Today 70% of security threats are targeted at the application layer of an organization, yet only 10% of security budgets are spent on protecting this layer, according to Lumension.
Whitelisting, which allows applications that are considered safe to run while blocking others, is an effective app layer security approach, but it is often difficult to implement.
“One of the biggest challenges from an adoption perspective has been implementation. If I have a ‘dirty environment’, how do I create a centralized whitelist that magically knows everything that is supposed to be in my environment?”, said Paul Zimski with Lumension.
App security vendors have been “working pretty hard at adding intelligence and flexibility into how things are added” to whitelists, as well as whitelisting rules for how things are managed, Zimski told Infosecurity. “We are starting to see much more interest in whitelisting”, he said, adding, “it is really the implementation and management barriers that we are overcoming."
Lumension has recently launched a product integrating its endpoint security suite with a cloud-based integrity service.
With this release, organizations can now discover and verify the authenticity of all applications found within their endpoint environment and utilize a Lumension application trust rating to make informed decisions on their application policies.
By directly validating executables from original software vendors, referencing the National Software Reference Library (NSRL) – a US government-provided collection of digital signatures of known, traceable software applications – and querying the Lumension user community database, the service triangulates on discovered applications to accurately determine identity, risk and distribution.
“We triangulate from three different sources. Lumension takes all of the past information from software and deployment information that we have and verify that back to a known source. We also take information from the National Software Reference Library, an open database that serves to identify software. Thirdly, we take data from community sources, so data from our install sites from our customers or customers that have submitted samples to the community. From there, we get prevalence data: how often our customers are seeing something out there”, Zimski explained.
Lumension takes these sources and gives applications an integrity score. The integration gives users increased visibility and control over the environment, making managing an application control product “much easier”, he noted.