Texas Bank Dumps Antivirus for Whitelisting

Via DarkReading -

Brent Rickels, senior vice president at First National Bank of Bosque County, had grown tired of dealing with antivirus software. He was tired of regularly updating virus signatures, tired of hackers constantly tweaking malware, and tired of worrying about what users had downloaded onto their PCs. So Rickels dumped the bank’s AV software for a whitelisting product and in the process, become one of its first commercial customers.

First National Bank of Bosque County, which serves the Waco, Texas, area and manages approximately $100 million in assets, had seen the volume of spam and spyware it had to beat back increase tenfold in four years. So when it was time for the bank to renew its Symantec AV license at the end of 2006, the timing was right to make a change.

“It seemed like the antivirus updates came out only after new malware had already been released,” Rickels says. Running a routine system scan with hundreds of thousands of signatures was taking half an hour or more. So the bank’s tiny IT department of only a handful of employees was spending more time maintaining its security software and less time on business applications.

[...]

Moving to Sanctuary requires scanning all of the EXC and DLL files for approved programs into a central database -- something that a small- or medium-sized business can do, but may prove cumbersome for a larger enterprise. Mirror images are then stored on individual systems, and the two communicate before providing users with access to different programs.

FNB started off running the software in non-blocking mode, basically letting users continue to use their PCs as normal. The security system includes a reporting function, so the IT department can examine what programs each user accessed. After walking users through an instance or two of what blocked applications would look like, the bank turned on the blocking mode.

But whitelisting has its tradeoffs. Currently, the bank has to install new versions of applications as well as items like Microsoft patches on both its central system and all of the user machines on an ongoing basis. Automating such tasks is something the bank would like to see in a future release. Overall, however, it sees its gamble of trading AV for whitelisting a good decision.

Because whitelisting is a relatively nascent technology, other companies may not be as willing to go there. “Whenever I talk to individuals about our experiences, they are skeptical that a whitelisting approach can work because the idea is so new,” Rickels says. But if they become frustrated enough with AV, they may be willing to try an alternative such as whitelisting.