SAN JOSE, Ca. – We’ve seen those Apple ads around “cancel or allow” applications that are trying to get onto your computer. This is based on a negative security model that tries to block malware known to be bad but there is a movement from some security vendors like Symantec and Secure Computing towards a “white list” approach, or positive security model.

“In a positive security model, the administrator of security devices configure what they believe is known to be good allowable traffic,” said Paul Henry, vice president of technology evangelism with Secure Computing. “That starts out with supporting [an organization’s] security policy in terms of what are users permitted to do with respect to a given application, then gets into granular things like application commands like what are you going to make available to users.”

However, Henry said that a positive model hasn’t always been popular. He explained that it requires a security administrator to understand a great deal of an organization’s business needs in some breadth and depth as well as specifics of the applications being run. But, vendors have gone to great length in last few years at reducing this complexity of configuring application layer devices by making them much more intuitive.

A negative security model remains popular because it allows all traffic to flow freely and attempts to eliminate bad traffic is based on signatures.

“In the early days of network security, that was much more popular because it was simpler to install and configure. Unfortunately as the number of vulnerabilities in applications has increased, it has become a much more of a performance hog and more difficult to set-up and configure,” said Henry. “[Today] we see well over 6,000 vulnerabilities a year. So attempting to block all of those with signatures becomes a perilous task.”

As well, in a negative model, if a new zero-day threat were to hit the gateway and no signatures for that threat existed, it would be allowed to pass. But, in a positive security model it would not occur since all traffic is blocked and protocol violations are checked on. This helps reduce the threat environment for an organization, Henry said.

“With the huge increase in threats, many companies realize that a positive security model is looking like a better alternative.”

Henry added that Secure Computing has been leading the way in implementing a positive security model for well over a decade. For example, the company’s firewall product has followed a positive security model from day one. He explained that the Secure Computing firewall stops all traffic. The administrator has to configure the application protections to allow protocols to pass through the firewall based on a company’s security policy and determine what commands can be permitted.

“A positive model is essential today and in the future. Symantec sees this now and we support their move,” said Henry. “Other vendors are sure to follow suit.”

This column was written by Vanessa Ho of ConnectIT

a>>