Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Bit9 - Trust Based Security - Feedback
From: Rich Graves <rgraves () CARLETON EDU>
Date: Tue, 16 Jul 2013 16:36:56 -0500

AppLocker is fine for limited functionality, steady-state machines. We use it for PCI SAQ C-VT workstations, for 
example. It's a lot better than nothing, and probably better than antivirus IPS rules, for enforcing rules like "no 
execution of unsigned binaries from temp directories."

The third-party products like Bit9 add manageability, user-friendly customizations, and most importantly, an 
ever-changing feed of signatures for known-good binaries that Spaf was talking about. I was told some months ago that 
MS-ISAC was looking to create their own signature feed, but I've not seen it happen. You can't reasonably roll out 
AppLocker to the general population without it.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]