There has been a ton of interest in application whitelisting lately, especially with security-savvy organizations reacting to the Cisco Security Agent end of life scheduled for the end of 2010. Those folks know that they cannot rely totally on AV, but they also know they need a proactive approach that can be managed across the enterprise without breaking the bank.
CoreTrace is a leading application whitelisting vendor that does some pretty cool stuff at low levels. The webcast on Tuesday, June 28th is well worth an hour. Check out all of the details here:
Tuesday, June 1, 2010
Armorize is a web application security company that is being introduced to North America after gaining market traction in Asia/Pacific. The new management team is blessed with venture capital, noteworthy reference accounts, and an experienced engineering organization in Taipei. The focus on detecting actual malware residing on web sites addresses a critical security problem, where attacks such as drive-by downloads from trustworthy web sites infect customer endpoints. While vulnerability scanning is an important best practice, the Ogren Group believes malware scanning, if executed properly, addresses a sharper pain that gives enterprises a compelling reason to buy.
The main attraction for Armorize is a cloud-based service approach that finds the presence of malware on enterprise web sites. The HackAlert service is for security teams that need to react with a heightened sense of urgency to clean an infected web site to protect customers. Ferreting out vulnerabilities is good application hygiene to patch holes before exploits find them, but actually detecting infections solves more immediate customer needs. The cloud-based service approach makes perfect sense for organizations requiring continuous vigilance for malware.
Armorize also offers a code scanning product, CodeSecure, which examines web application software for security faults. This complements the malware scanning by offering Armorize customers a long-term end-to-end solution to hardening web applications. Organizations with custom developed applications will use this product early in the engineering cycle to ensure that web applications will be more resilient to attacks – and less likely to incur expensive emergency security fixes.
A significant challenge for Armorize will be to develop a pricing model that encourages customers to frequently scan for malware, while also being compensated for resources consumed by the Armorize data centers and a business model that aligns the HackAlert service with the CodeSecure offering. The Ogren Group believes the management team understands the web security space well enough to solve these problems, and will find a way to bundle code scanning with malware scanning for a comprehensive web security subscription service. Armorize has an interesting idea focusing on malware instead of vulnerabilities and with execution is well positioned to have a positive impact on improving enterprise’s web application security.