The volume and sophistication of malware is skyrocketing, and traditional anti-virus approaches are struggling to keep up. Historically, the approach to dealing with the growing quantity and complexity of malware has been to build a better anti-virus “mousetrap,” without any shift in the underlying management model for vetting change in endpoint environments. The result has been bloated anti-malware technology with ineffective protection and abysmal performance. This increases endpoint total cost of ownership due to increased strain on IT resources and reduced enduser productivity, which puts further pressure on already flat or reduced IT budgets.
It’s time to rethink how we protect our endpoints.
The typical security professional tends to look at endpoint control as a choice between black and white: the blacklisting signature-based anti-virus technologies that struggle with today’s threats or the
first-generation whitelisting technologies that tend to impede user productivity. Think again, though.
A new “intelligent” approach to application whitelisting uses both methods and adds an automated way to determine whether the stuff in between – the so-called graylist – should be trusted and allowed onto your network. Intelligent whitelisting provides a unified workflow that brings signature-based and behavioral detection together with the power of whitelisting capabilities, and adds a “trust engine” which controls what changes are allowed. This
streamlines and automates the process of adding trusted applications to the whitelist. Intelligent whitelisting automates important queries against applications such as “Do I know where this came from?” and “Are others using it?” by using data from other endpoint security applications such as patch management to dial in the level of control and security desired. Not only does it dramatically reduce malware infection rates without affecting productivity, it also allows you to reduce the TCO of maintaining endpoints.