Deploying Whitelisting for Your SMB

Paul Mah
Slide Show

Five Places Where Malware Hides

Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.

By now, you've probably heard about whitelisting technology and how it can help secure businesses against new or novel security threats. Well, I had the opportunity earlier today to speak with J.T. Keating, VP of marketing of CoreTrace. I last corresponded with someone from the company two years ago, and Keating was eager to fill me in on the latest version of BOUNCER, its application whitelisting software. Greg Valentine, director of technical services, was also on-hand to walk me through the key aspects of BOUNCER.

 

I picked their brains on what it means to deploy a whitelisting solution for a small- and mid-sized business, and highlighted some considerations for businesses below:

 

The Security Advantage

 


In a nutshell, whitelisting is an endeavor to better secure computer workstations against threats that reactive anti-virus solutions might miss. I tend to view "traditional" anti-virus software as a burglar alarm that scans for known felons. Whitelisting, on the other hand, is about sounding the alarm upon detecting anyone other than known persons. You can read a previous blog post, Whitelisting: A Shift in Approaching Security, for a lengthier explanation on how it works.

 

To illustrate the capabilities of the company's BOUNCER 6 product, Valentine demonstrated (using a couple of virtual machines) how an unprotected Windows installation succumbed to a DLL injection exploit conducted via the popular Metasploit penetration toolkit. The system that had BOUNCER 6 installed managed to stop the attack in its tracks. Interestingly, Keating told me how CoreTrace makes use of 40 different anti-virus engines in order to determine the legitimacy of every single application, helping to further isolate and identify known malware or infections.

 

The Administrative Overhead

 

What has inhibited the growth of whitelisting solutions in the past is the hassle faced by users who increasingly want to use their own set of applications and utilities. As you can imagine, how well a system can be setup to handle new changes without getting in the user's way is very important. I suppose this was where previous generations of whitelisting products got it wrong-faced with the prospect of malware worming into business-critical systems, IT administrators enforced draconian settings that put off users.

 

CoreTrace is convinced that they have nipped the problem in the bud, however, thanks to its granulated permissions system. I will be doing a more detailed evaluation of BOUNCER 6 and its suitability for SMBs in the very near future, so I won't go into too much detail. But whatever the case, the administrative overhead of a company-wide whitelisting deployment should definitely be considered by SMBs.

 

Installing a Centralized Console

 

More so than anti-virus software, a standalone installation of a whitelisting product greatly reduces its effectiveness. Part of the administrative overhead highlighted in the previous point involves setting up a central console to manage whitelisting deployments. The irony here is that I've always advocated the use of a centralized console to manage and track the deployment of anti-virus software across the company.

 

On this front, CoreTrace told me it has no problem supporting businesses that want to try out a limited deployment by hosting the central console for them. However, companies will do well to set up their own central console because CoreTrace does not have a published rate chart for a full-fledged hosted service at this point, though Keating did tell me that CoreTrace is open to working out a solution on a case-by-case basis. Moving forward, the company says it is certainly also looking into how it can better serve SMB customers.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date