The Blacklist Alternative

As we have seen from previous blogs, blacklists are becoming more and more ineffective against an ever increasing malware and increasingly innovative criminal minds.

A key point of Cisco’s John Stewart’s speech was his Data Analytics Is The Future slide.

Essentially data analytics is a method of examining all logged data to create your normalised pattern and when this pattern changes have your systems locked down due to a suspected breach either via intrusion or malware.

Another name would be heuristic analysis.

In fact there are several companies that already have software that can take the data from your routers, switches, operating systems and applications and produce this analysis graphically (see www.lancope.com and www.tier-3.com).

Unfortunately many of these tools don’t have instant remediation such as is the case with anti-virus checkers (ie they quarantine or delete viruses when they find them).

This heuristic analysis should be combined with white list technology which would define only the applications and programs that are allowed to run and from which IP addresses.

The downside with white-listing is that it does reduce the amount of flexibility your systems have.