I’ve had three calls today on application whitelisting – and that’s after another half dozen or so calls on the topic last week. I think we’ve finally turned a corner and are coming out of the “trough of disillusionment” on the Gartner hype cycle. What’s changed? A couple of thing, but I believe the attacks on Google (Operation Aurora / “Hydraq”) created a watershed moment that has raised the visibility on how ineffective traditional signature-based antivirus solutions really are.
There’s no shortage of vendors delivering solutions for application control / whitelisting. Most application-control vendors control whether a given file can be executed or not. Here’s my list of vendors that provide capabilities in this area:
Altiris Application Control Solution (Symantec)
IBM Internet Security System (Proventia)
Lumension Security (formerly PatchLink/SecureWave)
McAfee Application Control (from Solidcore Systems acquisition)
Microsoft Group-Policy-Object-based Software Restriction Policies (Windows XP and higher)
Microsoft AppLocker (Windows 7)
Symantec Endpoint Protection (technology from Sygate)
Some host-based intrusion prevention system vendors and products take this concept further to define and control what behaviors an application is allowed to perform once it is running. These vendors include:
Check Point Software Technologies Endpoint Security
Cisco Security Agent
eEye Digital Security Blink
McAfee Host Intrusion Prevention
Panda Security TruPrevent
SkyRecon Systems StormShield
Symantec Critical System Protection
The best vendors understand that the enforcement of a whitelist itself has been commoditized. The best products focus on the initial construction of the list and, more importantly, the ongoing care and feeding of the list over time as applications and user’s needs change. This is how the leading solutions differentiate and the types of capabilities you will need to be successful with an application control project.
To help clients in evaluating these vendors, I recently worked with my colleague Mike Silver on the desktop operations side to publish this spreadsheet toolkit for clients which helps organizations evaluating whitelisting solutions to rate and compare the functionality of the vendors.