Software:SecuLution Application Whitelisting
SecuLution Application Whitelisting is an antivirus program developed by German software company SecuLution, based in Werl. The program is based on the whitelisting method.
SecuLution Application Whitelisting 2.0 under Windows 10 | |
Developer(s) | SecuLution GmbH |
---|---|
Initial release | 2001 |
Stable release | SecuLution Application Whitelisting 2.0
|
Operating system | Windows |
Available in | english, german |
Type | Antivirus software |
License | EULA |
Website | www.seculution.com |
Functions
SecuLution Application Whitelisting is designed to fend off unwanted software by using an automation process consisting of the components agent, server, administration console (AdminWizard) and a database located in the cloud and maintained by the vendor.[1] The application whitelisting process is based on a database of the software to be launched.
On each computer equipped with SecuLution Application Whitelisting, the agent generates hashes to identify each program to be executed. If the hash is not on the whitelist of the local SecuLution server and also not trusted in the vendor's database, the execution of the software is denied.
The SecuLution server, a virtual machine in the user's local network, contains the whitelist maintained by the user. If a hash is unknown here, the server checks its so-called TrustLevel on the manufacturer's TrustLevel database in the cloud and automatically learns the hash in the event of a positive response. The TrustLevel rates how trustworthy the software is. The corresponding database (the data center is located in Frankfurt, Germany) is maintained by employees of SecuLution GmbH.
Differentiation from virus scanners
Application whitelisting is the term used in information technology to describe the restriction of the usability of elements (e.g. programs, code in general or devices connected to a computer) to those that are trusted in the opinion of the list's authors. Only elements included on the whitelist are usable. The use of any other elements not included on the list is generally not allowed.[2]
The inverse of application whitelisting is application blacklisting, which is used by virus scanners. A blacklist contains the forbidden elements instead of the allowed ones; all unknown elements that are not blacklisted can be used.
National Security Departments are generally advising private users, authorities and companies to secure their endpoints and networks using application whitelisting/application control methods. For example, the Australian Cyber Security Centre places implementing application control on top of its list of "Strategies to mitigate cyber security incidents", rating its relative security effectiveness as "essential".[3][4]
Distribution and test reports
SecuLution Application Whitelisting is sold exclusively to business customers (B2B) and is increasingly consumed by users of critical infrastructures. These include, for example, hospitals and hospital associations, public administration or industrial companies.
In March 2017, an independently conducted test of the software was published in the journal "IT-Administrator". It concludes that the software excludes smaller companies: "We think it's a shame that the offer is clearly aimed at medium to large companies. This is because the license is only available from 50 PC workstations. In SecuLution's opinion, smaller networks can be handled without special tools. We see it somewhat differently and think that SecuLution would be a great asset for small companies as well."[5]
In December 2018, IT journalists Ralph Dombach and Peter Schmitz published an article on security-insider.de titled "Whitelisting as a new anti-malware strategy?", in which they discuss SecuLution Application Whitelisting, among other things: "Unlike some other whitelisting tools, SecuLution uses its own security concept. An undermining of this system, as for example with EternalBlue, is thus, from today's point of view, not possible, even if the attacker tools act with system authorization."[6]
In its June 2019 special issue "Praxisleitfaden IT-Sicherheit im Krankenhaus" (Practical Guide to IT Security in Hospitals), "Krankenhaus-IT Journal" published five field reports from hospitals that use SecuLution Application Whitelisting. These reports are generally favorable.[7]
History
SecuLution Application Whitelisting was invented in 2000 by Torsten Valentin, who later became the founder and CEO of SecuLution GmbH. In 2000, he filed the patent application for the product, whereupon he received the national patent in Germany in 2001 and the international patent in 2003. In 2001 SecuLution GmbH was founded for the purpose of technical implementation of the product. In 2003, the first version was released under the name SecuSurf. The product was renamed SecuLution Application Whitelisting in 2013. From 2015, development of version 2.0 was started in parallel with the maintenance of the 1.0 version. Version 2.0 was first deployed to customers in 2018.
System requirements
SecuLution Application Whitelisting is available for all Windows operating systems from version XP SP3 and all server versions from Windows 2003. The required resources for the virtual appliance are: 4 CPUs (vendor’s recommendation: 8), 4 GB RAM (vendor’s recommendation: 8) and 12 GB hard disk space.
External links
- www.seculution.com - official website
Individual references
- ↑ "How does seculution work? | seculution.com". https://seculution.com/technology.html.
- ↑ "Software Whitelisting - der bessere Virenschutz - IT- und Medienzentrum - Universität Rostock" (in de). https://www.itmz.uni-rostock.de/anwendungen/software/windows/sicherheit/software-whitelisting-der-bessere-virenschutz/.
- ↑ "Strategies to mitigate cyber security incidents". https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents.
- ↑ "Implementing Application Whitelisting". https://www.cyber.gov.au/sites/default/files/2019-04/PROTECT%20-%20Implementing%20Application%20Whitelisting.pdf.
- ↑ "Im Test: SecuLution | it-administrator.de" (in de). https://www.it-administrator.de/themen/sicherheit/fachartikel/229229.html.
- ↑ "Whitelisting als neue Anti-Malware Strategie?" (in de). https://www.security-insider.de/whitelisting-als-neue-anti-malware-strategie-a-783265/.
- ↑ "Application Whitelisting als wirksame Endpoint Protection" (in de). https://seculution.de/Krankenhaus_IT_seculution_06-2019.pdf.
This article needs additional or more specific categories. (June 2021) |