1 / 12

An Inside Look at Modern Antivirus. Application Whitelisting: Taking Control of Your Endpoints

An Inside Look at Modern Antivirus. Application Whitelisting: Taking Control of Your Endpoints . Greg Valentine Director of Technical sales & service Coretrace corporation. CoreTrace Snapshot. Founded by the inventor of NetRanger (Cisco IDS). Core Technology: Application Whitelisting.

bevan
Télécharger la présentation

An Inside Look at Modern Antivirus. Application Whitelisting: Taking Control of Your Endpoints

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Inside Look at Modern Antivirus. Application Whitelisting: Taking Control of Your Endpoints Greg Valentine Director of Technical sales & service Coretrace corporation

  2. CoreTrace Snapshot Founded by the inventor of NetRanger (Cisco IDS) Core Technology:ApplicationWhitelisting Product Name:Bouncer™ Management team with120+ years of security and enterprise experience

  3. Issues with Reactive Endpoint Security Solutions • Inability for existing solutions to address the onslaught of sophisticated, zero-day and targeted attacks, e.g., • Advanced Persistent Threats (e.g., Operation Aurora) • Targeted & Blended Threats (e.g., Stuxnet) • Memory Exploits • Scans have tremendous impact on endpoint performance • Weekly signature updates  daily updates  intra day updates • Differential updates still consume bandwidth/resources • Update requirements proof of solutions’ inability to addresszero day threats • Periodic bad signature updates further underscores limitations “We are losing a battle based on technology that quite simply has not addressed the issues in over 15 years.”

  4. With Targeted Attacks, Every Endpoint Needs Protecting Operating Systems Enterprise Systems Fixed Function Systems

  5. Enterprise-ready Modern Antivirus: 3 Key Benefits Delivered by 3 Key Capabilities Key Benefits Application Whitelisting Enforces a whitelist of approved applications at the kernel-level. “Trusted Change” Transparently add newapplications or upgradesto whitelists. “Application Intelligence” Provides intelligenceabout authorized andunauthorized applications Advanced threat protection Configuration control Application intelligence Key Capabilities

  6. Kernel-Level Application Whitelisting Rogue Application Whitelisted Application User Space Kernel Space / OS System Resources

  7. “Trusted Change” Is Critical To Reducing Operational Friction & Overhead Application Whitelisting Enforces a whitelist of approved applications at the kernel-level. “Trusted Change” Transparently add newapplications or upgradesto whitelists. “Application Intelligence” Provides intelligenceabout authorized andunauthorized applications Trusted updaters Trusted Network shares Trusted applications Trusted Digital signatures Trusted users

  8. 8 Application IntelligenceHelps IT Make Informed Decisions… Reputation Service Application Prevalence Environmental Intelligence Known Good Application Usage Known Bad Certificates

  9. Requirements for Enterprise-ready Modern Antivirus Automatic whitelist generation for each computer Prevention of unauthorized application execution Support for multiple operating systems Advanced protection against sophisticated attackse.g., memory exploits Remediation/Removal of unauthorized applications Self-defendinge.g., local admins cannot bypass • Automatic updating for new/upgraded authorized applicationse.g., Trusted Change • Intelligence about installed/denied applications Risk Profilinge.g., Cloud-based black and white lists

  10. Example Problems Being Addressed By Modern Antivirus • Advanced protection against threats (e.g., zero day and targeted attacks, memory exploits) • Going beyond simply checking the compliance box to actually improving security (e.g., PCI DSS, NERC CIPs) • Transitioning to new operating systems or platforms (e.g., Windows 7, Mac OS X) • Extending the life of out-of-support systems (e.g., Windows 2000) • Needing a replacement for end-of-lifed Cisco Security Agent (CSA) • Securing fixed-function systems (e.g. ATMs, POS terminals, SCADA systems)

  11. The Benefits of Modern Antivirus… • Modern Antivirus Benefits: • Advanced Threat Protection • Configuration Control • Application Intelligence • Which Enables Enterprises To… • Stop & remove even sophisticated, targeted, zero-day threats • Enforce approved configurations • Meet critical compliance mandates • Understand the prevalence, location and usage of applications • Reduce unnecessary Help Desk requests & reimaging efforts • Lower the total cost of ownership (TCO) of each protected system Security Intelligence Control Security Control Visibility

  12. Thank You For More Information Contact: Greg Valentine Director of Technical Sales & Support 512.592.4128 gvalentine@coretrace.com

More Related