Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Application Control / Whitelisting Interest is Growing Rapidly

by Neil MacDonald  |  May 11, 2010  |  1 Comment

I’ve had three calls today on application whitelisting – and that’s after another half dozen or so calls on the topic last week. I think we’ve finally turned a corner and are coming out of the “trough of disillusionment” on the Gartner hype cycle. What’s changed? A couple of thing, but I believe the attacks on Google (Operation Aurora / “Hydraq”) created a watershed moment that has raised the visibility on how ineffective traditional signature-based antivirus solutions really are.

There’s no shortage of vendors delivering solutions for application control / whitelisting. Most application-control vendors control whether a given file can be executed or not. Here’s my list of vendors that provide capabilities in this area:

Altiris Application Control Solution (Symantec)
IBM Internet Security System (Proventia)
Lumension Security (formerly PatchLink/SecureWave)
McAfee Application Control (from Solidcore Systems acquisition)
Microsoft Group-Policy-Object-based Software Restriction Policies (Windows XP and higher)
Microsoft AppLocker (Windows 7)
Overtis Systems
Savant Protection
Symantec Endpoint Protection (technology from Sygate)

Some host-based intrusion prevention system vendors and products take this concept further to define and control what behaviors an application is allowed to perform once it is running. These vendors include:

Check Point Software Technologies Endpoint Security
Cisco Security Agent
eEye Digital Security Blink
McAfee Host Intrusion Prevention
Panda Security TruPrevent
SkyRecon Systems StormShield
Symantec Critical System Protection

The best vendors understand that the enforcement of a whitelist itself has been commoditized. The best products focus on the initial construction of the list and, more importantly, the ongoing care and feeding of the list over time as applications and user’s needs change. This is how the leading solutions differentiate and the types of capabilities you will need to be successful with an application control project.

To help clients in evaluating these vendors, I recently worked with my colleague Mike Silver on the desktop operations side to publish this spreadsheet toolkit for clients which helps organizations evaluating whitelisting solutions to rate and compare the functionality of the vendors.

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform     Tags: , ,

1 response so far ↓

  • 1 hans   May 24, 2010 at 10:01 am

    You forgot to list some freeware tools like Process Blocker