In my recent reviews of application whitelisting products from CA and Bit9 I had a chance to work with eWEEK Labs Executive Editor Jason Brooks. In his technical analysis (Born to Run: Application Whitelisting,) Brooks advised enterprise IT managers to evaluate this technology. You can read my reviews of two application whitelisting tools that ran as part of the package in print. Bit9’s Parity 4.1 and CA’s HIPS are two products that provide whitelisting and, in the case of CA, additional host-based security tools. If you get the print version of eWEEK, this package of stories started on page 31 of the Oct. 6, 2008, issue.
Lumension Security’s Sanctuary Application Control and CoreTrace’s Bouncer are other competitors in this field that work contrariwise to anti-virus/anti-spyware tools.
All in all, I’m thinking that these tools are an interesting way to ensure that only legitimate activity is emanating from the end-user system. (AV and anti-spyware try to keep the malware off the system but are usually powerless to stop outbound malicious activity once a system is compromised. )
eWEEK Labs will be doing more work on endpoint security and I’ll track our progress here.