Gartner Blog Network

Application Control / Whitelisting Interest is Growing Rapidly

by Neil MacDonald  |  May 11, 2010  |  1 Comment

I’ve had three calls today on application whitelisting – and that’s after another half dozen or so calls on the topic last week. I think we’ve finally turned a corner and are coming out of the “trough of disillusionment” on the Gartner hype cycle. What’s changed? A couple of thing, but I believe the attacks on Google (Operation Aurora / “Hydraq”) created a watershed moment that has raised the visibility on how ineffective traditional signature-based antivirus solutions really are.

There’s no shortage of vendors delivering solutions for application control / whitelisting. Most application-control vendors control whether a given file can be executed or not. Here’s my list of vendors that provide capabilities in this area:

Altiris Application Control Solution (Symantec)
IBM Internet Security System (Proventia)
Lumension Security (formerly PatchLink/SecureWave)
McAfee Application Control (from Solidcore Systems acquisition)
Microsoft Group-Policy-Object-based Software Restriction Policies (Windows XP and higher)
Microsoft AppLocker (Windows 7)
Overtis Systems
Savant Protection
Symantec Endpoint Protection (technology from Sygate)

Some host-based intrusion prevention system vendors and products take this concept further to define and control what behaviors an application is allowed to perform once it is running. These vendors include:

Check Point Software Technologies Endpoint Security
Cisco Security Agent
eEye Digital Security Blink
McAfee Host Intrusion Prevention
Panda Security TruPrevent
SkyRecon Systems StormShield
Symantec Critical System Protection

The best vendors understand that the enforcement of a whitelist itself has been commoditized. The best products focus on the initial construction of the list and, more importantly, the ongoing care and feeding of the list over time as applications and user’s needs change. This is how the leading solutions differentiate and the types of capabilities you will need to be successful with an application control project.

To help clients in evaluating these vendors, I recently worked with my colleague Mike Silver on the desktop operations side to publish this spreadsheet toolkit for clients which helps organizations evaluating whitelisting solutions to rate and compare the functionality of the vendors.

Category: beyond-anti-virus  endpoint-protection-platform  

Tags: beyond-anti-virus  endpoint-protection-platform  whitelisting  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Application Control / Whitelisting Interest is Growing Rapidly

  1. hans says:

    You forgot to list some freeware tools like Process Blocker

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.