As previously announced, several technology companies Tuesday unveiled a plan to create a
relational database of secure file signatures and a schema to guide those
files to preserve the integrity of complex data.
Led by security software maker Tripwire, the File Signature Database (FSDB)
has been developed with contributions from HP
, IBM
, InstallShield Software, RSA
Security and Sun Microsystems
to manage the mounting flood of complex,
rapidly-changing software environments.
FSDB is a bank of file metadata
software that enables customers to identify, authenticate and assure the
integrity of files. If it reaches fruition, it will make change management
proactive, as opposed to
reactive, through a granular file dependency structure. Preserving the integrity of the data — or making sure the code
does not go sour during a change — will help enterprise customers reduce
systems management vulnerabilities.
The vendors wish to hash out open standards and methods to cope with
customer outcry for more secure computing, which because of the deluge of
assaults on software systems and applications by unsolicited intruders, has
become a major cause of concern for IT enterprises.
However, Tripwire Founder, President and CEO Wyatt Starnes said on a
conference call with representatives from the partner companies that FSDB is
far from just a new, souped up intrusion detection proposal.
“This not just another form of virus checking,” Starnes said. “This is a
radical way of looking at this issue. We did a study of maliciously-intended
data change and we found that it was only responsible for 3 to 5 percent of
network downtime. While large organizations spend billions on hacking, we
are still seeing that most downtime is a result of weak IT process and
procedures.”
Starnes said employees and software are the ones largely responsible for
unintended accidental data change. But he acknowledged that the consortia
behind FSBD can’t make it a customer problem, but instead need to find a way
to shore up a network’s defenses against data change, particularly at a time
when companies such as IBM and HP are hawking e-business on demand and
adaptive infrastructures where data changes on the fly.
HP CTO Jan-Maarten van Dongen, who represented his company on the call agreed, citing the spec as the result of customers requesting a higher quality-of-service to reduce the likelihood of unpredictable behaviors.
“There is hardly any way to track down what [data] has changed,” van Dongen. “How can you guaratee acountability if you’re not even sure what’s running?”
Dave Bartlett, Director of Autonomic Computing, IBM, said the thrust behind FSBD is akin to IBM’s strategy for autnomic computing, in which self-managing, self-healig software products sit on servers to accommodate complex data management needs.
“Even the most significant virus checking is one step behind the bad guy,”
Starnes argued. “What we need is a stronger ability to secure systems at the
core file level and up through the operating systems and applications sets.
We need to eliminate the bad code, rather than filter a prehistoric
database.”
Analysts, such as IDC’s Chris Christiansen, said FSBD marks a transition
from tracking bad files, such as viruses and other signature-based malicious
code to knowing what corrupted files need to be eliminated before they
“execute their poisonous instructions.”
Gartner analyst John Pescatore discussed the initiative with
internetnews.com.
“In general, this is a very good thing,” he said. “Users of those products
can easily implement detection if one of them is modified or someone’s tries
to substitute a version with a Trojan horse or back door inserted. This
would be much more powerful if Microsoft and Red Hat (or other Linux
distributions and other open source, like Apache) joined in, but at least
this is a start.”
But Microsoft to date has embarked on its own Trustworthy Computing
initiative, which is focused more on shoring up the defense of its own
software and as a symbol to the public that it does consider software
safeguarding a serious matter.
Pescatore cautioned that the group’s official signature database needs to be
steadfastly protected and that enterprises are still much better off if they
prevent unauthorized changes than if they just detect them.
Starnes said the initiative consists of a relational database of some 11
million files. The database consists of ‘born-on’ file information, such as
file name and digital hash values, which provides a unique file ‘signature’
archive to accommodate disparate operating systems and applications
programs.
There is also a schema, some of which will be published out in the open,
such as the data harvesting aspect, for all to use. But some will remain
proprietary. What will fall into which camp has yet to be fully determined,
but the consortia aims to bow commercial implementations in 2004.
The initiative is open to all operating system, application and
infrastructure vendors. In the meantime, charter members will be populating
the database with new file information as new software is manufactured and
released.
“No vendor is an island,” Starnes said. “Platform vendors must work together
to meet customers’ needs.”