By James Taylor, Wick Hill Strategic Development Manager
I am a Luddite!
At least that was the description of me offered over a beer recently, following a hard-fought day at InfoSec. When you get challenged like that, you really have to think to yourself: “Are my thoughts on IT security old-fashioned or should we be challenging the norm?”
No getting away from it – I am an old-timer in IT. 4 MHz XTs were the first computers I sold. We were aware of malware – you knew you had a virus if the screen went blue. I also recall early on in my career operating a CRM system on an amber thin client. I was given the tools by which I was able to do my job – a 14” terminal, a telephone and the Yellow Pages. Simple, yet focused and effective.
For the longest time, I have wondered why we suffer the continuous download of anti-virus signatures to provide a dBase for an application that is resource intensive. Anti-virus manufacturers even brag about how many signatures they release on a daily basis – 30,000, 40,000 or even 50,000. Yet, when I press Ctrl-Alt-Delete and look at my Task Manager, I find there are 40 things I want to do today. My continued observation being no doubt the same 40 things I want to do tomorrow and the day after. My thoughts were that instead of blocking 40,000 “applications” (exponentially) on a daily basis, approving apps (whitelisting) surely improves our security position. “You’re a Luddite!” I was told…
Really? If my job was to dig ditches, and in my tool box came a shovel, a calculator, a box of matches, a kite and a thermos, it would not take me long to find the kite. The job role is digging ditches, so a shovel and a thermos seems plenty. There’s no distraction, it keeps me productive and gives me a receptacle for a warming mug of soup. I do realise in the health and safety conscious world we live in today, I would need a Hi-Viz jacket, steel toe capped boots, etc. I was just trying to keep the analogy simple! Now ask yourself what damage can be done, once I find the matches!
Today, the personal computer is available on smartphones, tablets and traditional desktops. It comes with a variable choice of multiple operating system, capable of doing a lot of things, some of which I need for my day job and many others which I don’t. Windows 10 shipping with Candy Crush, for example, may be important for politicians, but it’s not essential to me. What still remains true today, as it did when I first started in IT, is to just give me the tools I need to do my job.
I suspect whitelisting is perceived as an onerous task, too difficult to implement. Surely approving the known is better than trying to block the unknown. If we are unable to define our business needs, or have the flexibility to adopt change when appropriate, then quite possibly we are in the wrong career, especially if we blindly accept what Microsoft, Apple or Google tells us is essential.
Having recently sat through Avecto’s pre-sales course on DefendPoint, whitelisting applications is not difficult. In fact, it is far easier than telling your shareholders why the price of their shares fell due to the subsequent reputational embarrassment of your latest breach. Much easier than re-building your entire network from the last known “safe” position, and, I imagine, a lot more “fun” than having to deal with the ICO (Information Commissioner’s Office). Yet I have offered up a security solution that is highly effective in preventing malicious apps from executing, with the added bonus of enabling staff to be more productive.
DefendPoint also has a Privilege Rights solution, so instead of having full Administrator Rights, I can have just those rights I need to do my day job. Spending a lot of time on the road, I may, for example, need to set up a local printer. DefendPoint can extend those specific privileges to just that task. No need to call the help desk and raise a ticket. Reading a number of CVEs (common vulnerabilities and exposures), it seems the vast majority of vulnerabilities are exploited by the malware elevating its Admin Privileges – it would appear Privilege Management also gives me a genuine alternative to perpetually expanding black lists.
Therefore, if whitelisting makes me a Luddite, then I shall hold my head up high as I am a more secure, productive and efficient Luddite.