Die, unknown executable! Keeping up with malware signatures is becoming unsustainable, so blocking all but known good programs may be our only hope. A review of five whitelisting security packages yields a clear winner in the battle for 21st century security
Layer 8 considerations
Administrators trying to implement a whitelisting program across a large organization should make sure to have senior management's buy-in. Once you start taking away users' "freedom," the complaints will start coming. I've yet to see an administrator turn on enforcement mode, even after weeks of application inventorying, without some mission-critical application that escaped detection being temporarily interrupted. IT shops using application control must be immediately responsive to customer needs and requests.
One of the biggest unexpected side effects of using a whitelisting program in enforcement mode is lower support costs. Companies that are able to lock down desktops have significantly fewer troubleshooting events and rebuilds. Although some users will complain about their inability to install anything they like, the lockdown also means that users won't install nearly as much malware, and that, along with the savings in support costs, usually translates well to senior management.
Most companies will want to define emergency and ad hoc approval processes so that requested software can be whitelisted and allowed to run as quickly as possible. No one wants to tell the CEO that he has to wait a week for his new golf game or stock trading program to get approved. Some environments enable enforcement mode only on problematic users with a history of abuse, while running auditing mode for everyone else. Every company should create baselines from images and programs their users are supposed to be running, and use the whitelisting solution's reporting feature to track deviations and drift.
This review ranks the whitelisting programs based upon overall functionality, including the file types and operating systems they cover, accuracy and effectiveness against policy violations, administration (how hard was it to configure and manage), reporting (including alerting), and overall value. As noted above, all of the reviewed products performed well. There are many good choices here, and the real challenge is in picking a product that has the best feature set for your environment. One product, Bit9’s Parity, rose to the top and should be included in anyone's consideration list.
Read the individual reviews:
Bit9 Parity 5.0 shines brightest among whitelisting competitors with strong protection and useful risk metrics
CoreTrace Bouncer 5 provides first-rate application control with a few unique features
Lumension Application Control is a competitive product with a number of standout features and one significant omission
McAfee's whitelisting protection for Windows, Linux, and Solaris is short on shortcomings
SignaCert is great for monitoring compliance with application and configuration policies, but it lacks built-in blocking
Microsoft's AppLocker is limited compared to third-party options, but you can't argue with the price
This story, "InfoWorld Test Center review: Whitelisting security comes of age," was originally published at InfoWorld.com. Follow the latest developments in information security and endpoint security at InfoWorld.com.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Microsoft buried a Get Windows 10 ad generator inside this month's Internet Explorer security patch for...
Here’s the best of the best for Windows 10. Sometimes good things come in free packages
Customers are up in arms, and the FCC must finally draw the lines with open internet regulations
The open source operating system celebrates its 25th anniversary this month
Version 7.0 offers tuples and pattern matching along with performance and coding improvements
Not enough enterprises are using their cloud migrations to finally bring their data security up to...