It's a good defense in depth measure but I do see some overhead with application whitelisting too ( I liked the Rapid 7 product a lot) but again with the budget getting slashed it was like another good idea not going to get implemented.
WE stop that code execution with Cisco Security Agent and trust me it locks it down cold. If you don't have a rule written to run your application it doesn't even execute, its stopped cold, not even admins can disable it. Z Edward E. Ziots Network Engineer Lifespan Organization Email: [email protected] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + ________________________________ From: James Rankin [mailto:[email protected]] Sent: Thursday, January 29, 2009 4:32 PM To: Active Directory Admin Issues Subject: Re: OT: Was Tips 'n' Tricks Now it's Symantec Bashing ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
