bouncer: change-ready application whitelisting
DESCRIPTION
With the demise of blacklist-based antivirus, a new approach has emerged--application whitelisting. It is a simple concept: rather than chase all the bad programs (malware) on the Internet, simply only allow your approved (whitelisted) applications to run. But, application whitelisting is not practical unless it can easily and safely handle changes--like new applications being installed by every user in an organization--without involving IT every single time. BOUNCER by CoreTrace is the only solution that combines security and flexibility with its patent-pending "Trusted Change" model. View our presentation and then learn more at www.coretrace.com.TRANSCRIPT
Change-ready Application Whitelisting
Introducing BOUNCER by CoreTrace™
September 2008
Today’s Endpoint Control Challenges
Current generation endpoint security solutions are no longereffective:
Malware is more targeted and increasing in volume and sophistication
Blacklisting and heuristics-based solutions are failing to catch zero day attacks
The Security — IT Operations balancing act
Frequent patching
Image management
Preventing UNAUTHORIZED change and rapidly allowing AUTHORIZED change
Help Desk burden
Compliance & Governance
Malware Is a Booming Business!
www.av-test.org — 2008
Even Blacklist-based Vendors Agree —A New Approach Is Needed!
“The relationship between signature-based antivirus companies and the virus writers is almost comical. One releases something and then the other reacts, and they go back and forth. It's a silly little arms race that has no end.”
Greg Shipley • CTO, Neohapsis
“If the trend continues and bad programs outnumber good ones, then scanning for legitimate applications (whitelisting) makes more sense from both an efficiency and effectiveness perspective.”
Mark Bregman • CTO, Symantec Corp.
“Authenticate software that is allowed to run and let nothing else run. Anti-virus is a poor IT Security solution because it doesn’t do that. Instead it tries to spot software it thinks is bad. Anti-virus comes from a bygone era and that is where it belongs.”
Robin Bloor • Partner, Hurwitz & Associates
SC Magazine Poll,Ogren Group Webinar, 2008
Do you think signature-oriented security suites make your systems secure?
The Future is Coming… Quickly!
Security Vendors Embrace Application Whitelisting
Antivirus is 'completely wasted money': Cisco CSO
Security experts look to 'whitelisting' future
Coming: A Change in Tactics in Malware Battle
Whitelisting and Trust
The Real Dirt on Whitelisting
Black versus White
Redefining Anti-Virus Software
McAfee CEO: Adware is killing AV blacklisting
Ogren Group:The Three Tenets of Endpoint Security
Control what you know
Easier to control what is known than try to control unknown attacks.
Control at the lowest possible level
Only security software that functions in the kernel can reliably deliver the controls that IT requires.
Control transparently
Security must be transparent to end-users and not create administrative burden to operational staff.
Kernel-Level Application Whitelisting
Protect from within the OS
Enforce a whitelist of approved applications only
Provide memory protection
Provide network filtering
Utilize minimal system resources
User Space
Kernel Space / OS
System Resources
WhitelistedApplication
RogueApplication
BOUNCER’s Mission:Dramatically Lower Endpoint TCO
Dramatically improve security — with significantly less effort
Reduce or eliminate expenses resulting from malware damage or theft
Reduce patch frequency time and expense
Automatically prevent unauthorized & unplanned change
Automatically maintain images
Reduce help desk expenses from unexpected application conflicts
Easily allow authorized & planned change
Enable users to easily add acceptable & required applications themselves
Seamlessly allow approved application updates
Automatically meet compliance requirements for controland visibility
“The notion of patching every Windows system in the company after Microsoft issues its monthly Patch Tuesday security bulletins is impractical for reasons related to asset logistics as well as the need to keep IT systems up and running to support Morgan Stanley's internal users, partners, and customers”
Matt Hines • Infoworld
Trusted Change:BOUNCER’s Key to Lowering Endpoint TCO
Whitelisting without Trusted Change isn’t practical
Trusted Change allows you to:
Define boundaries of trust in advance
Specify what can modify your systems
Control systems and keep them secure without hampering user productivity
BOUNCER with Trusted Change fits your organization —not the other way around.
BOUNCER with Trusted Change seamlessly keeps policiesup-to-date for you and keeps you informed on what changed
Auto-GenerateCustom Whitelistfor Each Endpoint
AutomaticallyEnforce Whitelist
(Stopping UnauthorizedApplications & Malware)
Report on Security or Configuration Issues
EstablishTrust Models in
BOUNCER Console
How BOUNCER Provides Easy, Immediate,and Ongoing Endpoint Control
DeployBOUNCER Client toMultiple Endpoints
Update CustomWhitelist for New
Trusted Applications
Summary
Application Whitelisting is the new foundation of endpoint control
Application whitelisting solutions must be able to easily andimmediately handle change
BOUNCER dramatically lowers endpoint TCO
Automatically prevents unauthorized & unplanned change
Easily allows authorized & planned change
Automatically meets compliance requirements for control and visibility
Dramatically improves security — with significantly less effort
Questions or Further Information:
www.coretrace.com