Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases.
Lumension launched its Endpoint Integrity Service, which will use hashes -- mathematical digests of binary files that make it easy to identify the integrity of the file. The service will see Lumension testing installed software on its customers' computers against the hashes to be sure that they match one of the approved files.
Microsoft is the first company to provide information that can be used to positively identify its legitimate binary files, but Lumension will be working with other large software players to the same end. Edward Brice, senior head of worldwide marketing at Lumension, explained that the company hopes to build a larger selection of legitimate hash files covering the lion's share of applications likely to be used in a business context.
"We're not about building the biggest whitelisting database out there. There are other companies out there that do that," he said, adding that for corporate clients, 20% of the software available in the industry provides 80% of the needs. Hashes for Microsoft's own software already provides a large percentage of the necessary coverage, he argued. "Bringing on tier 1 companies like Adobe and SAP, we can cover most of their requirements."
Microsoft will provide a variety of information to Lumension which will help the company to positively identify its files. The companies have also developed an information schema design to codify information about the provenance and integrity of whitelisted binary files. It will include a trust rating system that places a score on the integrity of metadata, cash is for all of the executable files, and certification information. It will also include a highly detailed and structured vendor, version, and installation date, Lumension said.
Databases of whitelisted binaries already exist. The National Institute of Software and Technology has one, for example, but Brice argueed that these tend to be used for forensic purposes, rather than for dynamic management of software assets. Lumension will be pairing the hash database with its own patch management technology to make it easier to dynamically update software with confidence that the updates are genuine and legitimate. It also hopes in the future that the hashes could serve as indexes for much more information about an application or patch, such as its footprint on the system and interaction with other software assets.
In other news, Lumension also acquired Securityworks, which provides compliance and risk management solutions for the IT governance, risk and compliance market.
Comments
wstarnes says:
29 April 2009
Just for clarity and full disclosure - Microsoft announced simultaneously with SignaCert ANDLumension. Basically these were (for all intents and purposes) mirrored announcements. And while both companies made announcements at RSA, only SignaCert presented in Microsoft's booth.
More than anything, this is MSFT supporting the whitelist ecosystem and standards -- and setting an example for other ISV's to follow (to work with the ecosystem as it is good for industry)
We agree. Although pls note the difference here. SignaCert is primarily in the content business, while both Lumension and Bit9 apparently have goals to own end-to-end solutions.
Chose wisely partners.
W. Starnes. Founder, SignaCert.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.