McAfee and Bit9 products tied the technological knot recently, providing another example of anti-malware vendors embracing whitelisting.
Now certified by McAfee, Bit9’s whitelisting technology can be managed by McAfee ePO (ePolicy Orchestrator). Bit9 Parity for McAfee ePO allows McAfee customers to use application whitelisting to control unauthorized software and devices that run on their laptops, PCs, servers and kiosks.
By adding Bit9 Parity for McAfee ePO, security pros using ePO can whitelist approved software and devices and allow them to execute. Meanwhile, unlicensed, unauthorized and malicious programs will be blocked. Users will also have access to Bit9’s Global Software Registry, a database of intelligence on software.
Given the growing amount of malware threatening IT operations, whitelisting has become an attractive layer of defense. Earlier in 2008, Symantec CEO John Thompson spoke in favor of whitelisting at the RSA Conference in San Francisco. In addition, other vendors such as Kaspersky Lab have hopped aboard the whitelisting train as well.
“I do see endpoint security vendors building in elements of whitelisting,” said Eric Ogren, principal analyst of the Ogren Group. “Lumension has it, Symantec has some and there is always Bit9, CoreTrace and AppSense. They don’t always promote it because they print money with signature annuities, but the major vendors are sprinkling in [whitelisting] and behavior because that’s the only way to keep up with the volume of attacks for agent software.”
To read about McAfee’s new NAC Module for Network Security Platform, click here.
While whitelisting is clearly more effective than blacklisting given the never-ending proliferation of malware, it is still reactive, noted Gartner analyst John Pescatore.
“We still need advances in application control, sandboxing-essentially behavior limitation of unknown executables that will never be on either the whitelist or blacklist,” Pescatore said. “Bit9 does some of this, SoftSphere Technologies and many other host-based intrusion prevention products do as well. But since it breaks the signature-dependent model, the AV vendors are always slow to move in that direction.”