Lately the fuz around AV has swolen and IT professionals all over the globe tend to get sceptical about the classical AV model. And they basically have every right to as well. The amount of malware that comes out on a daily basis has grown so rapidly that we all will not be able to provide enterprise wide security just with a reactive approach. Let alone the fact that more and more targeted attacks appear that simply are unique and therefor undefined in your AV definitions.
So the answer to these developments clearly would be to shift to a more proactive approach. The most likely way to protect endpoints in the near future will probably be Application Whitelisting. Such technology enables you to define specifically which applications can run and blocks the undefined.
McAfee has entered the Application Whitelisting market with the acquisition of SolidCore in 2009. Their Application Control product was already ePolicy Orchestrator (ePO) capable from the Security Innovation Alliance program that SolidCore was a part of, so the integration took place smoothly.
The problem with Application Whitelisting is that at this point nobody really has the guts to claim AV can be displaced by it. So that's when I thought: let's just give it a try.
So here is what I will do in this experiment. I have just reinstalled my HP EliteBook 8530w with Windows 7 Ultimate x64 and am running all my required business applications. That is Microsoft Office, VMWare Workstation, ehhrrr, ah yes, Internet Explorer. I have NOT installed McAfee products at all, and all Windows 7 integrated security features apart from the Windows Firewall are turned off.
I will install an McAfee Agent (v4.5) on my laptop that will connect my laptop to an online Hosted ePO Server (v4.5 Patch 2) of Medusoft, which is only configured to manage McAfee Application Control. The McAfee Agent will than install McAfee Application Control which will first make an index of my current application and than locks up my computer for any new installations except from those that I allow specifically.
And than, after my computer has been "Solidified" (i luv it), I will post regularly and everytime I get frustrated because I cannot install something or when my laptop gets infected by a virus (for Medusoft I come in infected environments all the time...)
No comments:
Post a Comment