McAfee, one of the largest AV vendors in the security space, recently acquired Solidcore Systems, a company that sells dynamic whitelisting technology, in a $47 million dollar deal that would add whitelisting capabilities to McAfee’s current product portfolio. While this comes as no surprise, this move by McAfee is just the tipping point for the whitelisting application control market. Especially, when a major AV vendor gobbles up a technology that is, what we believe and always understood to be, critical to and the future of endpoint security. More recently, PGP announced PGP® Endpoint Application Control as the latest addition to its PGP® Endpoint family of solutions. Last year, Symantec surprised many when it suggested that whitelisting might be a better way forward than the reactive approach of AV technology.

A Whitelisting approach has gained prominence in recent years with hackers bypassing traditional perimeters to penetrate business critical data and systems.  Why? There is a whole new breed of cybercriminals who are taking advantage of the weaknesses that arise from this dynamic threat environment and the reason why security incidents continue to rise is because the bad guys have evolved their attack methods to outwit our security defenses faster than we have responded to their attacks. While they may not be coming at us with shock and awe, what they are doing is making slight adjustments and tweaks to continually fool the signature based AV, firewalls and IPS technologies that most organizations are clinging to.

Today, it’s no longer about a block and tackle approach; before the prevailing thought was that it would be much easier to manage security at the gateway than individually locking down 1,000 endpoints. Today, security cannot be managed at the gateway because there are too many ways to get around these network-based defenses in this day and age. Organizations must secure the endpoint and manage what executables are running on that endpoint by adopting a whitelisting approach.  More organizations will continue to look at alternative solutions outside of the traditional technologies such as AV and firewalls to manage critical risk.

What’s also driving this broader adoption of whitelisting technology is the convergence of IT security and IT operations.  A siloed approach to security and risk management is no longer valid.  Today, in order to create greater business value, higher efficiency, and reduce costs, the security and operation groups are working together by integrating technology, processes and people to manage critical risks and protect vital information. By operationalizing security, organizations can understand their risk posture across the entire environment in order to effectively mitigate risk in real time.  Plus, with more than 90 percent of the risks attributed to mis-configurations, vulnerabilities and hackers taking advantage of those open vulnerabilities, more vendors in the security market will look at adding a whitelisting technology to augment their endpoint security approach. The combination of this whitelisting approach with endpoint security is going to be critical in addressing the majority of your risks and simplifying your compliance mandates such as PCI, HIPAA, etc.

I agree with the SearchSecurity.com article by Robert Westervelt that this is a good play for McAfee with PCI driving a lot of security spend right now. It’s another sign that whitelisting has reached its tipping point.  As a leader and pioneer in the whitelisting market, we’ve always understood the critical role that whitelisting technology has played in protecting a company’s vital information and managing critical risk.  It’ll be interesting to watch how other AV vendors react following McAfee’s recent acquisition. My guess is that we’ll see more AV vendors looking to augment their current security approach by adding a whitelisting technology.