authorizersLeverage
Prevalence information collected by agents
![Page 12: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/12.jpg)
Progressive Implementation
![Page 13: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/13.jpg)
Bottom Line
© 2011 Monterey Technology Group Inc.
Patch management and AV aren’t enough Don’t provide defense-in-depth
Application Whitelisting provides a 3rd and fundamentally different approach
All 3 together provide synergistic, true defense-in-depth Intelligent whitelisting addresses the traditional problems of
application whitelisting by Acknowledging uniqueness of each PC Making more intelligent trust decisions Automatically updating whitelist with changes made by trusted
agents Allowing progressive implementation with existing fleet of PCs
![Page 14: Using Intelligent Whitelisting to Effectively and Efficiently Combat Today’s Endpoint Malware](https://reader035.vdocument.in/reader035/viewer/2022062712/55d50ee1bb61ebf6148b469d/html5/thumbnails/14.jpg)
Brought to you by
Speakers• Chris Chevalier, Senior Product Manager• Chris Merritt, Director of Solution Marketing
http://www.lumension.com/Solutions/Intelligent-Whitelisting.aspx