Research to be published next month in the Lumension-sponsored State of the Endpoint report will show increasing alarm among IT security professionals related to advanced persistent threats (APTs) – and there is a growing fear that if targeted by APTs there is an inevitability of a subsequent successful breach. “The threat of advanced persistent attacks is growing at a significant rate,” said Pat Clawson, Chairman and CEO of Lumension. “Look at oil operators in the middle east who have suffered devastating cyber attacks.”
One of the most promising defenses against APTs containing zero-day exploits is a ‘default-deny’ or whitelist approach to security. “Gartner projects that 'by 2015, more than 50% of enterprises will have instituted 'default deny' policies' that restrict the applications users can install,” added Clawson.
A whitelist default deny policy will only allow known good applications to run. By definition, a zero-day exploit is unknown, so it and any other malware will simply be stopped. “Lumension felt a strategic acquisition of CoreTrace [a default deny specialist] would further equip both current and prospective customers in the ever-evolving threat landscape and cement Lumension's leadership in next generation technologies,” explained Clawson.
Key to this acquisition is the flagship CoreTrace Bouncer product, which includes adaptive application whitelisting (to prevent the execution of all unauthorized code), memory protection (to stop attackers from exploiting whitelisted applications) and risk-profiling (for all applications via cloud-based reputation services).
The intention currently is to continue to offer Bouncer through the existing CoreTrace channel outlets, and to continue to support existing Bouncer customers. The technology will also be integrated into the Lumension Application Control which is part of the Lumension Endpoint Management Security Suite.