Attention IT Managers: Malware Is Not Your Biggest Threat

Employees often consider their corporate desktops and laptops to be their own personal computers, and frequently treat them as such by downloading all kinds of unauthorized applications, such as MP3 players, games, VoIP products and unsupported instant messaging platforms. In the past this behavior was largely brushed off as a fact of IT life with benefits that were worth its inconveniences.

These types of applications allow employees to enjoy access to leading-edge resources and tools, as well as gain enhanced communication, improved productivity, and greater creativity.

However, these same applications often put companies at risk of infection by malware, legal exposure due to insecurity of data, over-consumption of resources by individuals using significant storage or bandwidth, or loss of productivity due to distraction.

Now, pressure has been mounting on enterprise IT organizations from multiple sources, forcing many of them to look for better alternatives.

Assessing the Risk

As more and more computer-savvy employees are making use of easily accessible applications, this is also creating a variety of administration problems as desktop configurations deviate from the standard image. The applications employees download on their own are sometimes described by the term “rogue software.”

The volume and complexity of user-installed software has a direct impact on help desks and end-user support due to their unintended consequences such as software incompatibility, system corruptions, and the consumption of resources such as storage and bandwidth. Furthermore, malicious software has become more sophisticated in the way it slips onto the desktop, presenting IT staffs with an added incentive to fortify their desktop environments from these serious new threats to data integrity and operations.

As operational and security risks related to unauthorized software increase, IT also faces the demands of regulatory compliance. Auditing requirements can further complicate an already burdened management function.

Historically, IT has addressed each of the risks individually. Information Security, Risk Management and Compliance, and Desktop Support groups each identify products to alleviate individual points of pain. However, these products are often piled on the desktop and the IT staff’s job of maintaining infrastructure stability throughout the company becomes overwhelming.

To combat this Catch-22, a new desktop management approach called “automatic graylists” is enabling IT professionals to re-establish the integrity and reliability of their computing environment by enforcing software policies at the desktop. Software solutions providers utilize graylists to provide IT with the ability to control exactly which software can and cannot run on the desktop, proactively ensuring a desktop’s conformance to a desired state. As a result, support, compliance and security problems that derive from unauthorized software — typically addressed through reactive means — can be limited or eliminated altogether.

The Graylist Concept

Automatic graylists can be an ideal approach to managing today’s dynamic desktop environments. Graylists take a holistic view of desktops, acknowledging that a great deal of software that enters the enterprise does so without the approval of the company’s IT staff. As a result, many applications remain unmonitored, unsupported, and potentially damaging — the primary problems caused by rogue software.

Conventional technologies for preventing unauthorized or insecure software from running are based on making black or white decisions. These methodologies are fundamentally flawed because they can only address software that is known, forcing the technology to guess at anything it doesn’t explicitly recognize.

It is therefore no surprise that these systems have such a high rate of false alarms due to incorrect guessing — there is simply not enough information available on which to base a sound decision. Graylists forego this Achilles’ Heel and function in a completely different fashion.

First, graylists do not operate in isolation; rather, they aggregate information from every desktop within the enterprise to determine if a piece of software has been previously identified and associated with a particular policy. Furthermore, they draw on standard processes for software approval and deployment to further define these policies. This substantially filters the amount of unknown software that needs to be validated.

Finally, anything that is not associated with a pre-existing policy through one of these mechanisms is handled separately. This allows IT to monitor and optionally prevent anything unrecognized from running. Administrators can focus on a specific unknown application that appears on a certain group of desktops.

Additional graylist functions within the enterprise include:

  • AV/AS — Graylists can be utilized to defend against zero-day attacks; unknown threats can be identified, evaluated individually or rejected altogether.
  • Behavioral Host Intrusion Prevention Systems (HIPS) — Graylists identify unknown software as soon as it writes to a desktop’s hard drive without the administrative complexity and high rate of false-positives.
  • Black/White Lists — These are based on the assumption of a controlled environment, free from rogue software, and leave IT with no recourse if the security product evaluates unknown software and guesses wrong.
  • Network Access Control — Graylists enforce policies on the desktop whether it is connected to an enterprise network or not.
  • Auditing — Graylists give IT staffs comprehensive coverage across all software for real-time, operational policy compliance.
  • Patch Management — IT can proactively monitor new software being installed and enforce patch and version policies for non-business applications.

The dynamics on the desktop have changed significantly. A growing number of enterprise IT groups are concluding that they can no longer turn a blind eye to users ignoring software policies meant to protect the business and its productivity.

At the same time, IT organizations recognize the need for creativity and innovation to drive business, and with so many employees spending most of their day in front of a PC, overly strict policies may not be effective.

Automatic graylists are a lightweight approach to establish control over user-installed software without compromising the needs of users.

Graylists are proving to be the most effective way to meet these conflicting demands, empowering desktop administrators to establish comprehensive management practices over their desktops without sacrificing the freedom their users have grown accustomed to.

Todd Brennan is co-founder and Chief Technology Officer of Bit9.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels