Trust-Based Application Control Defends Against Advanced Security Threats

Antivirus is just not enough when it comes to protecting enterprise IT against security threats. But neither is blacklisting, with its administrative overhead.

“It’s no mystery that antivirus (AV) technologies are fighting a losing battle against an increasingly sophisticated malware threat landscape,” noted Forrester (News - Alert). “Attackers often penetrate user endpoints with new malware that eludes the AV detection. As a result, security professionals must consider a different approach, one that doesn’t rely solely on an increasingly hard-to-manage signature blacklist.”

A third approach that goes beyond antivirus but tackles the administrative headaches of blacklisting is trust-based application control.

Trust-based application control takes a whitelist approach to software, blocking everything by default unless specific permission has been granted. This way only vetted software and protocols are allowed in the network, not malware or applications that workers might install themselves but without considering the security implications.

More than half of enterprises will have instituted some form of trust-based application control by 2015, according to Gartner (News - Alert), both highlighting the ineffectiveness of current security attempts and showing the promise of trust-based application control.

A good trust-based approach not only monitors what applications are attempting to run, it also enables real-time detection of advanced threats by catching when and where unauthorized applications run.

Further, trust-based application control lets IT admins monitor where violations are happening, creating an audit trail that IT can use to investigate suspicious activity.

This should include virtual environments, too.

Many companies ignore virtual environments when it comes to security because these environments are reimaged frequently. But security breaches can happen in minutes, not days; Verizon (News - Alert) estimated last year that 85 percent of advanced security attacks do their damage within minutes. So it is crucial not to ignore virtual machines, another reason why trust-based application control makes sense.

One company that is innovating in the trust-based space is Bit9, which offers an interesting approach that combined manual whitelisting with cloud-based reputation and approval. In addition to manually selecting which applications can run on the network, enterprise admins can also create rules that will automatically trust software downloaded by users based on the software’s reputation in the Bit9 cloud.

Earlier this week Bit9 hosted a webinar on trust-based application basics. You can watch the webinar here.