Process Hunting with Microsoft AppLocker: Application Whitelisting is the Killer App

  • Wednesday, 21 Sep 2016 11:00AM EDT (21 Sep 2016 15:00 UTC)
  • Speaker: James Tarala

Organizations have implemented access control technologies, and yet unauthorized processes and malware continue to plague organizations.

For years, incident response teams have promoted the use of application whitelisting as a replacement for traditional endpoint protection products, but we have convinced ourselves that application whitelisting is hard. But fortunately, processes, good or bad, have the same access to sensitive data as user accounts. Because of this, traditional signature based endpoint detection products are not enough to stop attacks.

Organizations should ask themselves, what are they really getting for their investment? In 2014, Symantec self-reported that traditional antivirus was dead and that it was incapable of detecting more than 45% of malicious endpoint attacks. In 2016, researchers at Google's Project Zero reported that not only are there major flaws in some traditional agents, but that antivirus agents themselves may make systems more insecure because of bad code in their agents.

In this presentation, James Tarala of Enclave Security will practically demonstrate Microsoft's AppLocker, free with most Windows licenses, and address barriers to implementing application whitelisting. Attendees will learn practical steps for using the technology to stop malicious processes and advanced attacks. Attendees will also be confronted with the barriers for implementation and understand why this free technology should be considered by small and large businesses alike.


November 14-21 | Houston, TX

Join us at the Healthcare Cybersecurity Summit to hear even more talks like this. As an attendee, you will walk away with cyber hygiene strategies that address the most pressing issues in healthcare today: ransomware, data breaches, security awareness training, and understanding their health eco-system and where ePHI resides.