As IT organizations come to realize that they can’t successfully defend against all threats, many of them are starting to rely on a whitelisting approach to IT security that specifically identifies who gets access to what specific applications in the enterprise.
Once dismissed for being too unwieldy to practically implement, Paul Henry, security and forensic analyst at Lumension Security, says whitelisting has become a whole lot easier to manage in the intervening years. As result, Henry says more IT organizations need to set up zones of trust where they know what specific kinds of activities are allowed to take place.
Henry says the simple fact is that anti-virus software is ineffective. The types of attacks change on a daily basis, making it almost impossible for providers of anti-virus software to develop a signature to prevent a particular attack in a timely manner. And with the advent of the BYOD phenomenon, Henry says the number of attacks being aimed specifically at these devices is increasing exponentially.
Unfortunately, all these BYOD devices mean that the so-called demilitarized zones that IT organizations set up to deal with such issues are starting to collapse as users demand greater access to more corporate applications. Cloud computing and virtualization, adds Henry, only make things worse because no one in IT has any visibility into what data is being accessed by whom on platforms that tend to be even less secure than the systems they replaced.
Worse yet, the people launching these attacks are more sophisticated than ever, ranging from traditional cyber criminals and “hacktivists” to a new breed of organizations engaged in cyber espionage activities, some of which have resulted in attacks where the throughputs involved easily overwhelming the capabilities of existing firewalls. And as Henry notes, because “bytes are cheaper than bullets” these types of attacks are only going to increase in frequency.
Add it all up, says Henry, and the only reasonable thing to do is whitelist what applications people can access using the thinnest client device possible. Otherwise, no matter how many layers of security are put in place, Henry says it’s only a matter of time before your applications will be compromised.