The Powerful Idea that Stops Malware Dead
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
In the 10-year time frame from 2002 to 2012, the volume of ‘known-good’ executable code has roughly doubled from 17 Million to 40 Million. During that same period, the amount of ‘known-bad’ malware has skyrocketed 40 times from 2 million to over 80 million. In 2002, keeping out the bad guys with antivirus was a correct and rational decision. Now, in 2012 that is no longer the case. The more rational decision is to continue using traditional (blacklist) antivirus but combined with gray- and whitelisting and only allow ‘known-good’ to run. It’s a simple, powerful idea that stops malware dead in its tracks. It allows you to run your network with an iron fist in a velvet glove.
Essentially, it’s time to put your endpoint security on its head. This whitepaper tells you why.
Malware has skyrocketed in volume in the last decade, and at the same time has ‘gone pro’. Malware has become highly sophisticated; the Zeus trojan is a good example. Traditional antivirus has trouble keeping up, as cybercrime generates 100,000 new malware executables per day. Antivirus companies have struggled trying to improve their product and added lots of new features, without being able to change their blacklisting model to what by now really is required: whitelisting. The result is antivirus bloatware, with a significant performance impact on workstations, and ineffective protection against malware. C-level executives frown as they see the yearly Total Cost of Ownership per workstation rising, while at the same time security effectiveness going down. IT is being asked to do more with less budget and a lower headcount. It’s time to put endpoint security on its head. We are not advocating throwing your existing antivirus out the window. Antivirus has its place, and should be kept, but it only provides half the functionality it needs to. Whitelisting, also sometimes known as Application Control, can stop malware dead in its tracks and actively lowers the cost of maintaining systems across your network. The smart approach is to add whitelisting as an additional layer to your defense-in-depth strategy. Next, use intelligent graylisting to decide about the code that falls in between the white- and black lists. The most successful strategy for the next decade is a combination of white-, gray- and blacklists which requires an absolute minimum of admin time. This combination will dramatically reduce malware infection rates and improve network security without end-user productivity problems.
Block Zero-Day Attacks
Small, but very high risks are zero-day exploits. No known security tool except whitelisting has a guaranteed defense against zero-day attacks. Being able to block any unknown process to run protects your network against all malware, zero-day and targeted attacks.
This whitepaper is excerpted with permission from knowbe4.com.