Access your Pro+ Content below.
Ranum Q&A with Aaron Turner: Whitelisting is on enterprise blacklist
This article is part of the March 2014 Vol. 16 / No. 2 issue of Information Security magazine
Why haven't organizations moved away from a "let everything in" model and embraced application whitelisting and execution control? Marcus Ranum talks with mobile security veteran Aaron Turner about the evolution of software restriction policies, from the early initiatives when he worked as a security strategist at Microsoft to the Apple model that is proving effective today. Aaron Turner An entrepreneur, who has launched several security technology companies, Turner is founder and CEO of IntegriCell, an enterprise mobile risk management consultancy. He was formerly head of RFinity, a mobile security startup spun out of the U.S. Department of Energy's Idaho National Laboratory. Marcus Ranum: I'd like to talk about a topic you and I have been over, off and on, for the last decade or so. Back in 2007, I wrote a piece in which I said I thought application whitelisting was the only effective answer to software security, and I've debated the issue with Bruce Schneier a couple of times. Now we are seeing that malware appears to remain ...
Access this PRO+ Content for Free!
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Features in this issue
This Beyond the Page focuses on how information security pros can apply their skills and knowledge to increasing enterprise security as corporate assets and data are moved to the cloud.
Is the cloud more or less secure than your current environment? How to assess your risk before moving data processing or applications to the cloud.
To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors.
Before implementing containerization or other technologies, CISOs need to craft an enterprise strategy to secure employee-owned devices.
Columns in this issue
The value of information security professionals can outweigh security technology. Does your organization show you the money?
An early proponent of Microsoft SRP, Aaron Turner says application whitelisting has finally taken hold in consumer app stores.
Total compensation is up, and one-third of IT organizations are looking to make new hires, according to our annual information security salary survey.
Mobile security gaps stretch from distributed architecture to data leaks. Address security and privacy concerns before any coding starts.