Fave raves

Seven must-have products, in readers' own words

Name: William Bell
Title: Director of information security
Company: EC Suite.com, an e-commerce services provider in Tempe, Ariz.
Years at company and brief history: Started at EC Suite in 2004, working his way up from security analyst to his current position.
Years in industry: 6
Major technology projects in the works: Host-based enterprise firewalls
All-time favorite technology project: Binary white-listing
Technology you're watching most closely these days: NetFlow analysis

Favorite products: Lumension Security's Sanctuary Application Control and PatchLink Update

One of my biggest target areas right now is trying to get the word out on application white-listing, as opposed to traditional antivirus black-listing. White-listing is about what files on a computer are good, instead of what files or signatures on a computer may be bad. With Sanctuary Application Control, as soon as something tries to execute, it's compared against the list. It's kind of like a bouncer in a club: If you're not on the list, you don't get through. So, pretty much every piece of zero-day malware isn't on the list.

White-listing requires an inverse thinking, and obviously some preparation. You have to take some time to develop a white list of binaries so that you can put things on the granted list. For example, our internal staff can't just go in and install the latest Mozilla Firefox browser because it won't work.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Name: William Bell
Title: Director of information security
Company: EC Suite.com, an e-commerce services provider in Tempe, Ariz.
Years at company and brief history: Started at EC Suite in 2004, working his way up from security analyst to his current position.
Years in industry: 6
Major technology projects in the works: Host-based enterprise firewalls
All-time favorite technology project: Binary white-listing
Technology you're watching most closely these days: NetFlow analysis

Favorite products: Lumension Security's Sanctuary Application Control and PatchLink Update

One of my biggest target areas right now is trying to get the word out on application white-listing, as opposed to traditional antivirus black-listing. White-listing is about what files on a computer are good, instead of what files or signatures on a computer may be bad. With Sanctuary Application Control, as soon as something tries to execute, it's compared against the list. It's kind of like a bouncer in a club: If you're not on the list, you don't get through. So, pretty much every piece of zero-day malware isn't on the list.

White-listing requires an inverse thinking, and obviously some preparation. You have to take some time to develop a white list of binaries so that you can put things on the granted list. For example, our internal staff can't just go in and install the latest Mozilla Firefox browser because it won't work.

With antivirus, you can deploy it and go. But antivirus is constantly in chase mode; it works feverishly to get updates out constantly. Our company took the time to say what's good and bad, and then we stick to that.

What I like about the Lumension product line is that the company has done a good job integrating products and adding products to the portfolio that work together and are focused specifically on system protection. It's the suite of products, and how they integrate together, that makes it what I would consider a must-have.

We use the PatchLink Update product to make sure all of our computers have the current version of Application Control installed and working. The two complement each other, and we can run health checks to make sure everything is working the way we want it to. (For more information, check out our Patch and Vulnerability Management Buyer's Guide.) 

The idea of white-listing is not widely accepted, usually because people have a false sense of the administrative overhead necessary to perform this type of action. It hasn't really caught on.

The model doesn't work so well for companies with poor change-management processes. We thought we had solid change management going into this, but we found out we really didn't. We worked hard to improve our change management, and now it has become easy for us. We turned what used to be a 20- to 25-minute process for authorizing new applications into a 5-minute process. In the scheme of things, we're willing to give up 5 minutes of one staffer's time to ensure that we keep viruses and spyware and keyloggers off of our computers.

So far, we've seen a 75% reduction in computer replacements because of malware or spyware. When we have had to do a replacement, it's usually because the computer didn't have the product installed, it got missed. We're trying to keep that from happening with things such as PatchLink Update; the products work hand-in-hand.