PC Matic is one of the handpicked cybersecurity solutions that will work with the NIST National Cybersecurity Center of Excellence (NCCoE) to demonstrate its approach to implementing a zero-trust architecture.
“We received an overwhelming response from the vendor community on this important project,” said Natalia Martin, acting director of the NCCoE. “Implementing a zero-trust architecture has become a federal cybersecurity mandate and a business imperative. We are excited to work with industry demonstrating various approaches to implementing a zero-trust architecture using a diverse mix of vendor products and capabilities, and share ‘how to’ guidance and lessons learned from the experience.”
Zero-Trust, NIST NCCoE, & CMMC
Implementing a zero-trust methodology to the digital infrastructure means only allowing trusted and proven secure components into the organization’s network. This may range from employee credentials, accessible websites, to what software is able to be run on the company’s network. The NIST NCCoE is developing a practice guide to help organization’s fulfill the zero-trust mandates outlined for various certifications, like CMMC. The Cybersecurity Maturity Model Certification (CMMC), will be required for various entities, including those contracted with the Department of Defense.
How PC Matic Fits
At its core, PC Matic uses a zero-trust approach to stop malicious cyber threats, such as ransomware. With the utilization of application whitelisting, PC Matic only permits tested and proven secure applications to run within the organization’s network. By using this zero-trust methodology, unknown threats, or yet to be determined malicious software, cannot bypass the whitelist. It cannot do so, because it has yet to be proven secure. Since the process is malicious it would never meet the whitelisting standards to run within the network.
Evolution of Application Whitelisting
Application whitelisting is not new; however, the way it is executed now is far different than traditional approaches. Traditional whitelisting meant IT staff were creating and maintaining their own whitelist. Additionally, there was not a way to override the whitelist for one-off applications that they needed access to immediately. Overall, it was time consuming not only to deploy but to maintain – until now.
PC Matic offers a globally automated whitelist that is deployable on organizations networks in a matter of hours. The global whitelist completely eliminates the need for IT staff to develop and maintain their own company’s whitelist. Additionally, all unknown files are sent to PC Matic’s professional malware research team for analysis. Again, eliminating the workload from the company’s IT staff. However, if there was an unknown file that the organization wanted to run immediately, they can run it locally in a matter of a few clicks. It should be noted, organizations are encouraged to use this feature with caution, and only when they are certain the process is secure.
All of which, provide quite the improvement from the traditional whitelisting approach.
To read the full media release for the NIST NCCoE and the vendors included, you may click here.