0-Day Security Threats When a vulnerability in a computing system is first discovered, it is considered to be classed as 0-Day. This means that there is no countermeasure available. Typically, the countermeasure would be a security patch, or virus scan update.
During the time that the vulnerability is first detected to the time that the computing system can be modified to protect against the threat, the system is at risk.
Traditional blacklisting (antivirus solutions) is not able to protect a system from 0-Day threats because the executables are simply not marked as malicious.
Whitelisting A typical action of a security threat is to modify the executables on the computer. Application Whitelisting is the process where, prior to having the computer online, the executables are processed to create a signature of their current state. An application is installed to use these signatures and ensure that the operating system does not execute files that have been modified.
When e.g. a hacker or malware adds a file to the computer and executes it, the whitelisting will prevent the execution. In this way, the system is protected against 0-Day threats.
With SE46’s method of application whitelisting the computers to be protected need to have the whitelisting signatures installed before the software on the computer is changed.
SE46 consists of an agent that runs on the hosts to be protected, a distribution point (DP) that enables central control of the agents, and an application studio which produces application certificates from fingerprint files. A fingerprint file is an inventory of the executable software on the host which is created using the SE46 inventory tool.