This blog post was written by Teresa Wingfield.
Security experts have long debated the merits of whitelisting versus blacklisting. While the first intuitively seems more secure, the reality is that whitelisting is also more difficult to implement and manage. Strategic decisions are driven by organizational needs, which seems to recast the question: do businesses prioritize security over efficiency with whitelisting, or vice versa?
In fact, this type of thinking extends beyond the choice between whitelisting or blacklisting. While trade-offs are an unavoidable aspect of decision-making, shouldn’t we be finding solutions that can maximize the yield of both factors?
We need adaptive solutions, ones that can accommodate today’s IT environment. With the proliferation of applications in the cloud and the data center, users want flexible access which simultaneously increases risk. We can’t live with solutions trading off between efficiency and security to meet increasing demand anymore, we need security solutions that are efficient and secure.
Several factors demonstrate this need.
- There are more unknown and unwanted applications than ever before.
- Global intelligence alone is becoming insufficient due to the large number of unique malware samples.
- We need quicker response speeds to contain malware.
When new challenges like these arise, it’s not IT’s job to simply identify the easiest method with the least trade-off, but to find a solution to accomplish the necessary tasks with the smartest method. What if there was an intelligent and efficient method of whitelisting, suited to today’s environment?
The beauty is that more data leads to better decision making. What if observations from multiple sources could inform each other in real time? We designed McAfee Application Control 7.0 with this in mind.
Historically, McAfee Application Control has taken advantage of global data to benefit organizations. McAfee Global Threat Intelligence (GTI), an exclusive technology based on real-time information from millions of sensors worldwide, provides threat intelligence. Data from our large network allows the reputation of files, messages, and senders to be classified for monitoring purposes.
While that is certainly useful, we’ve realized that global information is even more valuable when complemented with local data. We’ve extended the use of local knowledge to threat containment in McAfee Application Control 7.0. With our latest release, users can leverage McAfee Threat Intelligence Exchange (TIE) for local intelligence. And, they can use McAfee Advanced Threat Defense (ATD) to analyze the behavior of unknown applications in a sandbox. All endpoints are automatically immunized from newly detected malware, shortening the response time from days or weeks to milliseconds. Users get complete and fast protection detailed in the image below.
In addition to allowing software execution based on an approved whitelist, local and global reputation and sandbox test verification, McAfee Application Control can also use a Dynamic Trust Model. In this model, some programs are identified as trusted, which allows them to create or modify applications. For example, provisioning and patching tools are obvious choices, but an observation mode feature automatically suggests new programs to be included as well. In addition, by also including trusted certificates, directories, and users, you have a lot of flexibility.
The essential emphasis is on adaptive intelligence, or getting the most useful insights from the most relevant information and implementing the security posture that is right for you. These are what make McAfee Application Control 7.0 unique.
It’s clear that today’s environment is rendering forced trade-offs between security, business efficiency, and adaptability quite undesirable. Instead, the task should be to find IT solutions that remove these limitations in the first place. Using McAfee Application Control 7.0 is a jump towards this direction.
Click here to learn more about McAfee Application Control 7.0.
About the Author
Categories: Security Operations