From the Security Experts

Home
October 24, 2008

Faronics Security Solution Uses 'Whitelists' for More Effective Computer Protection


By SIP Trunking Report Contributing Editor



There is no sign that the demand for software security solutions will dry up anytime soon. With scores of new malware and illegal applications entering circulation every day, IT security services become increasingly complex. Having to deal with an infinitely long list of non-executables, providers are looking for alternatives to traditional “blacklist” solutions.

 
Faronics’ Anti-Executable solution takes a different approach to security. Instead of creating a list of blacklisted applications, it creates a “whitelist” of trusted applications, and then blocks any executables that are not in that list.  
 
Dmitry Shesterin, vice president of marketing at Faronics, recently answered some questions from TMCnet about challenges in the software security market and the company’s solutions.
 
TMCnet: What are some of the new security demands from computer users, and how is Faronics addressing these?
DS: The users from which we are predominantly hearing come from either the administrative side or the support side of the IT equation. These specific users are demanding three things: that their computers, which are being utilized at an ever-increasing level, are kept secure; that their end-users remain productive; and that any management of their computers be centralized, flexible and very straightforward. 
 
With the Internet being accessed at all times for research and information-gathering and with the proliferation of removable storage devices, this security — which ends up affecting productivity and management — can be very elusive.
 
Faronics addresses these demands with our Anti-Executable product. Anti-Excecutable ensures total endpoint productivity by only allowing approved applications to run on a computer. The product stops malicious software from installing, blocks distractive software from running and keeps workstations in compliance with Acceptable Use Policies. Anti-Executable can be managed from the Faronics Core Console to offer complete control over the security of every workstation from one central point and can utilize existing network structure information for ease of management.
 
TMCnet: There are so many security products and solutions available. How is Faronics’ offering different?
DS: Faronics has looked at the workstation security problem from a different angle, which has given us a unique perspective. Instead of attempting to keep up with a list of executables which are not allowed on workstations — an often endless, daunting task —  Anti-Executable instead automatically creates a whitelist of applications which are allowed from your ideal system configuration, with the flexibility to add executables to the whitelist if needs change.  The product then simply blocks any executable which is not on that list.
 
Advanced features such as multiple whitelists, scheduled enforcements, and user-level protection provide administrators with the flexibility to balance security with user needs.
 
TMCnet: Comparing hackers and security solution providers, who do you think is smarter?
DS: The smartest players are those who come up with innovative solutions to break the cycle of "threat — damage control — solution."  This is what Faronics has tried to do with Anti-Executable. The product provides IT administrators with a solution that can remove them entirely from the fray and gives them complete, centralized control over what executables are running on their workstations. Anti-Executable also manages and exports log records of violation attempts so that administrators can keep abreast of potential problems.
 
In the end, it may not matter who is the smartest, but who has the endurance to continue within the back-and-forth nature of the IT security battle, and we feel that Faronics is well-positioned to be a market innovator for some time to come.
 
TMCnet: Will there ever be a final solution to end the threat from viruses, spyware, etc?
DS: Technology is always going to spawn those who want to leverage it for undesirable uses, so it is likely that these threats will be ever evolving. Again, it is with this prospect in mind, that Faronics created Anti-Executable. The threats can change and multiply, but as a powerful and flexible solution, which automatically blocks all unwanted executables, Anti-Executable doesn't require updating to retain its security.
 
TMCnet: How do you define ‘unwanted application’? 
DS: An unwanted application is one which threatens the usability or security of a workstation, one which hampers user productivity or one which doesn't comply with policies or regulations which an organization has created for itself.
 
Anti-Executable takes an alternate approach by automatically creating a whitelist of executables on the workstation upon first install. All applications and other executables, which exist on that system at the time of install, are deemed allowed. Of course, the recommended time to install Anti-Executable is upon creating a master image or ideal configuration. This will ensure that only wanted executables end up on the whitelist, with the option of adding more as needs change.
 
TMCnet: What suggestions do you have for enterprises and individuals who want to protect their computer systems?
DS: For both, we suggest looking for a solution that protects your workstations while affording a minimum of administrative fuss, though the exact process is different in an enterprise setting than for a home computer. For enterprises, the solution should be centrally managed and offer the enterprise the flexible options it requires for individual system needs. For individuals, the solution should be one about which they don't have to worry — one that doesn't require constant care or updating.
 
TMCnet: What is Faronics’ current market strategy?
DS: Faronics will continue to monitor industry trends and the needs of our customers.  It will be these, which focus our future development to make our products even better. The new features that were recently added to Anti-Executable — such as integration into the Faronics Core Console, multiple whitelists, schedule-able whitelists and trusted application status — show that we are always striving to improve an already-effective solution.
 
TMCnet: What are some of the latest trends in the security solutions market?
DS: With the increased complexity and sophistication of "botnet" (large-scale usage of infected computers to harvest critical information) and targeted phishing scams (directing users to Web sites which will then attack browsers who have surfed there) via the Internet and e-mail, IT security continues to be on the top of the minds of IT administrators. Even given this fact, with real-time communication becoming the expected norm by end-users, many enterprises are tempted to ease back on security somewhat to increase the connectivity of their users — with the hopes of increasing productivity.
 
New security solutions need to be stringent enough to avoid "day-zero" attacks, yet flexible enough to accommodate the needs of end-users. With an increasing number of companies posting acceptable use policies and following regulated IT policies, new solutions also need to aid in enforcing these so that valuable time and resources aren't taken up in policing them.
 

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

 

Rajani Baburajan is a contributing editor for TMCnet. To read more of Rajani's articles, please visit her columnist page.

Edited by Mae Kowalke