CSO - Last week we looked at security technology some readers consider overvalued. This week we're back to study the other side of the coin. Here are four techniques and related technologies several cited as underrated in today's security fight. Since one security pro's miracle tool is another's waste of budget, it's no surprise that a couple of the technologies panned last week are praised here.
Whitelisting
Application security is something companies increasingly worry about, as the number of business and personal apps proliferate. Hackers are targeting everything from online banking apps to the gaming apps popular on such social networks as Facebook. Web Application Firewalls (WAFs) are among the technologies designed to reduce the risk. One of the more overlooked features of the technology is whitelisting -- the art of allowing only traffic known to be valid to pass through the gate; thus providing an external input validation shield over the application.
Andy Willingham, senior security engineer at E-chx Inc. and founder of AndyITGuy Consulting, believes whitelisting and URL filtering are too quickly dismissed as too difficult. "Most people think that it's too hard to limit what people can run and where they can go," he said. "We've reached the point where we can't just let people do what they want. Too many preach that if we want to attract and retain good employees that we have to allow them to install programs and surf freely but until we get virtual environments to the point where everything is its own virtual session and can be 'cleared' at will or regularly, then we have to start locking down."
Chris Young, a VP at ISM Inc., said the biggest setback for this technology has been inconsistency on the management side, but that this piece is improving. "We are at the point where this is no longer a problem and new programs can be added with minimal/no admin assistance in a secure and controlled manner," he said. "On the endpoint it should not be seen as a locking down of the system in that users won't be able to have any freedom, but it provides admin/user education in the sense that it forces admins/users to check what they are downloading first to make sure it is a legit program and conforms to company policy."
At the same time, he said, the technology is filling the holes cause by poor/accidental user behavior while protecting executables that have been authorized to run on the system. " Operation Aurora was one of many examples where whitelisting on the endpoint would have completely prevented the compromise even after a user was duped into clicking on a link that led to a website that automatically downloaded and executed malware on the host system," he said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
