​Encryption use driving new thinking on whitelisting: Bit9+Carbon Black

Growth in use of encrypted mobile services will drive a reconsideration of the best methods for endpoint protection in the next 12 to 18 months, the local head of a new entrant to Australia's burgeoning security market believes.

Faced with the growing ineffectiveness of conventional endpoint protection techniques – which have historically been based on recognising signatures or common behaviour analysis that struggles to pick up completely novel activity – some are now pushing for an alternative model that uses network-monitoring techniques to build and maintain application whitelists that dictate what resources and applications various endpoint devices are able to access.

Growing interest in this type of solution will drive "a bit of a shakeup in endpoint security," Kane Lightowler, managing director for Asia Pacific and Japan with endpoint-security specialist Bit9 + Carbon Black, told CSO Australia. "Traditional methods of protecting end points just are not working."

Manually maintaining application whitelists can be ponderous – "just imagine a Big Four bank trying to maintain a list of every application it uses", Lightowler said – but the Bit9 platform uses what he calls "secret sauce" that streamlines the process based on maps that it dynamically creates by analysing the enterprise environment. Factors such as what software is in use, which publishers produce it, how the software is installed on the systems and more all weigh into the decision as to whether something makes the whitelist.

"Then we block anything else," Lightowler says. "It is extremely effective because all of a sudden you no longer need to chase this unknown malware. It's very, very efficient."

A growing focus on endpoint protection will be driven by organisations' embrace of mobility and the cloud, Lightowler said, with a steady shift of focus back from network security to endpoint security in the next 12 to 18 months. The company recently http://www.cso.com.au/mediareleases/26341/bit9-carbon-black-joins-ibm-security-app-exchange/" target="_blank">released a plugin for the IBM QRadar security platform.

"As an industry, over the last decade we've spent a lot of time and resources and capital moving the controls to the network," he explained, "and pushing traffic through the choke point. But we're now seeing organisations having to bring those controls back to the endpoint. Because of the cloud, applications can be anywhere and everywhere. Perimeter is less and less relevant."

Changing security practices are also shaping the endpoint-security transformation, he added. "With a lot more traffic becoming encrypted, being able to inspect and control that traffic on the network is becoming less and less possible. This is basically forcing organisations to say that they're going to have to move their security controls to the endpoints."

Bit9+Carbon Black is putting its money where it's mouth is, having http://www.cso.com.au/mediareleases/26251/bit9-carbon-black-opens-australian-office/" target="_blank">opened an Australian office within the past few weeks It is counting on strong growth in Australian demand for its 'secret sauce' which, combined with the Carbon Black incident-response platform, Lightowler believes offers a compellingly different approach to endpoint security that will resonate with local customers.

Read more: ​Microsoft builds custom Windows 10 sanctioned by Chinese government

While the tools are currently focused on computer endpoints, companies' growing need to implement blanket endpoint-security tools will soon see the company extend its coverage to mobile and Internet of Things (IoT) environments.

"They're all susceptible to attacks," Lightowler said, "and we're going to help customers lock them down."

Join the CSO newsletter!

Error: Please check your email address.

Tags ​EncryptionEndpoint Protectionencrypted mobile servicesBit9+Carbon BlackCSO Australia

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place