Reduce Risk from Unauthorized Applications

Which software can you trust? There’s a lot of good in Web 2.0 technologies that allow rapid development of user-contributed content and applets, but they also bring risk: poorly secured or deliberately malicious software in the form of JavaScript, ActiveX, videos, file-sharing software, spam, open source, and Google Docs. How do you know if this unknown, unverified code is good or bad, and, until you do, is it safer to block all or let it pass?

Increasingly, organizations are expecting IT to devise and enforce effective application security controls for systems ranging from desktops to servers kiosks to legacy Windows NT4 systems. That means consistently and reasonably enabling the known good, forbidding the known bad, and dealing with the new and unknown. Most IT organizations are achieving this goal through a mix of technologies, including blacklisting, behavioral analysis, and whitelisting, that back up existing solutions with targeted protections.

Blacklisting is a traditional security approach to keep the known bad guys out, familiar to those using anti-virus (AV) and intrusion detection. Each suspicious code sample spawns release of a protective file known as a signature, which tells the security product to block, or blacklist, that image if it sees it. While potent, blacklisting is not powerful enough for all of today’s malware. That’s why companies like McAfee have reinforced blacklisting with real-time analysis techniques that incorporate behavior, reputation, and threat correlation to detect and reduce the risk of the unknown. In addition, we have augmented these techniques with application whitelisting, which helps actively protect good code.

Whitelisting limits content download or execution to authorized applications – nothing else can run, so it limits the potential for corruption or compromise. McAfee dynamically manages whitelists to make them feasible for real life. For greater security, we protect approved applications from corruption and allow only the authorized application to make changes, guarding the integrity of a system. But the biggest difference between our whitelisting model and traditional approaches is the use of trusted update sources. Trust helps us overcome much of the operational overhead.

Our whitelisting approach complements other system security tactics by reinforcing blacklisting and behavioral protections. It also takes advantage of McAfee experience with enterprise infrastructure and processes to cut management complexity and cost of ownership. Working alongside other McAfee tools, you gain an important, efficient layer of control to ensure a well-rounded security environment.

Tags: Compliance, Cybercrime, Data Protection, Endpoint Protection, McAfee Application Control, Risk and Compliance