Remember the 90’s when the term “paradigm shift” first became fashionable argot among business elites? Well, it’s a new century now, and the term aptly describes fundamental changes underway in network security.
Fueling today’s shift is a marked rise in Advanced Persistent Threats (APTs) that, unlike viruses and malware, are not easily detected by 20th Century approaches to network security, such as black listing and scanning. Government entities and commercial enterprises alike are beginning to understand that identifying and removing APTs requires a new, and indeed opposite, approach: namely, white listing.
The white list approach to security assigns an organization singular authority to define and grant all permissible freedoms for applications, devices and users on its network. By permitting only pre-approved activities, it needn’t monitor endlessly for suspicious behavior and provides a stiffer defense against unanticipated attacks.
With such intuitive benefits, it’s difficult to understand why the industry didn’t shift to a white list security model a decade ago. The reason is that white lists can be difficult to implement cost-effectively due to the challenge of keeping them current amidst the frequent updates to programs that populate them.
Those challenges are beginning to see solutions, however, as illustrated by an award-winning white list pilot program launched by the National Security Agency Information Assurance Directorate (NSA) and the Trusted Computing Group (TCG).
The program proved effective in hindering the spread of targeted attack infections, and effectively red flagging when infections did manage to infiltrate systems. The pilot earned the NSA and the TCG the 2011 U.S. National Cybersecurity Innovation Award from the SANS Institute – the industry’s most trusted and largest source for information security training and security certification.
Not surprisingly, boot integrity is in the vanguard of emerging white list solutions, and it is attracting interest from network administrators concerned about APTs. This interest was evident at a well-attended 2nd Annual NSA Trusted Computing Conference. The presentation discussed research conducted on the deployment and use of a boot integrity collection and reporting tool.
The focus is shifting from black list to white list – a paradigm shift – as major corporations and government agencies learn about APTs and investigate new product technologies that help protect their networks, data, assets, people and institutions.