|
|
|
Taking Adaptive Application Whitelisting to the
Next Level: CoreTrace Introduces BOUNCER 6.0
Abstract
On July 29, 2010, CoreTrace Corporation, a leader in application whitelisting technology for preventive
IT risk control, announced the introduction of Version 6.0 of BOUNCER, the company’s flagship
product offering. BOUNCER Version 6 expands CoreTrace’s early leadership stake in trusted applica-
tion change control with improved usability, deployment, scalability and integration capabilities, as well
as with expanded support for additional host platforms including 64-bit Microsoft Windows and, in
upcoming incremental releases, Linux and Apple MacOS. With these new capabilities, CoreTrace does
more than refine the balance between risk prevention and usability through an adaptive approach to
application requirements. It adds new capabilities such as application intelligence, additional approaches
for new software approval, and virtual management appliances that recognize the realities of deploy-
ment in today’s enterprise, enhancing the viability of application whitelisting as an enterprise-class
management solution.
Background and Context
The IT threat landscape has passed a tipping point in recent years. Gone are the days when attacks
were intended primarily to get attention with flagrant and noisy disruptions. Tangible gain and strategic
advantage have become objectives of today’s more serious threats. To achieve these goals, stealth has
become a primary modus operandi of the sophisticated attacker. Much more damage may be done by
working quietly, rather than by noisily attracting the attention of defenders. The more sophisticated
the threat, the higher the probability that serious attacks may go undetected—and undeterred—by
traditional defenses.
This situation is further complicated by the fact that the sheer volume of attacks in today’s landscape
threatens to overwhelm traditional signature-based defenses, whose databases necessarily impose limits
on their effectiveness. As attackers develop new threats and actively test their exploits against popular
countermeasures, vendors must respond with even more signatures. But as signature databases grow,
the risks of latency and resource consumption grow as well. Either the system begins to suffer from
the high demands imposed, or signature-based tools must scale back their impact—on threats as well as
on the systems they defend. Heuristic approaches are intended to help with this issue, by triggering on
patterns of behavior—but if they are too general, threats may slip past heuristic techniques as well.
A Different Approach
But there are alternatives. Traditional defenses effectively maintain a “black list” of prohibited activity
and allow all other behavior. Whitelisting, on the other hand, takes the opposite approach. It defines
the activity permitted on the system, and prevents all else. One of the more effective approaches is
application whitelisting, which limits applications and application changes only to those approved. This
directly inhibits malware (malicious software), which often installs as an application or modifies legiti-
mate application components. It also limits exposure from the installation of high-risk applications by
users, whether they are aware of the risks or not.
IMPACT BRIEF | 1
©2010 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
|
|
|