Those of us who have been in the information security field for some time will appreciate that this is not new. The reality is that an infinity of bad things can be created and that we typically restrict ourselves to a relatively finite number of good things that we use and do. Keeping up with the bad guys guarantees we will always be one step behind.
So white lists are good – but how do we build and maintain them? How do we ensure that they are precise and accurate to suit our protection needs? As each protected asset is unique in its operating environment the precision we need for protection can only be gleaned from the operating context. Old style approaches of asking system owners to build their own white list signature decks from inadequate tools like regular expressions are not credible. Outmoded approaches consistently deliver error rates that are far too high to provide effective security. To reduce total cost of ownership, tools for building white list protection policies must be highly automated using intelligent approaches. This is exactly what we do at Secerno using our SynoptiQ(TM) technology to build defect free proactive policies that you can rely on.