Endpoint security company Lumension teamed up with Microsoft at the RSA show to launch a software whitelisting service. The move, which sees the companies sharing information about legitimate software applications, lends increasing credence to the idea that blacklisting malicious software by signature is becoming less tenable as the number of malware variants increases.
Lumension launched its Endpoint Integrity Service, which will use hashes -- mathematical digests of binary files that make it easy to identify the integrity of the file. The service will see Lumension testing installed software on its customers' computers against the hashes to be sure that they match one of the approved files. Microsoft is the first company to provide information that can be used to positively identify its legitimate binary files, but Lumension will be working with other large software players to the same end. Edward Brice, senior head of worldwide marketing at Lumension, explained that the company hopes to build a larger selection of legitimate hash files covering the lion's share of applications likely to be used in a business context. "We're not about building the biggest whitelisting database out there. There are other companies out there that do that," he said, adding that for corporate clients, 20% of the software available in the industry provides 80% of the needs. Hashes for Microsoft's own software already provides a large percentage of the necessary coverage, he argued. "Bringing on tier 1 companies like Adobe and SAP, we can cover most of their requirements." Microsoft will provide a variety of information to Lumension which will help the company to positively identify its files. The companies have also developed an information schema design to codify information about the provenance and integrity of whitelisted binary files. It will include a trust rating system that places a score on the integrity of metadata, cash is for all of the executable files, and certification information. It will also include a highly detailed and structured vendor, version, and installation date, Lumension said. Databases of whitelisted binaries already exist. The National Institute of Software and Technology has one, for example, but Brice argueed that these tend to be used for forensic purposes, rather than for dynamic management of software assets. Lumension will be pairing the hash database with its own patch management technology to make it easier to dynamically update software with confidence that the updates are genuine and legitimate. It also hopes in the future that the hashes could serve as indexes for much more information about an application or patch, such as its footprint on the system and interaction with other software assets. In other news, Lumension also acquired Securityworks, which provides compliance and risk management solutions for the IT governance, risk and compliance market.