Auditors can be picky here. What you do to get around this is not surprise them. Get them onboard early on, and there are no surprises at audit time.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Nov 15, 2011 at 3:09 PM, Ziots, Edward <[email protected]> wrote: > Some have taken that stance, but I have also heard the other side, is they > need to keep AV on workstations, Servers due to compliance issues. ( which > I don’t really take as a valid argument, especially if compensating > controls are taking effect)**** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots**** > > CISSP, Network +, Security +**** > > Security Engineer**** > > Lifespan Organization**** > > Email:[email protected]**** > > Cell:401-639-3505**** > > [image: CISSP_logo]**** > > ** ** > > *From:* Stu Sjouwerman [mailto:[email protected]] > *Sent:* Tuesday, November 15, 2011 2:19 PM > > *To:* NT System Admin Issues > *Subject:* Would you drop AV for Whitelisting / Application Control?**** > > ** ** > > So I’m asking a bunch of questions here, because I’m looking at writing > this**** > > story from a few different angles. If the ratio Malware to good code is 80 > – 20**** > > (which it is +/- at the moment) why not drop AV all together and lock down > those**** > > workstations and only allow good code to run? Saves budget.**** > > ** ** > > Your view? Input?**** > > > Stu **** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > *From:* Stu Sjouwerman > *Sent:* Tuesday, November 15, 2011 2:10 PM > *To:* NT System Admin Issues > *Subject:* RE: Whitelisting Pros & Cons?**** > > ** ** > > Oh, this an acquisition, that is why it’s having such a high score! LOL > **** > > ** ** > > *From:* Doug Hampshire [mailto:[email protected] <[email protected]>] > > *Sent:* Tuesday, November 15, 2011 1:13 PM > *To:* NT System Admin Issues > *Subject:* Re: Whitelisting Pros & Cons?**** > > ** ** > > Clearly these results are flawed if McAfee Anything gets higher than a -3 > in any category. :-)**** > > On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman <[email protected]> > wrote:**** > > Thanks Micheal. Anyone experience with any of the Whitelisting products in > this InfoWorld Review?**** > > **** > > > http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835? > **** > > **** > > **** > > *Bit9 Parity Suite 5.01***** > > *10***** > > *8***** > > *9***** > > *9***** > > *10***** > > *9.4***** > > *EXCELLENT***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *CoreTrace Bouncer 5***** > > *9***** > > *9***** > > *9***** > > *8***** > > *9***** > > *8.9***** > > *VERY GOOD***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *Lumension Application Control***** > > *8***** > > *9***** > > *8***** > > *9***** > > *9***** > > *8.5***** > > *VERY GOOD***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *McAfee Application Control 5.0***** > > *9***** > > *9***** > > *9***** > > *8***** > > *8***** > > *8.7***** > > *VERY GOOD***** > > *30%***** > > *15%***** > > *25%***** > > *10%***** > > *20%***** > > *SignaCert Enterprise Trust Services 3.0***** > > **** > > **** > > **** > > *From:* Micheal Espinola Jr [mailto:[email protected]] > *Sent:* Monday, November 14, 2011 5:10 PM**** > > > *To:* NT System Admin Issues > *Subject:* Re: Whitelisting Pros & Cons?**** > > **** > > Whitelisting is the future IMHO. You cant trust anything anymore. Faith > doesnt cut it. You have to protect yourself and your assets, and > whitelisting is the best way to do it. > > -- > Espi**** > > **** > > **** > > ** ** > > On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman <[email protected]> > wrote:**** > > I'm referring to Whitelisting in the context of security. About 10 years > ago, the ratio > "Good code" versus malware was perhaps 90 good 10 bad. In that scenario, > it makes > sense to keep the bad code out. But over the last 10 years, with automated > malware > variant generation, the tables have turned, and there is actually more > malware than > good code out there. So in -that- scenario it might make sense to only > allow "good code" > and implement application control. Only that which is allowed, will run. > > I'd like your feedback - input - discussion on this ! > > Warm regards, > > Stu**** > > > -----Original Message----- > From: Matthew W. Ross [mailto:[email protected]] > Sent: Monday, November 14, 2011 11:22 AM > To: NT System Admin Issues**** > > Subject: Re: Whitelisting Pros & Cons? > > Are you asking about web content filtering, email filtering, or some other > type of "whitelisting?" > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Stu Sjouwerman > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Mon, 14 Nov 2011 > 08:14:57 -0800 > Subject: Whitelisting Pros & Cons?**** > > > Guys, I am writing an article for WServerNews, and would like your > > public input. > > > > What is your experience with Whitelisting, which products you > > tried/use, and what experience you are having with this, likes and hates > are all welcome !! > > > > Warm regards, > > > > Stu > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
