Is Whitelisting the Answer To the Rise In Data Breaches?

MojoKid writes "It doesn't take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against. And you have to wonder if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on. One way to tackle the surging data breach epidemic is with a technology called "whitelisting." It's not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied. A few start-up security companies are beginning to appear in this space. The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed. If you follow system security, regardless of your opinion on the concept of whitelisting, it's pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working."

Re:"whitelisting"

What? A first post that's not "Fuck Beta!!"? I'm going to have to check to see what site I'm really on.....

SLASHCOTT STARTING NOW

FUCK BETA

Slashcott is starting now (10-17. Feb). Come to altslashdot.org or meet us in IRC ##altslashdot on freenode

SLASHCOTT

Man, I wish there were appstores for whitelisted software!

Please post this to new articles if it hasn't been posted yet. (Copy-paste the html from here so links don't get mangled!)

On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.

If you haven't seen Slashdot Beta already, open this in a new tab. After seeing that, click here to return to classic Slashdot.

We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott

Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
  http://slashdot.org/recent - Vote up the Fuck Beta stories

Keep this up for a few days and we may finally get the PHBs attention.

-----=====##### LINKS #####=====-----

Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415

Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441

Alternative Slashdot: http://altslashdot.org (thanks Okian Warrior (537106))

meet us on IRC Freenode ##altslashdot

Re:SLASHCOTT

YOU the /. community are one of most technically-able groups of users on the internet. Therefore, instead of whining about a FREE service that you no longer enjoy, why not group together and build something better?

Two reasons. 1 - Having a userbase is what really drives a site like this. No one wants to go to a technically superior site just to be the only one reading and posting anything. Not even mighty Google could get around this one trying to compete with Facebook, and Google has been aggressive about it (did you sneeze? great, you just signed up for a G+ account!). 2 - We the users made this site what it is and created the success its owners enjoy today, they would sell no ad space on an empty no-traffic site, they would be foolish not to recognize this and listen to our opinions.

Just leave the developers out.

[140Mandak262Jamuna]

Whitelisting is a good idea and will work for most of the users of the system. But if your company developes software remember to exclude the developer machines from this IT policy. Lest the following happens:

IT: You want answers?

Vamsi: I think I'm entitled to it.

IT: *You want answers?*

Vamsi: I want Bit9 logs.

IT: *You can't handle Bit9 logs*

[pauses]

IT : Son, we live in a network that has firewalls, and those firewalls have to be guarded by men with AVS. Who's gonna do it? You? You, Vamsi? We have greater responsibility than you could possibly fathom. You weep for your Simplorer bug. You curse the IT. You have that luxury. You have the luxury of not knowing what we know. And our existence, grotesque and incomprehensible to you, saves apps. You don't want Bit9 logs because deep down in places you don't talk about in parties, you want us on the firewall. We use words like DMZ, malware, payload and signature. We use those words as careers spent on defending something. You use them as punchline. We have neither the time nor the inclination to explain ourselves to the devs who code and email under the infrastructure we secure, and then question the manner in which we secure it. We would rather you just said thank you and went on your way. Otherwise I suggest you pick up a disk and update Barracuda. Either way, we don't give a damn what you think you are entitled to.

Vamsi: Did Bit9 lock up mt.exe?

IT: We did the job.. We...

Vamsi: *Did Bit9 lock up mt.exe?*

IT: You're goddamn right it did.

[If you have not figured it out by now, Vamsi is a developer whose build process (mt.exe) was getting killed Bit9. Vamsi suspected it and reported it many times, but IT would not even let him see the Bit9 logs to confirm this was the case].