I’ve had three calls today on application whitelisting – and that’s after another half dozen or so calls on the topic last week. I think we’ve finally turned a corner and are coming out of the “trough of disillusionment” on the Gartner hype cycle. What’s changed? A couple of thing, but I believe the attacks on Google (Operation Aurora / “Hydraq”) created a watershed moment that has raised the visibility on how ineffective traditional signature-based antivirus solutions really are.
There’s no shortage of vendors delivering solutions for application control / whitelisting. Most application-control vendors control whether a given file can be executed or not. Here’s my list of vendors that provide capabilities in this area:
Altiris Application Control Solution (Symantec)
IBM Internet Security System (Proventia)
Lumension Security (formerly PatchLink/SecureWave)
McAfee Application Control (from Solidcore Systems acquisition)
Microsoft Group-Policy-Object-based Software Restriction Policies (Windows XP and higher)
Microsoft AppLocker (Windows 7)
Symantec Endpoint Protection (technology from Sygate)
Some host-based intrusion prevention system vendors and products take this concept further to define and control what behaviors an application is allowed to perform once it is running. These vendors include:
Check Point Software Technologies Endpoint Security
Cisco Security Agent
eEye Digital Security Blink
McAfee Host Intrusion Prevention
Panda Security TruPrevent
SkyRecon Systems StormShield
Symantec Critical System Protection
The best vendors understand that the enforcement of a whitelist itself has been commoditized. The best products focus on the initial construction of the list and, more importantly, the ongoing care and feeding of the list over time as applications and user’s needs change. This is how the leading solutions differentiate and the types of capabilities you will need to be successful with an application control project.
To help clients in evaluating these vendors, I recently worked with my colleague Mike Silver on the desktop operations side to publish this spreadsheet toolkit for clients which helps organizations evaluating whitelisting solutions to rate and compare the functionality of the vendors.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.