Never Again Malware – Guaranteed
Interview with Torsten Valentin, Managing Director of seculution GmbH
In times when virus scanners regularly fail and ransomware attacks cripple entire authorities, new ways of thinking in IT security are needed. seculution GmbH from Werl takes this path with their radically different approach: Instead of detecting malware, it only allows what was explicitly allowed beforehand. Managing Director Torsten Valentin is considered a pioneer of so-called Application Whitelisting – and he provides insights into his solution in the interview, which is so secure that he backs it with a guarantee.
Wirtschaftsforum: Mr. Valentin, your software works fundamentally differently from classic antivirus programs. How did this come about?
Torsten Valentin: I entered the IT industry in 1993 and in 1998 developed a proof of concept code that could bypass any firewall. Although this was fascinating, it was also alarming. I realized that traditional protection systems always lag behind. So I completely reversed the principle: no longer allowing everything and trying to filter out harmful things, but only allowing what is truly trustworthy from the start.
Wirtschaftsforum: Is this what’s known as Application Whitelisting?
Torsten Valentin: Exactly. Instead of operating with a blacklist like traditional antivirus programs, which recognize known threats, our solution is based on a whitelist – a so-called positive list. Only software that has been identified as safe is allowed to run. Everything else is blocked. So it's no longer about reaction, but prevention. That's fundamentally safer – practically 'bulletproof'.
Wirtschaftsforum: How exactly does your solution work in practice?
Torsten Valentin: The approach is actually trivial. Simply no longer allow everything and only occasionally prohibit what is presumed to be evil, but instead prohibit everything and only allow what is known to be good. The challenge is that a company can operate this way without having to do all the work of identifying the good. We have solved this with a cloud whitelist, which we maintain centrally.
Wirtschaftsforum: So, the decision about good and evil is outsourced to you?
Torsten Valentin: Exactly. Each executable file is identified by a unique cryptographic hash value. We automatically maintain the hashes of releases from major trusted providers in our cloud whitelist. Thus, we take on nearly 100% of the whitelist maintenance work on our side. The customer doesn't have to deal with approvals or security issues and only needs to add their possibly self-programmed specialized industry software to their whitelist.
Wirtschaftsforum: How many manufacturers are you currently actively monitoring?
Torsten Valentin: It's now several thousand software providers that we constantly keep an eye on. Thanks to our years-long data base and infrastructure, we can today answer more than 99% of all queries fully automatically. This reduces the effort on the customer's part to a minimum and makes the system extremely efficient – even in very heterogeneous IT environments.
Wirtschaftsforum: And what if something new comes up?
Torsten Valentin: In our approach, we deliberately shift the responsibility for security-relevant software decisions away from the end-users – since it was never their job to judge whether an application is trustworthy or not. Instead, we give this control to the local administrators in the company. Importantly, the decision-making authority always remains with the customer. Administrators always have the opportunity to decide themselves which software can be run, beyond what is known as trustworthy from our cloud whitelist.
Wirtschaftsforum: What are your plans for the future?
Torsten Valentin: We are working to better support our solution for multi-tenancy, so that service providers can serve multiple end customers without a local administrator. Additionally, we want to expand our presence in Europe and continuously develop our technology.