One piece of security infrastructure that is sometimes overlooked is application whitelisting, which adds a valuable security layer to prevent increasingly sophisticated cyber attacks.

Heman Mehta, director of product management, Faronics Corp.

Heman Mehta, director of product management, Faronics Corp.

According to KPMG International1, 90% of retail cyber security experts acknowledged that their companies fell victim to attacks between 2014 and 2016. With every online retail organization, whether they are pure online or a mix of brick-and-mortar and online, the risk of a data breach is alive and growing. When it comes to internet retailers, this risk continues to grow as customers are providing retailers with more and more personal information. Many brick-and-mortar retailers are new to selling online and are not completely aware of how to protect their customer’s information.

Most internet retailers with a sophisticated information security infrastructure have arranged a layered defense—a combination of prevention technologies, such as firewalls, antivirus, secure gateways, and detection technologies, such as intrusion detection and deception. One piece of this security infrastructure that is sometimes overlooked is application whitelisting. Application whitelisting adds a valuable security layer to prevent increasingly sophisticated and frequent cyber attacks.

Application whitelisting solutions prevent the execution of files based on hash value, digital signatures and publishers. The most advanced solutions accelerate recovery of the network after a breach with an instant restore function that eradicates all malicious changes with a simple restart.

Active alerting should enable IT teams to define behaviors and thresholds that proactively notify the team if malicious or unwanted activity is taking place.

As internet retailer IT and security teams research application whitelisting solutions, they should demand three critical performance capabilities, including:

advertisement
  • Proactive Security Barrier: The solution should only allow approved programs to go through and stops threats like targeted attacks, zero-day threats and mutated viruses. Anti-ransomware measures should include the ability to stop processes from trying to rename file extensions that are known to be set by ransomware exploits.
  • Active Antivirus Protection: The solution should provide advanced antivirus to stop all known malware, like viruses, worms, and Trojans if they somehow breach the prevention barrier. The antivirus should also include advanced firewall protection.
  • Restorative Remediation Measures: The solution should provide a powerful reset mechanism. Just rebooting systems should destroy any malware and restore systems to normal instantly.

Additional key features of application whitelisting solutions that retailer IT teams should look for:

  • Algorithm-assisted Deployment: Machine learning-assisted whitelist for “dirty environments,” existing environments with applications already installed on computers. A multi-phase deployment approach gives IT and security teams the ability to deploy the solution in an “audit” mode and build a custom control list. This enables teams to effectively deploy into active environments without requiring IT teams to re-image computers. Teams can build a control list configuration from a “template” computer, allowing them to build a single system containing all the files to allow, and then apply that list to systems and prevent any other files from running. Algorithms can suggest when teams should switch deployments modes from low to high without affecting day-to-day operations.
  • Advanced Granular Control: In addition to .exe, .scr, .jar, .bat, and .com extensions, IT teams should be able to monitor files like DLL, JAR, VB Scripts and PowerShell executables.
  • Anti-Ransomware: Ransomware protection settings, which provide the ability to easily implement restrictions on an endpoint, help protect against threat vectors that fall outside of malicious applications, such as forcing pop-up blockers, disabling Windows Scripting Host, disabling VB Scripts, etc.
  • Real-time Alerts: Active alerting should enable IT teams to define behaviors and thresholds that proactively notify the team if malicious or unwanted activity is taking place within the environment. The ability to have alerts sent via push notification to the mobile app as well as through email and central console can be a plus.
  • Cloud Administration and Dashboarding: This feature offers granular control of policies applied. IT teams can retrieve and manipulate a local control list from the cloud. A dashboard containing widgets that provides visual information at a glance shows trends and can help teams to make micro-modifications easily.

In today’s environment, the threat of breaches is all around, every day. Whether the issue is lack of employee awareness or overconfidence, solutions need to be put in place to ensure protection of customer information. It pays for any retail organization that relies on information assets to operate to be extra vigilant. A layered defense that includes application whitelisting capabilities can be an important addition to traditional prevention and detection capabilities for Internet retailers.

Faronics Corp. is a global provider of computer management and security software.

 

advertisement
Favorite