More IT and security professionals than ever are turning toward application whitelisting to meet today’s security threats and establish control over their endpoint environment. Today’s security technology must be capable of stopping targeted attacks exploiting zero-day vulnerabilities that legacy antivirus simply can’t stop. Application whitelisting solution provides the most advanced protection available today.
We know from experience that using application whitelisting to prevent unauthorized applications from running simply isn’t enough. If a solution isn’t designed with the end user in mind, it can generate more pain than it solves in the form of IT administrative headaches and poor end-user experiences. That is why we are focused on delivering a product that is specifically designed for the real people who will use it and benefit from it. It is our mission to ensure that advanced security and control doesn’t come at the cost of employee time and productivity.
Most secure application whitelisting solution are designed for the real people that use it. We know that simply locking down endpoints from executing unauthorized applications isn’t enough. Application whitelisting solutions must be designed for intuitive administration and be as transparent as possible to the end users it protects whilst providing security, visibility, and control with the user at the center of all design considerations.
Application Execution Control
A fundamental shift is occurring around the approach to protecting your endpoints. Traditional endpoint protection software such as antivirus, which relies upon a large blacklist of known threats, simply doesn’t work in today’s world. At its best, antivirus is an after the fact identifier of malware. At their worst, antivirus solutions are performance hogs requiring a never-ending stream of updates that drain administrator’s time and IT budgets. Your organizations need solutions that can stop threats without requiring that they have seen them before.
Application whitelisting and control is a new approach to preventing even the most sophisticated endpoint threats. At its most basic level, the whitelisting approach turns traditional endpoint security on its head. It begins by identifying the known good applications and preventing the execution of anything not on that list. This provides complete protection against all of today’s and tomorrow’s threats. Simply put, if an application isn’t on the approved list, it won’t run. Application whitelisting gives IT and security administrators unprecedented control over their endpoint environment.
Memory based attacks have a long history of creating havoc in business organizations. Attacks like the CodeRed worm and SQL Slammer are just two examples of attacks that took advantage of existing applications to launch their attacks. Unfortunately, application whitelisting hasn’t traditionally performed well against these types of attacks. While whitelisting can prevent the execution of new code, many solutions are powerless to prevent malware from taking advantage of security holes in applications running in memory.
Application whitelisting not only protect your endpoints from any unauthorized application, it also defends your applications in memory with advanced techniques that validates running processes and new process initiation. This should not stop at validating new process execution, it checks all processes, even those initiated by an approved, existing application. These processes are checked to see that their initiating kernel drivers are approved, that they are running in the appropriate location and that it is launched by an approved application. If it fails these tests the application will simply not execute.
Secure, Self-defending Architecture
Today’s malware writers know that the biggest threat to their malicious software is endpoint security software. Because of this, the more sophisticated malware targets the security software and attempts to turn it off or make it ineffective. Application whitelisting employs the most advanced secure, self-defending architecture available on the market.
- Kernel-level protection:
Installs at the operating system level itself. It isn’t simply another process, it is a kernel module that has sophisticated defenses that prevent alteration or termination.
- Process defense:
The processes monitor themselves and ensure that they are running at all times. There are multiple processes that ensure uninterrupted protection at all times.
- End-to-end encryption:
All communications are fully encrypted from the management console to the endpoint.
- End-to-end authentication:
Strong authentication is designed from protecting access to administrator accounts to authenticating the applications themselves using their embedded digital certificates.