Wave Systems Corp. (fka WAVXQ)

[Foam]

National Security Agency Information Assurance Directorate and Trusted Computing Group win 2011 National Cybersecurity Innovation Awards

http://www.prnewswire.com/news-releases/national-security-agency-information-assurance-directorate-and-trusted-computing-group-win-2011-national-cybersecurity-innovation-awards-133401078.html

Resurrecting the promise of application white listing and network access control
WASHINGTON, Nov. 7, 2011 /PRNewswire-USNewswire/ -- The SANS Institute announced today that the National Security Agency Information Assurance Directorate and the Trusted Computing Group have won the 2011 U.S. National Cybersecurity Innovation Award for their innovative use of available technologies to revive the key defenses of application white listing and comply-to-connect network access control.
(Photo: http://photos.prnewswire.com/prnh/20111107/DC02013-a)
(Photo: http://photos.prnewswire.com/prnh/20111107/DC02013-b)
Two very promising defensive strategies, application white listing and network access control, have unfortunately failed to deliver the benefits they promised. Application white listing involves blocking any program from being executed on a computer unless that program is in a pre-approved list (white list). It is very effective in stopping unauthorized software from being run by malicious outsiders, and is the single most important defense against the targeted intrusions that comprise the bulk of successful information exfiltration attacks. Sadly, white listing has proven to be nearly impossible to implement cost-effectively because of the difficulty in maintaining an up-to-date white list while hundreds of common programs are being continually updated.
Network access control is a system for blocking users seeking to access a network unless the user's computer can be proven to meet a series of security thresholds helping to ensure it will not carry infections into the network. This too has failed to gain broad acceptance because of the difficulty in testing computers that are constantly changing their configuration.
Earlier this year the National Security Agency, with help from the Trusted Computing Group, launched an innovative pilot program to implement both technologies in ways that avoided the problems faced by pioneers. The pilot program has proven to be effective in hindering the spread of targeted attack infections as well as often causing systems that are infected to announce that fact to administrators who can immediately take action.
As a result, the National Security Agency Information Assurance Directorate and the Trusted Computing Group win the 2011 National Cybersecurity Innovation Award for eliminating security weaknesses that enable targeted cyber-attacks to succeed.
Because of the importance of these techniques, a webcast is being scheduled for late November at which the winners will explain the techniques they used and users around the world will be able to get answers to questions so they can implement the technologies quickly.