Application Whitelisting for Government
Posted by Kate Munro on Fri, Aug 07, 2009
Criminals are getting smarter and more sophisticated, responsible for security breaches in both the public and private sector that put sensitive information in danger. Just last month it was discovered that cyber spies repeatedly hacked critical design data in the U.S. Joint Strike Fighter project. Brian Krebs of the Washington Post writes about the Facebook and Twitter attacks here and the Marines have just banned Facebook.
From state and local government to federal defense agencies, the government seems to be constantly under attack.
Standards such as the Federal Information Security Act (FISMA) were put in place to provide U.S. federal agencies and contractors with a uniform set of information systems processes. But compliance, as we have seen with PCI DSS standards, is never enough. Gaining control over the software that runs on government systems is more than a strategic initiative aimed at compliance; it is crucial to protect against zero day and targeted attacks that are getting past traditional, reactive defenses.
Application whitelisting is emerging as a layer to IT security defenses - to monitor and control unauthorized software, as well as to discover and ban certain hashes automatically. Whether it's rogue software. Unwanted. Common software, but considered vulnerable. Or malicious.
This approach to endpoint security is fundamentally different from existing anti-virus methods that allow all applications to run and detect malware after it has already executed and potentially caused harm to systems. Application whitelisting lets you create an inventory of ‘permitted' software that is allowed to run and allows unknown software to run in a controlled manner - until it's deemed good or bad. This lets workers use the real-time tools they need to get their job done, and reduces the burden of false-positives on the IT department.
By having greater visibility into what applications are running on their organization's endpoints (PCs, laptops, servers), IT staff is better equipped to enforce the use of authorized applications, maintain compliance with industry standards and prevent the installation or execution of malicious, illegal and unauthorized software that can create vulnerabilities and enable targeted attacks. In fact, the recently released Consensus Audit Guidelines (CAG) prescribes application whitelisting - defining and allowing only trusted software - as a best practice for achieving FISMA compliance.
A well-managed application environment is also less expensive to operate, saving valuable taxpayer dollars when it matters most. According to a recent Gartner study, "A locked and well-managed desktop PC can be 42 percent less expensive to maintain than an unmanaged one."
We're seeing a fundamental shift in the way government operates, and this requires a more sophisticated, better armed approach to IT security.