Andy Paul, Director of Service Delivery at PC Matic Federal, shared his thoughts on application whitelisting, zero-trust, and filling the holes in security stacks with Dr. Rich Dill of the Air Force Institute of Technology, and Jeff Stone of CyberScoop during their CyberTalks discussion on zero-trust.
The Scoop on CyberTalks
The trio touched on some major topics in the cybersecurity industry in a matter of 16 minutes. So what are the top takeaways?
Government agencies like the FBI, NIST, and DHS have all recommended the use of application whitelisting for years. That being said, the adoption rates for this form of technology is rather low. Andy believes the reason behind the lack of adoption is management. Application whitelisting as we know it, is a list of all tested and proven safe applications that can run on your network. Andy stated a workaround for management concerns is utilizing an application whitelisting agent that deploys an automated global whitelist. This would eliminate the work of generating a new whitelist, as well as long-term management. Dr. Rich Dill agreed that management is a major road block when it comes to the adoption of this default-deny approach. In addition to management, he believes a key factor for businesses is really understanding what is running on their network, and how it is behaving.
In addition to encouraging the use of application whitelisting, our Nation’s government continues to share cybersecurity best practices. Although, they are just that. Best practices. Best practices that many organizations are painfully aware of, but fail to do. Some of which include timely updates to third-party applications and operating systems, and regular data back ups. Until these are required, businesses will continue to resist. Dr. Rich Dill believes one of the biggest pain points for enterprise level organizations is the downtime it requires to keep applications updated and ensuring it does not negatively impact the operations of the company.
To access all of CyberScoop’s CyberTalks, including the zero-trust discussion Andy, Dr. Rich and Jeff had, click here.