“This is the Future of Security Technology…”

I picked up an interesting link to an article yesterday, so I thought I’d share. It’s about white listing . . .The article is written by Peter Nowak of CBC News and interviews Michael Murphy of Symantec Canada on his observations of a philosophical change in the anti-virus market.

Article: Internet security moving toward “white list”

Nowak says in the article:

“Under the current system, a security firm discovers a new threat, adds it to its black-list database and updates its customers’ anti-virus software to combat the problem. A “white list” would instead compile every known legitimate software program, including applications such as Microsoft Word and Adobe Acrobat, and add new ones as they are developed. Every program not on the list would simply not be allowed to function on a computer.”

“This is the future of security technology,” Murphy said at a presentation of the company’s twice-yearly security report on Friday. The trick is to develop a “global seal of approval.”

Not that this is a really big surprise. There have been several articles and announcements in recent weeks and months that relate to the emergence of the “positive model” – or what some companies refer to as “security by inclusion.”

This is all really common sense stuff when you think about it right? The “black list” challenge continues to be highly elusive; after all, it IS an infinite problem. Not that black list will go away anytime soon. Our customers will continue to pursue the “defense in depth” strategy.

On the other hand, IT controls and measurement systems based on “white list” or manifests of authorized code sets can easily be managed in a highly finite way using SignaCert. Also, positive system affirmation really provides much more customer value at the end of the day. In addition to the “keep the bad stuff out” benefit of black list, we can fold in the “verify the good stuff is still as intended” and “make sure that the originally and intended code is still present on the platform” benefits.

So the value of IT measurement and controls go way beyond pure security. Implemented correctly it is FULL configuration verification (image manifest AND software measurements) and code validation with source of ownership information (software provenance and pedigree)….all grounded to a common trust reference within our customers domain.

It is interesting to consider: This is how most other industries made their “automation” transitions. Think aerospace, telecom, auto and others. More on that later.

So net-net – we agree…this IS the future of security.

And likely the key to more comprehensive and proactive systems management methods.

So, the pendulum continues to swing even faster. Stay tuned.

Wyatt.

Intel and secure computing? Trust it.

OK, another disclaimer:

Intel is an investor in SignaCert.  Further, we are under NDA working on platform initiatives.  Can’t say more…that is why we have the NDA.  With that said, I am going to observe without bias or apparent subjectivity.

Enter the Positive Security Enabled Platform….

In April 2006 and without great fanfare Intel formally renamed the Professional Business Platform to vPro.  The goal was to further its line of “platform” branding ala the very successful Centrino mobile technology.

This began the unfurling of a major new set of platform capabilities that are being aggressively messaged to Intel’s OEM partners.  Perhaps even more importantly the value, benefits and features of vPro are now beginning to crystallize end-customers.

Next week at the Intel Developer Forum (IDF) in San Francisco, Intel will shed more light on these important developments.  As mentioned in the last blog post, over the last several weeks, Intel began the process of  messaging the latest set of vPro platform improvements (dubbed Weybridge).  As these new capabilities come to market they fall into the following categories:

–Trusted Execution Technology (TxT) brings the long awaited LaGrande technologies into vPro
–Enhanced Virtualization Technologies (VT) capabilities

These capabilities enable the creation and management of “trusted memory spaces” utilizing a much more robust set of capabilities to create a “Measured Launch Environment” or MLE for the system software stack.  The MLE capabilities support both a monolithic and virtual machine (VM) environment.  VT allows for specific optimization of these methods for VM providers.
 
–Enhancements to the Intel Active Management Technologies (iAMT) providing enhanced Out-of-Band capabilities and support.
–Support of the Distributed Management Task Force’s (DMTF) DASH 1.0 draft interoperability specification and Web Services Management (WS-MAN).

These capabilities, along with the first time inclusion of a Cisco-certified embedded trust agent, promise to make the remote management and powered down capabilities of the Intel Active Management Technology (iAMT) truly useful for enterprise customers.

Several IDF Sessions will focus on understanding how these enhancements are being leveraged by other standards, methods and architectures.  Be sure to attend the Security and Safer Computer Initiatives Sessions.

Details are listed below.

Featured Technical Sessions:

–SCIC001 Security Technologies Chalk Talk
–SCIS001 Security Kickoff: Providing World-Class Security and Data Protection for the PC Platform
–SCIS002 Safer Computing Initiative and Trusted Computing
–SCIS003 Making Security Practical in the Enterprise with Client Technologies
–SCIS004 Verified Launch with Launch Control
–SCIS005 Delivering Security Requires More Than Features
–SCIS006 Research on Platform Security Technologies

Overall this the vPro marks one of the most significant efforts to date by any platform vendor to move to a more “proactive security and systems management”.  Other points to note are:

–The many discussions about utilizing “white lists” to supplement our almost complete reliance on third-party black list vendors and methods for securing the enterprise.
–The further evidence of methods and technologies being moved into commodity silicon.
–The Trusted Computing Group (TCG) aspects of Intel’s platforms will become very evident.  Verified/Measured boot and “transitive trust” methods (and their value) will be revealed.
–The Trusted Platform Module (TPM) bits are finally getting a real workout. The TPM will begin to take on the definitive roll of the “anchor of trust” for the platform.

Many years and several 100’s of millions of dollars have gone into these efforts.  Regardless of the chip wars, and the emerging virtualization wars – these developments promise to have a profound impact on computing as we know it today.

Check them out.  They are a bit techie by nature so be sure to bring your pocket protector.

Wyatt.

“There’s Something Happening Here…

…what it is ain’t exactly clear…”  – Buffalo Springfield, January 1967  

Or is it?   

We are in the midst of a significant set of IT market shifts, and we are starting to find the words for it. 

OS and Platforms:  We are witnessing a rapid shift to a new paradigm – from monolithic computing to the virtual domain.  This is even getting noticed in mainstream business publications.  See:http://www.businessweek.com/magazine/content/07_37/b4049052.htm?campaign_id=rss_daily

We are going to see a radical “remapping” of software delivery in conjunction with this.  Could this be why Citrix bought XenSource for $500M?  This is likely to extend Citrix’s increasing footprint in the streaming application on demand methods.  See:http://www.citrix.com/lang/English/lp/lp_680809.asp 

And are you watching what Intel is up to? Tons of R&D and standards efforts continue to roll to market, fundamentally redrawing the lines between what functions are contained in the platform versus the OS and 3^rd party applications.  Security and manageability functionality is continuing to be subsumed by the platform and chipsets themselves.  See:http://www.intel.com/pressroom/archive/releases/20070827comp.htm 

And these are likely just the tip of the iceberg.  OEMs and other chip suppliers have their own plans to ease customer pains to develop a more competitive posture for their offerings. 

InfoSec:  We have traditionally depended on several assumptions that no longer hold true…where is the IT perimeter?  Are the real issues in information security keeping the bad guys out?  Or is it increasingly making sure the “good guys” don’t mess things up?   Yes, there is a fundamental change here as well.  We are moving from the negative model to a positive one.  New platform and OS functions continue to bring “security” closer to the data – both the software that RUNS the platform as well as USER content. Some analysts and companies are beginning to refer to this shift as “Security by Inclusion” – emphasizing these shifts.  Others refer to this as moving from a reactive posture to a proactive view. 

Operational Excellence is the Goal:  Like other (non-IT) sectors standards, best practices and 3^rd party independent controls will likely marry quickly with the improvements in platform and software methods in the best shops.  This is not an option nor is it a luxury.  It will become a competitive imperative. If you are a student of manufacturing and business best practices, this could be deja vu all over again.