Application whitelisting vendor Bit9 has opened its first office in the UK as it aims to expand its presence outside the US.
Patrick Morley, President and CEO of Bit9, told CBR: "We made a decision to invest in the UK. The belief in spending money to protect your systems is stronger here. I think that it’s due to the fact that for so long, prior to the EU, countries were very smart about who they let in, because of the relationship with neighbouring countries."
The company recently announced that retailer Marks and Spencer is using its Parity product, and the company includes Associated British Foods, owner of Twinings, among its UK clients.
Bit9 recently opened its first UK office, and already has an office in the Netherlands and an engineering team of nine in Croatia. The company recently hired its first employee in the UK.
John Thompson, CEO of Symantec, gave application whitelisting a boost at his keynote speech at the RSA conference in April 2008. He said: "If the growth of malicious software continues to outpace the growth of legitimate software, techniques like whitelisting will become much more critical."
Bit9 was founded in Cambridge, Massachusetts, in 2002. The founders, aided by a government grant, wanted to create a system that enabled computers to fight a virus in much the same way a human would.
"There was no concept of application whitelisting as a term then. Their idea was to create a computer immune system, where the computer would be exposed to a virus, learn about it and then be protected. That has morphed into application whitelisting over the last few years," Morley said.
Traditional defence against malware involves blacklisting, which Morley argues is an illogical way to defend a PC. "Every PC in the world has a blacklist, provided by their AV vendor," said Morley. "That blacklist contains of list of all the bad things that should not end up on your PC. If you were creating a security system for a building, you would not have a list with all the bad guys in the world and not allow them access. That is like trying to find a needle in a haystack."
Morley says that when AV started, the small quantity of malware and viruses meant they could be tracked. These days there is more malware being created than ever and Morley believes this should result in a rethink about how to tackle the problem. "All the information points to the fact that the problem is getting way too big. Now people are saying; ‘Rather than tracking an infinite list of bad stuff, why not track a finite list of good stuff?’"
Bit9 created the Global Software Registry (GSR), which is a database of software programmes. It has indexed 6.5 billion files, representing over 10 million software programmes. The system works by creating a set of hashes, or unique identifiers, for each file in a programme. When a file is executed, the system inspects the file. It if recognises it, the file will be allowed to run.
The system enables an IT administrator to have different levels of control. Monitor mode enables the administrator to watch everything that is being run on a certain PC, but not block anything on the GSR. Block and Ask mode enables the administrator to check with the end user when something that is not authorised is downloaded. Lockdown mode will block anything that is not on the accepted list.
Morley says the technology can work alongside a traditional antivirus programme. He said: "We’ve integrated with McAfee’s console, so a company can use their AV products along with our whitelist. I think whitelisting will become part of the portfolio of security products you use. Morley believes that future antivirus technology will include a whitelist as the first layer of defence and a blacklist as the second."
Competitors in the whitelisting space include CoreTrace, a privately held company in Austin, Texas, and Lumension, formed via the merger of SecureWave and PatchLink.