Thursday 11 December 2008

White-listing is officially the Protector’s “New Tool”

Anyone watching the item on the future of computer security will come away believing that there is a “new” technology riding to save us all on a white horse. This is the “New Security Tool called white listing”. Kym McNicholas interviews Paul Ferguson (Threat Researcher at Trend Micro) who says that “Antivirus software can’t keep up” with the thousands of new malware variants released each day. According to Ferguson the number of new malware variants seen in 2008 is greater than all those released in the previous 20 years.

Those of us who have been in the information security field for some time will appreciate that this is not new. The reality is that an infinity of bad things can be created and that we typically restrict ourselves to a relatively finite number of good things that we use and do. Keeping up with the bad guys guarantees we will always be one step behind.

So white lists are good – but how do we build and maintain them? How do we ensure that they are precise and accurate to suit our protection needs? As each protected asset is unique in its operating environment the precision we need for protection can only be gleaned from the operating context. Old style approaches of asking system owners to build their own white list signature decks from inadequate tools like regular expressions are not credible. Outmoded approaches consistently deliver error rates that are far too high to provide effective security. To reduce total cost of ownership, tools for building white list protection policies must be highly automated using intelligent approaches. This is exactly what we do at Secerno using our SynoptiQ(TM) technology to build defect free proactive policies that you can rely on.