Reply to post: theory and practice

Considering application whitelist tryst? NIST will help you clear the mist

cyberjack

theory and practice

In theory, theory and practice are the same. In practice, they are not: Albert Einstein.

Application whitelisting may work in strict government networks where no one cares if there is downtime and no one is responsible for saving the pennies. Business though? No chance.

Surely it is more business friendly to conduct 'continuous application risk assessment', where all running executables are assessed for their 'normalness' (i.e. what, only one machine has this running?), risk indicators (small file, new, no signature, encrypted - oh dear), and behaviour (a new file, never seen before, and now trying to scan internal IPs - really?).

Hey let's call it Continuous Application Cyber Threat Intelligence (CACTI), seeing as it's a prickly area.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019