Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Process Hunting with Microsoft AppLocker: Application Whitelisting is the Killer App

  • Wednesday, September 21, 2016 at 11:00 AM EDT (2016-09-21 15:00:00 UTC)
  • James Tarala

You can now attend the webcast using your mobile device!



Organizations have implemented access control technologies, and yet unauthorized processes and malware continue to plague organizations.

For years, incident response teams have promoted the use of application whitelisting as a replacement for traditional endpoint protection products, but we have convinced ourselves that application whitelisting is hard. But fortunately, processes, good or bad, have the same access to sensitive data as user accounts. Because of this, traditional signature based endpoint detection products are not enough to stop attacks.

Organizations should ask themselves, what are they really getting for their investment? In 2014, Symantec self-reported that traditional antivirus was dead and that it was incapable of detecting more than 45% of malicious endpoint attacks. In 2016, researchers at Google's Project Zero reported that not only are there major flaws in some traditional agents, but that antivirus agents themselves may make systems more insecure because of bad code in their agents.

In this presentation, James Tarala of Enclave Security will practically demonstrate Microsoft's AppLocker, free with most Windows licenses, and address barriers to implementing application whitelisting. Attendees will learn practical steps for using the technology to stop malicious processes and advanced attacks. Attendees will also be confronted with the barriers for implementation and understand why this free technology should be considered by small and large businesses alike.

November 14-21 | Houston, TX

Join us at the Healthcare Cybersecurity Summit to hear even more talks like this. As an attendee, you will walk away with cyber hygiene strategies that address the most pressing issues in healthcare today: ransomware, data breaches, security awareness training, and understanding their health eco-system and where ePHI resides.

Speaker Bio

James Tarala

James Tarala is a principal consultant with Enclave Security based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author and an instructor for SEC566: Implementing and Auditing the Critical Security Controls, SEC440: Critical Security Controls: Planning, Implementing, and Auditing, and a co-author and instructor for MGT415: A Practical Introduction to Cyber Security Risk Management. Read more about James here.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.