Q. You’ve been pushing what you’re calling ‘Intelligent Whitelisting’. What’s unintelligent about the other whitelisting platforms available?
A. Traditional whitelisting is not flexible; it’s very draconian in the way it’s set up. You get a list of software that is allowed to run on your machine, so you don’t care about anti-virus or malware because nothing can load on to the machine unless it matches the list exactly. That’s great, but only if the builds never change – such as an ATM or point of sale kiosks.
We wanted it to be usable by anybody but still give them protection by only allowing the trusted programs to run on their machine. Is it known to be bad? Is it behaving like something that might be bad? It’s about the concept of trust. We’ve got deals with the major software vendors so can quickly establish the manufacturer and the approved download site and ask questions about licensing, known vulnerabilities, and simply whether it’s wanted or not.
Q. What about when a vendor updates its software?
A. We have something called the Trusted Updater. This allows you to take common things that do background updating – such as Adobe, WebEx or a bespoke system – and update them automatically. This maintains the whitelist automatically without burdening the IT department or stopping the worker from doing their job – which was always one of the legacy issues with whitelisting.
The way Intelligent Whitelisting has been designed from a user perspective is automated so the trust is there. So a home worker can download updates without impacting their work, because the system understands trust and it doesn’t have to wait for IT to push out a patch.
We’ve left it very flexible so it’s up to the enterprise to decide what level of security that want to have on any one machine – so they can go anywhere from a traditional blacklist all the way to a completely locked down whitelist by machine, group, domain or geography.
Q. Do you think whitelisting has been seen as a poor relation of the security industry?
A. I think it’s been seen as a pain in the backside. It’s hard to use, it’s exceptionally manual for the IT manager to maintain, whenever there’s a change you have to rebuild and push that image out. What it does is exceptionally effective. It eliminates all the questions about what is allowed on a machine and therefore removes the risk. But it’s difficult to manage and doesn’t lend itself to an environment where workers are out and about. It drives the average end user crazy because you can’t update programs.
It needed to evolve where the vendors became very anti-virus-like in their relationship with the customer – they were responsible for keeping it up to date and you’re leveraging it in the cloud.
Content from our partners
Q. What about workers using their own devices at work?
A. There are a lot of concepts around how you do that and I don’t think it’s well managed. Citrix recently announced they would be using our whitelisting to lock down virtual environments so that nothing on that person’s machine can swim back up stream [to the corporate network]. In that concept we really don’t care what the end user does with their machine because IT has taken back control of its environment and what touches it.
