CoreTrace’s Bouncer 6 Includes Support for Mac, Linux OSes
CoreTrace’s antivirus stance is a bit different than most. Instead of implementing a blacklist of known malware, CoreTrace goes top-down with a whitelist. If the program doesn’t have an a-okay from the mothership, it doesn’t run. It’s that simple. What’s more, its traditionally Windows-only solution, Bouncer, is now coming to Mac and Linux. Security VARs, take note: partner opportunities abound.
Bouncer 6 will be making its debut on the Mac, running on both Leopard (10.5) and Snow Leopard (10.6) along with supporting select Linux distributions including Red Hat, SUSE, Ubuntu and Solaris. The new clients are slated to be ready for implementation come March 2011, with a price of $35 per desktop.
It works like this: A VMware server image is deployed with the CoreTrace Bouncer Control Center, and that VM actively deploys the Bouncer endpoint to the agents. Then, with a little active directory integration, the entire setup is complete.
JT Keating, CoreTrace’s VP of marketing discussed at length Bouncer’s whitelisting options, since Bouncer 6 allow for “trusted changes” to be made through admins and other select users. If the trusted source gets compromised, he said, “We have ways of authenticating, [but] if the change comes from a specific management system, we’re going under the assumption that the people in the patch management system aren’t nefarious. It’s unlikely a high-level IT admin would actively sabotage a system, he noted. Plus, whitelists can be compartmentalized to specific users who have a certain level of control.
For example, Keating said, employees such as CEOs or sales reps who constantly travel can have “AllowQ” status, which allows them to install software on the road. Before installation, however, a dialog box pops up that asks for a “business justification” for the app. When the user reconnects with the company network, Bouncer reviews the app. There is flexibility inside the user-level control, and in the case of authenticated malware, the Bouncer Control Center can alert an IT admininstrator before that malware gets accidentally whitelisted.
And what of the channel? Keating and James “Jim” Reiss, senior VP of sales, both detailed the company is planning a redesigned partner portal by the end of Q1 to go along with training of new partners. “We’re being very methodical, extremely careful in enabling [partners] to success,” Keating said, “We don’t want them to fail.” CoreTrace is looking for partners that have a security orientation and that’s likely a partner currently selling some sort of antivirus solution and understands application whitelisting.
For those not working so much in the virtualized space, Keating noted that non-VMware-enabled, bare-metal versions of the Control Center are available with help from CoreTrace, and the company is slowly expanding this offering as development of the product brings more flexibility.
In the meantime, as security moves away from the client and into the cloud/appliance world, whitelisting might be a good way to ease the CPU load associated with traditional antivirus software and maintain both compliance and a level of control over workplace computers.