Educause Security Discussion mailing list archives
Re: Bit9 - Trust Based Security - Feedback
From: Rich Graves <rgraves () CARLETON EDU>
Date: Tue, 16 Jul 2013 16:36:56 -0500
AppLocker is fine for limited functionality, steady-state machines. We use it for PCI SAQ C-VT workstations, for example. It's a lot better than nothing, and probably better than antivirus IPS rules, for enforcing rules like "no execution of unsigned binaries from temp directories." The third-party products like Bit9 add manageability, user-friendly customizations, and most importantly, an ever-changing feed of signatures for known-good binaries that Spaf was talking about. I was told some months ago that MS-ISAC was looking to create their own signature feed, but I've not seen it happen. You can't reasonably roll out AppLocker to the general population without it.
Current thread:
- Bit9 - Trust Based Security - Feedback Greg Schmalhofer (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Joel L. Rosenblatt (Jul 16)
- Bit9 and other whitelisting history Gene Spafford (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Hudson, Edward (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Mike Osterman (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Joel L. Rosenblatt (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Rich Graves (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Mike Osterman (Jul 16)
- Re: Bit9 - Trust Based Security - Feedback Joel L. Rosenblatt (Jul 16)