National Security Agency Information Assurance Directorate and Trusted Computing Group win 2011 National Cybersecurity Innovation Awards
Resurrecting the promise of application white listing and network access control
WASHINGTON, Nov. 7, 2011 /PRNewswire-USNewswire/ — The SANS Institute announced today that the National Security Agency Information Assurance Directorate and the Trusted Computing Group have won the 2011 U.S. National Cybersecurity Innovation Award for their innovative use of available technologies to revive the key defenses of application white listing and comply-to-connect network access control.
Two very promising defensive strategies, application white listing and network access control, have unfortunately failed to deliver the benefits they promised. Application white listing involves blocking any program from being executed on a computer unless that program is in a pre-approved list (white list). It is very effective in stopping unauthorized software from being run by malicious outsiders, and is the single most important defense against the targeted intrusions that comprise the bulk of successful information exfiltration attacks. Sadly, white listing has proven to be nearly impossible to implement cost-effectively because of the difficulty in maintaining an up-to-date white list while hundreds of common programs are being continually updated.
Network access control is a system for blocking users seeking to access a network unless the user’s computer can be proven to meet a series of security thresholds helping to ensure it will not carry infections into the network. This too has failed to gain broad acceptance because of the difficulty in testing computers that are constantly changing their configuration.
Earlier this year the National Security Agency, with help from the Trusted Computing Group, launched an innovative pilot program to implement both technologies in ways that avoided the problems faced by pioneers. The pilot program has proven to be effective in hindering the spread of targeted attack infections as well as often causing systems that are infected to announce that fact to administrators who can immediately take action.
As a result, the National Security Agency Information Assurance Directorate and the Trusted Computing Group win the 2011 National Cybersecurity Innovation Award for eliminating security weaknesses that enable targeted cyber-attacks to succeed.
Because of the importance of these techniques, a webcast is being scheduled for late November at which the winners will explain the techniques they used and users around the world will be able to get answers to questions so they can implement the technologies quickly.
About the National Cybersecurity Innovation Awards
The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies who have developed and deployed processes or technologies which are innovative in that they (1) have not been deployed effectively before, (2) can show a significant impact on reducing cyber risk, (3) can be scaled quickly to serve large numbers of people, and (4) should be adopted quickly by many other organizations. Nominators included most senior government officials involved with Cybersecurity as well as those from major Cybersecurity Information Sharing and Analysis Centers (ISACs). Corporations and individuals, including SANS instructors, also nominated innovations. Each nomination was tested by the SANS Institute research department against all four criteria. More than 50 nominations were received; 14 were selected.
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. It has trained more than 130,000 security professionals in 70 countries. Through SANS, these alumni and a range of other individuals from auditors to security architects, from penetration testers to forensics experts, to chief information security officers, are all sharing lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations graciously and generously working together to help the entire information security community.
The SANS Institute is the most trusted and by far the largest source for information security training and security certification in the world. SANS also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center. More information can be found at www.sans.org.
SOURCE SANS Institute