Anti-malware vendors are increasingly embracing application whitelisting-a security trend underscored by Bit9's integration with McAfee ePolicy Orchestrator. McAfee customers will be able to manage Bit9's whitelisting technology through ePO as a result of the integration, as well as access Bit9's database of software.
products tied the technological knot recently, providing
another example of anti-malware vendors embracing
Now certified by McAfee, Bit9's whitelisting technology can be managed by
McAfee ePO (ePolicy Orchestrator). Bit9 Parity for McAfee ePO allows McAfee
customers to use application whitelisting to control unauthorized software and
devices that run on their laptops, PCs, servers and kiosks.
By adding Bit9 Parity for McAfee ePO, security pros using ePO can whitelist
approved software and devices and allow them to execute. Meanwhile, unlicensed, unauthorized and malicious programs will be
blocked. Users will also have access to Bit9's Global Software Registry, a
database of intelligence on software.
Click here to read about Microsoft's out-of-cycle patch for a vulnerability hackers are already attacking.
Given the growing amount of malware threatening IT operations,
whitelisting has become an attractive layer of defense. Earlier in 2008,
Symantec CEO John Thompson spoke in favor of
whitelisting at the RSA Conference in San
Francisco. In addition, other vendors such as
Kaspersky Lab have hopped aboard the whitelisting train as well.
"I do see endpoint security vendors building in elements of
whitelisting," said Eric Ogren, principal analyst of the Ogren Group.
"Lumension has it, Symantec has some and there is always Bit9, CoreTrace
and AppSense. They don't always promote it because they print money with
signature annuities, but the major vendors are sprinkling in [whitelisting] and
behavior because that's the only way to keep up with the volume of attacks for
To read about McAfee's new NAC Module for Network Security Platform, click here.
While whitelisting is clearly more effective than blacklisting given the
never-ending proliferation of malware, it is still reactive, noted Gartner
analyst John Pescatore.
"We still need advances in application control,
sandboxing-essentially behavior limitation of unknown executables that will
never be on either the whitelist or blacklist," Pescatore said. "Bit9
does some of this, SoftSphere Technologies and many other host-based intrusion
prevention products do as well. But since it breaks the
signature-dependent model, the AV vendors are always slow to move in that