 |
|
DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY / AUGUST 11, 2003; VOL. 2 NO. 32
|
Systems/Enterprise:
PROGRAM LAUNCHED FOR REPOSITORY OF KNOWN-GOOD FILE DATA
Tripwire Inc., a world leader in integrity assurance, announced the File
Signature Database (FSDB) -- a partner-based initiative designed to bring to
market a heterogeneous collection of known-good file data. Charter members HP,
IBM, InstallShield Software Corporation, RSA Security and Sun Microsystems,
Inc. join the initiative to advance open standards and methods that address
increasing customer demand for more secure, reliable and cost-effective
computing solutions. The initiative is open to all OS, application and
infrastructure vendors and is gaining support from other technology companies
and organizations.
"Partnering to advance standards that enable businesses to achieve their full
potential is key in today's technology environment," said Wyatt Starnes,
Founder, President and CEO of Tripwire. "The ability to establish the
authenticity, identity, and integrity of files is crucial to enable enhanced
security, availability, visibility and accountability of IT systems and
applications. The focus of this initiative is to address the challenges of
managing complex, heterogeneous software environments and provide ways to
better manage these complexities."
The FSDB is a repository of file metadata derived from published software
allowing customers to identify, authenticate and assure the integrity of
files. It will provide the capability to enhance proactive management of
change through granular file dependency structure. By assuring the integrity
of file data customers will reduce systems management vulnerabilities and
increase business efficiency.
"As media grows larger, operating systems and application files become more
robust, it becomes vitally important to insure the integrity and authenticity
of the files. Having a known good database provides that higher level of
integrity checking and provides all of us with a new paradigm by which to
protect our infrastructure," said Howard A. Schmidt, former White House Cyber
Security Advisor and CSO at Microsoft.
The FSDB is currently populated with more than 11 million known-good file
signatures. The database consists of 'born-on' file information, including
file name and digital hash values, which provides a unique file 'signature'
archive crossing multiple operating systems and applications programs. The
charter members will be systematically populating the database with new file
information as new software is manufactured and released. At its core is a
relational database capable of storing large volumes of file information
submitted by the participating software publishers and accessible to any
licensed application with proper credentials.
"We believe that the emergence of the Tripwire-driven FSDB project marks a
transition from tracking 'known bad' files, such as viruses and other
signature-based malicious code," said Chris Christiansen, Vice President of
IDC's Security Products program. "The traditionally reactive approach to new
threats ensures that customers are always one step behind the bad guys. By
knowing what the 'good state' is, improper and corrupted files can be
eliminated by exception before they execute their poisonous instructions."
"As information become available anytime, anywhere, by anybody -- this
foundational building block technology allows the information security
professional to maintain enterprise wide confidentiality, integrity and
availability," said Mark Johnson, Chief Information Security Officer at
Halliburton.
"Today's operating environment is becoming more diverse each day," said John
Freeman, High Availability Production PCS at Bayer. "The approach taken by
Tripwire with its File Signature Database, strongly supported by the other
charter members will be an important enabler for enterprises to maintain
reliable, secure operating environments."
Many delivery models for the FSDB content are being developed, both by
Tripwire and the charter partners. It is anticipated that an open-standard
FSDB Web service will be made available through the Internet in the first half
of 2004. Additionally, a FSDB appliance will be made available to customers
for self-populating and hosting during 2004. Furthermore, the FSDB will also
be made available to many government and law enforcement agencies to aid in
forensics and cybercrime investigations.
About HP
HP delivers vital technology for business and life. The company's solutions
span IT infrastructure, personal computing and access devices, global services
and imaging and printing for consumers, enterprises and small and medium
business. For the last four quarters, HP revenue totalled $70.4 billion. More
information about HP is available at www.hp.com/.
About Sun Microsystems, Inc.
Since its inception in 1982, a singular vision -- "The Network Is The
Computer" -- has propelled Sun Microsystems, Inc. to its position as a leading
provider of industrial-strength hardware, software and services that make the
Net work. Sun can be found in more than 100 countries and on the World Wide
Web at sun.com/.
|