VIEWPOINT

6 downloads 268 Views 174KB Size Report
getting consistently worse, the consequences are getting ... which is being able to clean off a virus, and real-time ...
EXECUTIVE

VIEWPOINT

A D V E R T O R I A L

Whitelisting vs. Blacklisting in the Quest to Battle Malware Security threats—and particularly malware— are increasing in frequency, severity, and sophistication. How can CISOs battle this growing concern? Rob Cheng, founder of PC Pitstop, shares his ideas on why whitelisting technology is the best solution.

Rob Cheng CEO AND OWNER, PC PITSTOP Rob Cheng has over 30 years of experience in sales, marketing, and support in the computer industry. Prior to founding PC Pitstop, makers of PC Matic and Tech Sentry, in 1999, Rob was the Senior VP

Why is the topic of endpoint security so important right now for IT & security professionals? It’s really important. We read about it in the news all the time. The security problem is getting consistently worse, the consequences are getting consistently larger, and the frequency is growing. It’s time to consider a new architecture—the existing model isn’t working. We believe our approach, using whitelisting instead of blacklisting technology, is the best solution.

of Gateway Consumer, responsible for driving sales, marketing, and support worldwide. Rob began his career at Texas Instruments where he was responsible for sales, marketing, and support in Latin America. Rob holds a BS in Engineering from Cornell University and an MBA in Finance from the University of Texas. FOR INFORMATION VISIT: www.techsentry.com

What is the difference between whitelisting and blacklisting when it comes to battling malware? The entire security industry, going back to the late 80s or early 90s, has been built on the idea of a blacklist. The blacklist is a list of every single known virus. What’s happened over time is that criminals have figured out numerous ways to go around the blacklist. Example: They write a virus for a particular target, and therefore that virus would never be on a blacklist. A whitelist just looks at the things we trust—what are all the good things that are on the computer? Anything not on the good list would be blocked. Any antivirus actually needs 2 pieces of protection glued together. It’s remediation, which is being able to clean off a virus, and real-time protection together. We still have a remediation engine, just like everyone else. If a new customer comes in and they’re infected, we have to have a way to go and clean that computer—and that’s done through a blacklist. Whitelisting is used for real-time protection. The whitelist means anything we haven’t seen before, we won’t let it execute.

Some experts are critical of whitelisting because of its high rate of “false positives.” What is your response to that? The entire security industry is predicated— because it’s using a blacklist approach—on no false positives. There’s zero tolerance for false positives on a blacklist. But the idea of a false positives on a whitelist isn’t the same— it’s a factor of inconvenience, versus catastrophic. False positives on a whitelist means it won’t allow a file to run until the user says okay. With our product it takes 7 mouse clicks to get a file that we’re blocking to run. That’s an inconvenience, but it’s not catastrophic.

PC Pitstop recently received the highest RAP (Reactive and Proactive) test score in the VB100 Comparative Review. Why do you think this test best reflects the real world? We chose the Virus Bulletin because it’s free. This is important for 2 aspects: that means any antivirus vendor can participate. Second, I believe the money factor is hurting the process of accuracy.

What are the 2 types of threats that concern you most, and why? There are 2 categories of particular interest, and both of these categories are growing. The first category is ransomware. Today’s CIOs need to consider not just cost of the ransomware, as in the ransom they have to pay, but the cost to society. Another hospital was recently shut down because of ransomware. The cost of that issue wasn’t just the fine that was paid, but the fact that their servers were shut down, and normal hospital operations were shut down for a week. The other one is advanced persistent threats, or APT. This is when they go and create a piece of malware just for the target. Both types of threats are going on in higher frequency, and the damage that they are inflicting is larger each time. ■