McAfee’s Application Control and Change Control software have been added to the Defense Department’s Unified Capabilities Approved Products List (UC APL), making them the first and only whitelisting technologies managed by the centralized administration platform used by the Defense Information Security Agency’s (DISA) Host Based Security System (HBSS) to achieve this certification, according to a company statement.
Whitelisting is a list of entities who are provided a particular privilege, service, mobility, access or recognition on a computer network. Whitelisting is the opposite of blacklisting, which is identifying entities that are denied or unrecognized access to a network.
ePolicy Orchestrator is the centralized administration platform used by DISA’s HBSS, McAfee said. Change Control and Application Control were placed on the UC APL June 1.
Change Control software eliminates change activity in server environments that can lead to security breaches, data loss and outages, McAfee said in a statement. Application Control, the whitelisting solution, provides a way to block unauthorized applications and code on servers, corporate desktops and fixed-function devices. Application Control uses a dynamic trust model and innovative security features that thwart advanced persistent threats without requiring signature updates or labor-intensive list management.
McAfee Vice President of Public Sector Solutions Scott Montgomery told Defense Daily in a phone interview yesterday whitelisting, as opposed to blacklisting, saves customers time and money. Montgomery said, in today’s modern computing environment, entities would waste time and money if they focused on preventing access (blacklisting) instead of allowing access (whitelisting).
“The sheer number and volume of attacks (has become) an arms race that practitioners can’t win,” Montgomery said. “If you try to keep up with the Jones’, these particular Jones, they will out flank you (and) out attack you every time. There is just too much ability to create variant and create separate attacks for the practitioners to keep up with just blacklisting.”
UC APL is a list of security vendors and products that have met stringent criteria DoD sets for its providers, McAfee said. To achieve approval for UC APL, a company must undergo, among other things, an extensive series of tests against criteria known as the Security Technical Implementation Guide (STIG). McAfee said the DISA Joint Interoperability Test Command (JITC) evaluated, tested and certified the company’s whitelisting technology for the new unified DoD certification.
Montgomery said one problem the services have with blacklisting is a lack of available bandwidth. Montgomery said a typical army brigade, depending on the weather and type of gear it has, may only have between two and nine megabytes of bandwidth available as compared to between 54 and 100 megabytes via an average home Wi-Fi connection. Montgomery said whitelisting is a better use of available bandwidth.
“This is the specific reason why whitelisting is a good idea in the tactical community, because it takes a really expensive, bandwidth-draining prospect like blacklisting and turns it on its ear,” Montgomery said.
McAfee is a subsidiary of Intel.