​Encryption use driving new thinking on whitelisting: Bit9+Carbon Black

Growth in use of encrypted mobile services will drive a reconsideration of the best methods for endpoint protection in the next 12 to 18 months, the local head of a new entrant to Australia's burgeoning security market believes.

Faced with the growing ineffectiveness of conventional endpoint protection techniques – which have historically been based on recognising signatures or common behaviour analysis that struggles to pick up completely novel activity – some are now pushing for an alternative model that uses network-monitoring techniques to build and maintain application whitelists that dictate what resources and applications various endpoint devices are able to access.

Growing interest in this type of solution will drive "a bit of a shakeup in endpoint security," Kane Lightowler, managing director for Asia Pacific and Japan with endpoint-security specialist Bit9 + Carbon Black, told CSO Australia. "Traditional methods of protecting end points just are not working."

Manually maintaining application whitelists can be ponderous – "just imagine a Big Four bank trying to maintain a list of every application it uses", Lightowler said – but the Bit9 platform uses what he calls "secret sauce" that streamlines the process based on maps that it dynamically creates by analysing the enterprise environment. Factors such as what software is in use, which publishers produce it, how the software is installed on the systems and more all weigh into the decision as to whether something makes the whitelist.

"Then we block anything else," Lightowler says. "It is extremely effective because all of a sudden you no longer need to chase this unknown malware. It's very, very efficient."

A growing focus on endpoint protection will be driven by organisations' embrace of mobility and the cloud, Lightowler said, with a steady shift of focus back from network security to endpoint security in the next 12 to 18 months. The company recently http://www.cso.com.au/mediareleases/26341/bit9-carbon-black-joins-ibm-security-app-exchange/" target="_blank">released a plugin for the IBM QRadar security platform.

"As an industry, over the last decade we've spent a lot of time and resources and capital moving the controls to the network," he explained, "and pushing traffic through the choke point. But we're now seeing organisations having to bring those controls back to the endpoint. Because of the cloud, applications can be anywhere and everywhere. Perimeter is less and less relevant."

Changing security practices are also shaping the endpoint-security transformation, he added. "With a lot more traffic becoming encrypted, being able to inspect and control that traffic on the network is becoming less and less possible. This is basically forcing organisations to say that they're going to have to move their security controls to the endpoints."

Bit9+Carbon Black is putting its money where it's mouth is, having http://www.cso.com.au/mediareleases/26251/bit9-carbon-black-opens-australian-office/" target="_blank">opened an Australian office within the past few weeks It is counting on strong growth in Australian demand for its 'secret sauce' which, combined with the Carbon Black incident-response platform, Lightowler believes offers a compellingly different approach to endpoint security that will resonate with local customers.

While the tools are currently focused on computer endpoints, companies' growing need to implement blanket endpoint-security tools will soon see the company extend its coverage to mobile and Internet of Things (IoT) environments.

"They're all susceptible to attacks," Lightowler said, "and we're going to help customers lock them down."

Tags Endpoint ProtectionCSO AustraliaBit9+Carbon Black​Encryptionencrypted mobile services

Show Comments