Faronics Anti-Executable Enterprise 3.5 Protects Against Unauthorized Applications

 
 
By Matthew Sarrel  |  Posted 2010-04-23 Email Print this article Print
 
 
 
 
 
 
 

Building whitelists and blacklists is easy. Maintaining them across an enterprise is a different story.

Application whitelisting-a security practice in which administrators identify which applications are allowed to run on a system and deny all others-is all the rage these days. In situations where users can't be trusted, strict whitelisting makes plenty of sense as a part of a more comprehensive endpoint security policy. However, without enough provision for flexibility and centralized management, whitelisting products can render workstations too rigid for mainstream use.

I experienced the benefits and drawbacks of application whitelisting firsthand in my tests of Faronics Anti-Executable Enterprise 3.5, a whitelisting product that's available in Standard and Enterprise flavors. The Enterprise version is basically the Standard version that's managed centrally using the Faronics Core management console. To cut to the chase, I found Faronics Anti-Executable to be a solid stand-alone product for strict lockdown scenarios, but I was disappointed with its central management capabilities and its provisions for flexibility in the face of software updates and mainstream use.

During my testing, there was a three-day period of Patch Tuesday, an Adobe update and a Java update. Just on my little testbed of 10 workstations, it took considerable effort to allow the patches to be installed, to allow the updated app to run and to update the whitelist to continue to allow it to run. In an environment of 5,000-plus machines, this added burden could outweigh the positives provided by control.

On the other hand, in areas where configurations don't need to be updated constantly and where security is the paramount concern, Faronics Anti-Executable Enterprise does a great job. This is also a much more appropriate use of application whitelisting technology in general. For example, the average business user would not tolerate the intrusiveness and disruption, but on a kiosk or shared workstation, this would be perfect. Malware can't run, keyloggers can't be installed and all warnings could be silent while non-whitelisted apps are terminated. Other use cases include workstations in a classroom, POS-really anywhere you want to limit the user to a few specific tasks and block everything else. Faronics Anti-Executable Enterprise 3.5 is priced starting at $40 per client, with volume discounts that can push the price down to $9.99 per client.



 
 
 
 
Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel