Last week I met with vendor Bit9, who after starting out in the whitelisting sector have repositioned themselves as a protector against advanced persistent threats (APTs).
Talking to president and CEO Patrick Morley, he said that the move from application whitelisting, where only allowed applications and software are permitted to execute, came from the Aurora attack on Google in early 2010.
“Aurora changed our perspective and our view on the posture so now we offer application whitelisting as part of the solution but it is now about APT protection,” he said.
“We watch everything and IT make decisions on what to allow, they set up a policy and decide on whether things are allowed in or not. Our customers are very ‘IP heavy' and the people who buy our technology are anyone who is targeted.
“People buy security information and event management (SIEM) and deep packet inspection technologies, and then us, so that they have protection on the network and on the host side, laptop and on the server in the data centre.”
He said that the combination of whitelisting and APT protection can help prevent emails with malicious attachments, such as the one that hit RSA last year, so that the attachment is not permitted to run and is not trusted.
He said: “You cannot try and figure out where the bad stuff is, so you allow what is trusted to run. In trusted computing, the only way to protect is to flip it and say if it is trusted or not.”
Morley said that the trusted model was the way forward as, while technology is needed, it is "hard to protect people from themselves". He compared the business to being like the filtering around the Apple App store as it vets files to give the IT team a test rating on what is running. “You add a policy to determine what comes in, rather than tell you what is running,” he said.
The company formed eight years ago, with Morley, who was previously president and CEO of Imprivata, joining in 2008. Research by Bit9, released today, found that 54 per cent of UK businesses expect a cyber attack in the next six months, with it expected to be perpetrated by hacktivists (59 per cent) or disgruntled employees (31 per cent).
The survey of 1,020 IT managers found that corporate competitors were seen by 35 per cent as a greater threat than cyber criminals (23 per cent). Morley said: “It is quite different from in the US, where they see the nation state hacker first and in-house IT as last.
“We are seeing the biggest transfer of intellectual property that the world has ever seen. It's not just traditional cyber criminals who are looking to steal financial information, but there is a steady rise in the number of organised groups such as hacktivists and nation states who are intent on breaching company security to gain access to customer information or intellectual property.”
On what was seen as being at risk, 60 per cent said personal customer information, 50 per cent customer financial information, while only 29 per cent said intellectual property.
With every threat or trend, a vendor finds its niche that customers are looking for. The concept of trust in security is critical – whether it is to do with access, whitelisting or computing, if you can put a seal of approval on what is entering your enterprise, you are adding security. What Bit9 offers makes sense as it can add this seal, and in times when you want to prevent more than malicious payloads, this could make sense to many users.