Whitepaper Abstract In June 2009, CoreTrace announced new technology enhancements to its award-winning BOUNCER product. After reviewing BOUNCER's improvements and learning about CoreTrace's market traction, Enterprise Management Associates (EMA), a leading industry analyst firm, wrote an Impact Brief entitled "CoreTrace Continues to Knock Down Application Whitelisting Barriers." The Impact Brief clearly outlines EMA's thoughts about the following: The future of blacklisting and application whitelisting Traditional inhibitors to application whitelisting's adoption BOUNCER 5.0's strengths and weaknesses CoreTrace's potential role in the future of endpoint control Continue to Download If you experience problems registering for a document, please notify us at events@coretrace.com or by calling (512) 592-4100. Please include the document title and internet browser/version in your message.

1. CoreTrace Continues to Knock Down
Application Whitelisting Barriers
Abstract
On the 23rd of June 2009, CoreTrace, a leader in application whitelisting announced new technology
enhancements to ease the deployment and implementation of its flagship BOUNCER product. Endpoint
anti-malware software is quite simply not up to the challenge of proactively meeting the current climate of
sophisticated attacks against IT infrastructure. In fact, many security
professionals have already completely lost confidence in the capabilities
delivered by traditional blacklist anti-malware solutions. Whitelist
technology, or rather technology purposed to allow only non-malicious
Endpoint anti-malware
applications to run may be the last hope for these professionals. software is quite simply not
Unfortunately, whitelist technology has been relatively slow in adoption
largely due to difficulties in deployment and maintenance. CoreTrace is
up to the challenge of
attempting to ease these burdens through advances in enhanced proactively meeting the
deployment and administration technology. These advancements
drastically simplify the adoption of whitelist technology and could,
current climate of
rather likely will, shake up the way professionals view their endpoint sophisticated attacks
security strategies. against IT infrastructure.
Context
Malware is running rampant throughout home user, Small-to-Medium Businesses (SMB), and enterprises IT
infrastructures. It is unfortunate that the original combatants of malicious software creators felt that the best
way to battle these attackers was through the detection of malicious activity instead of controlling non-
malicious environments. In other words, the earliest days of endpoint security relied solely on determining
pre-existing issues and mitigating those issues. As a result of this early strategy, nearly the entire IT world has
been more-or-less married to the idea of so-called “blacklist” endpoint security.
Unfortunately, these blacklist endpoint anti-malware technologies are largely ineffective in today’s climate of
sophisticated, constantly evolving attack methodologies. In fact, blacklist endpoint security capabilities are
flawed by design. In a blacklist strategy, there will be at least one (although more likely thousands) infected
machine for every effective blacklist detection. This reactive strategy has engaged security professionals in an
unwinnable rat race where they are constantly trying to catch up to the advancing sophistication of attackers.
Fortunately, an up-and-coming alternative to blacklist anti-malware has continued to proliferate into IT
security standards. Whitelist technology, or rather technology specifically purposed to allow only legitimate,
non-malicious applications to run and deny all others has emerged as a potential successor to the current
standard of blacklist anti-malware. The technology is theoretically far more effective and more scalable to
long-term enterprise strategies. Furthermore, the technology is proactive! This of course removes IT security
from the unwinnable race of constantly determining what attackers have done.
Why has this technology not been adopted more quickly? The answer is quite simply deployment and
maintenance. Unfortunately, whitelist application security technology has historically come with a great deal
of management overhead. Not only have organizations found it difficult to determine which applications can
be considered legitimate, they have also struggled to evolve with changes to their environment. Furthermore,
enforcement and configuration management have also been issues for application whitelisting.
EMA IMPACT BRIEF
-1- ©2009 Enterprise Management Associates

2. CoreTrace Continues to Knock Down
Application Whitelisting Barriers
Event
As a result, CoreTrace, a leader in application whitelisting has announced several new enhancements to its
flagship BOUNCER solution. These innovations include multiple endpoint deployment and automatic
whitelist enforcement capabilities. In addition to these core enhancements, CoreTrace has attempted to
alleviate some of the issues associated with real-world implementation of endpoint security through the
integration of group security policies.
Because of these enhancements, CoreTrace is now capable of silencing
the opponents of whitelist application security through directly CoreTrace is now capable
addressing concerns over management and deployment overhead. To
be prescriptive, CoreTrace alleviates concerns over deployment by of silencing the opponents
introducing new technology for multiple endpoint deployments through of whitelist application
technology integrations with technology such as Active Directory. Once
BOUNCER has been deployed to multiple end-points, it immediately security through directly
begins protecting each individual endpoint through the auto-generation addressing concerns over
and automatic policy enforcement on each of these endpoints. Further
speaking to the advanced technology of CoreTrace is the fact that the
management and
automatic endpoint protection delivered through BOUNCER is not deployment overhead.
intrusive unless specifically configured to be intrusive.
Key Ramifications
• CoreTrace BOUNCER positioned with easier deployment: The rollout of endpoint anti-malware can take
months, even years to properly deploy. The latest release of CoreTrace BOUNCER drastically
simplifies this process by taking advantage of key technologies such as active directory. Furthermore,
BOUNCER seamlessly integrates with an environment by auto-generating whitelists for individual
systems.
• Improved manageability of whitelist anti-malware: CoreTrace BOUNCER introduces improved
manageability in its latest release through granular group security configurations and auto updates for
new trusted applications. The latter includes the ability to handle new applications and upgrades
through low friction digital signatures and trusted ActiveX installations.
• Enhanced memory protection increases the prevention of malware: The latest release of BOUNCER includes
advanced protection capabilities to prevent malicious applications from injecting Dynamic Link
Libraries (DLL’s) and writing to kernel memory. This translates to more effective blocking of
malicious applications and payloads.
EMA Perspective
ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) analysts do not in any way believe that blacklist
anti-malware technology is “dead.” Blacklist anti-malware is very much alive and extremely necessary,
especially in home user markets where whitelist technology is far less applicable (based primarily on
management). However, EMA sees the days of blacklist technology as the de facto endpoint solution within
SMBs, enterprises, and government spaces at an end.
Although these solutions may play a large role as a secondary solution, the technology that functions as the
backbone for blacklist anti-malware is inherently flawed and alone is simply not effective for the issues of
today or tomorrow. Organizations that continue to invest in these technologies as the de facto endpoint
EMA IMPACT BRIEF
-2- ©2009 Enterprise Management Associates

3. CoreTrace Continues to Knock Down
Application Whitelisting Barriers
solution will find that it is far less expensive to integrate effective
whitelist technologies than it is to create the complex, interoperable As organizations continue to
layered security scheme necessary to make blacklist anti-malware
solutions effective.
experience issues relating
CoreTrace is particularly well suited to capitalize on moving products
to ineffective and bloated
into organizations that recognize this reality. CoreTrace continues to endpoint technologies, EMA
directly address the barriers that slow the adoption of endpoint whitelist
anti-malware and continually enhance the effectiveness of its
fully expects CoreTrace to
BOUNCER product. As organizations continue to experience issues move closer to the forefront
relating to ineffective and bloated endpoint technologies, EMA fully
expects CoreTrace to move closer to the forefront of endpoint security
of endpoint security leaders.
leaders. The only real question left is how long will it take the industry to
recognize its issue and adopt CoreTrace solutions?
About EMA
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that specializes in going “beyond
the surface” to provide deep insight across the full spectrum of IT management technologies. EMA analysts leverage a unique
combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor
solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise
IT professionals and IT vendors at www.enterprisemanagement.com or follow EMA on Twitter (http://twitter.com/ema_research).
1916.071609
EMA IMPACT BRIEF
-3- ©2009 Enterprise Management Associates