A Message from Rob Cheng

Only Application Allowlisting Can Stop Cyber Attacks

In March 2022, the Biden administration announced that cyber attacks from Russia were imminent. Although this is untrue, it shines a light on how unprepared the federal government and the rest of the country are for a nation state attack.

A nation state attack is exponentially more serious than ransomware. Unlike ransomware, a nation attack does not attempt to extort a fee to restore operations. It simply destroys without regard to consequence.

More importantly, a nation attack accelerates the frequency and sophistication of the attacks. For over a decade, the United States, Russia, China, North Korea and Iran have been stockpiling vulnerabilities in the event of a cyber war. This is the reason why a cyber attack is NOT imminent, because Russia knows that America likely has a larger stockpile with more severe consequences.

When the Americans shut down 3 Iranian nuclear reactors and Russia shut down the Ukrainian electric grid, each of these attacks were accomplished through one vulnerability. The WannaCry virus infected 250K computers in one day through one vulnerability.

Any nation state, and most certainly Russia, has dozens if not hundreds of these vulnerabilities. Rather than one vulnerability, a nation state attack would deploy numerous vulnerabilities simultaneously entering unobstructed into every server and endpoint and any other device that contained critical information in the nation.

The first line of defense is patch management but this is wholly ineffective because patch management works with known vulnerabilities and these vulnerabilities are unknown by design.

The next line of defense is the antivirus which has not functioned against modern threats for almost a decade yet consumers and businesses and even the federal government blindly throw money at this obsolete vestige from a prior era of computing. So the attack continues.

The last line of defense is EDR / XDR, which attempts to detect and respond to the full frontal onslaught nation state attack. Unlike ransomware, a nation attack would overwhelm the SOC (Security Operations Center) and it would quickly fall down.

This exposes the largest flaw in the nation's defense. EDR / XDR / SOC cannot scale to meet a spike in attacks. For a SOC to double in size, would take months, and a nation state can increase its attack level in seconds.

As stated earlier, this is not going to happen due to a respect for America's vulnerability stockpile, however our defense frameworks should consider the possibility of a nation state attack. Unfortunately, none of the popular frameworks including NIST, MITRE and even Jack Voltaic comprehend the possibility of a nation state attack.

The first nation to contemplate in its national defensive cyber strategy the impact of a nation attack will win the cyber war. The first nation to effectively create cyber defenses that negate a flood of vulnerabilities attacks from a nation state will rise to the top of the world order, because it is no longer exposed to a cyber counter strike.

There is a solution and that is application allowlisting, AKA whitelisting or software asset management. As NIST has been recommending for the last 7 years, application allowlisting should reside between the patch management and the antivirus layers. In this way, during a nation state cyber attack, the application allowlisting will strictly allow authorized applications to run. During this scenario, the volume on the network is substantial and network performance may deteriorate but it will not fall down. Some new good programs may not run properly until the attacks abate, but the goal is resilience, to withstand the attack.

This resilience gives patch management time to identify the vulnerability and remediate the vulnerability so the attacks abate. The nation state will likely deploy more of its stock of vulnerabilities which should also prove futile. At this point, the nation is deploying vulnerabilities faster than it can replenish, until the stockpile falls to zero. Then America wins.

Secure the Homeland.

Rob Cheng, CEO and Founder of PC Matic
Rob Cheng
3,000,000 +
More than 3 million satisfied customers have used PC Matic products and are now worry-free
100,000,000 +
PC Matic has scanned and protected over 100 million applications and devices
23 Years +
PC Matic, established in 1999, has over 23 years of experience protecting customers

Our Mission

Affordable Protection for Everyone

Our mission is to create software that protects devices and their information from malware used by the cyber-mafia to infiltrate and monetize worldwide. The goal for our software is zero customer infections and breaches.

We will aggressively market our products to reduce global infection rates and put a dent in the cyber-mafia economy. Retaining affordability and ease of use for any home, business or government regardless of technical capabilities or budget is crucial.

We believe that through worldwide market penetration and zero infection rates, one day the cyber-mafia will be insolvent.

PC Matic Leadership Team

World-Class Leadership

Rob Cheng
Rob Cheng
CEO & Founder
Keith Linden
Keith Linden
Chief Data Officer
Rob Woodworth
Rob Woodworth
Senior Vice President, Federal
Sheila Molden
Sheila Molden
Vice President, Administration

Contact PC Matic

Support Available 7 Days a Week

Technical Support

Our dedicated technical support team is available 7 days a week to effectively assist our home customers.

Business Support

Premier support is available for our business, government, enterprise, and education customers 7 days a week.

Media Relations

Media members should contact our Public Relations team for inquiries related to news stories or official comments.