Some have taken that stance, but I have also heard the other side, is they need to keep AV on workstations, Servers due to compliance issues. ( which I don't really take as a valid argument, especially if compensating controls are taking effect)
Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Stu Sjouwerman [mailto:[email protected]] Sent: Tuesday, November 15, 2011 2:19 PM To: NT System Admin Issues Subject: Would you drop AV for Whitelisting / Application Control? So I'm asking a bunch of questions here, because I'm looking at writing this story from a few different angles. If the ratio Malware to good code is 80 - 20 (which it is +/- at the moment) why not drop AV all together and lock down those workstations and only allow good code to run? Saves budget. Your view? Input? Stu From: Stu Sjouwerman Sent: Tuesday, November 15, 2011 2:10 PM To: NT System Admin Issues Subject: RE: Whitelisting Pros & Cons? Oh, this an acquisition, that is why it's having such a high score! LOL From: Doug Hampshire [mailto:[email protected]] Sent: Tuesday, November 15, 2011 1:13 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros & Cons? Clearly these results are flawed if McAfee Anything gets higher than a -3 in any category. :-) On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman < [email protected]> wrote: Thanks Micheal. Anyone experience with any of the Whitelisting products in this InfoWorld Review? http://www.infoworld.com/d/security-central/test-center-review-whitelist ing-security-offers-salvation-835? Bit9 Parity Suite 5.01 10 8 9 9 10 9.4 EXCELLENT 30% 15% 25% 10% 20% CoreTrace Bouncer 5 9 9 9 8 9 8.9 VERY GOOD 30% 15% 25% 10% 20% Lumension Application Control 8 9 8 9 9 8.5 VERY GOOD 30% 15% 25% 10% 20% McAfee Application Control 5.0 9 9 9 8 8 8.7 VERY GOOD 30% 15% 25% 10% 20% SignaCert Enterprise Trust Services 3.0 From: Micheal Espinola Jr [mailto:[email protected]] Sent: Monday, November 14, 2011 5:10 PM To: NT System Admin Issues Subject: Re: Whitelisting Pros & Cons? Whitelisting is the future IMHO. You cant trust anything anymore. Faith doesnt cut it. You have to protect yourself and your assets, and whitelisting is the best way to do it. -- Espi On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman < [email protected]> wrote: I'm referring to Whitelisting in the context of security. About 10 years ago, the ratio "Good code" versus malware was perhaps 90 good 10 bad. In that scenario, it makes sense to keep the bad code out. But over the last 10 years, with automated malware variant generation, the tables have turned, and there is actually more malware than good code out there. So in -that- scenario it might make sense to only allow "good code" and implement application control. Only that which is allowed, will run. I'd like your feedback - input - discussion on this ! Warm regards, Stu -----Original Message----- From: Matthew W. Ross [mailto:[email protected]] Sent: Monday, November 14, 2011 11:22 AM To: NT System Admin Issues Subject: Re: Whitelisting Pros & Cons? Are you asking about web content filtering, email filtering, or some other type of "whitelisting?" --Matt Ross Ephrata School District ----- Original Message ----- From: Stu Sjouwerman [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Mon, 14 Nov 2011 08:14:57 -0800 Subject: Whitelisting Pros & Cons? > Guys, I am writing an article for WServerNews, and would like your > public input. > > What is your experience with Whitelisting, which products you > tried/use, and what experience you are having with this, likes and hates are all welcome !! > > Warm regards, > > Stu > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
