Five Places Where Malware Hides
Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.
By now, you've probably heard about whitelisting technology and how it can help secure businesses against new or novel security threats. Well, I had the opportunity earlier today to speak with J.T. Keating, VP of marketing of CoreTrace. I last corresponded with someone from the company two years ago, and Keating was eager to fill me in on the latest version of BOUNCER, its application whitelisting software. Greg Valentine, director of technical services, was also on-hand to walk me through the key aspects of BOUNCER.
I picked their brains on what it means to deploy a whitelisting solution for a small- and mid-sized business, and highlighted some considerations for businesses below:
The Security Advantage
To illustrate the capabilities of the company's BOUNCER 6 product, Valentine demonstrated (using a couple of virtual machines) how an unprotected Windows installation succumbed to a DLL injection exploit conducted via the popular Metasploit penetration toolkit. The system that had BOUNCER 6 installed managed to stop the attack in its tracks. Interestingly, Keating told me how CoreTrace makes use of 40 different anti-virus engines in order to determine the legitimacy of every single application, helping to further isolate and identify known malware or infections.
The Administrative Overhead
What has inhibited the growth of whitelisting solutions in the past is the hassle faced by users who increasingly want to use their own set of applications and utilities. As you can imagine, how well a system can be setup to handle new changes without getting in the user's way is very important. I suppose this was where previous generations of whitelisting products got it wrong-faced with the prospect of malware worming into business-critical systems, IT administrators enforced draconian settings that put off users.
CoreTrace is convinced that they have nipped the problem in the bud, however, thanks to its granulated permissions system. I will be doing a more detailed evaluation of BOUNCER 6 and its suitability for SMBs in the very near future, so I won't go into too much detail. But whatever the case, the administrative overhead of a company-wide whitelisting deployment should definitely be considered by SMBs.
Installing a Centralized Console
More so than anti-virus software, a standalone installation of a whitelisting product greatly reduces its effectiveness. Part of the administrative overhead highlighted in the previous point involves setting up a central console to manage whitelisting deployments. The irony here is that I've always advocated the use of a centralized console to manage and track the deployment of anti-virus software across the company.
On this front, CoreTrace told me it has no problem supporting businesses that want to try out a limited deployment by hosting the central console for them. However, companies will do well to set up their own central console because CoreTrace does not have a published rate chart for a full-fledged hosted service at this point, though Keating did tell me that CoreTrace is open to working out a solution on a case-by-case basis. Moving forward, the company says it is certainly also looking into how it can better serve SMB customers.