I picked up an interesting link to an article yesterday, so I thought I’d share. It’s about white listing . . .The article is written by Peter Nowak of CBC News and interviews Michael Murphy of Symantec Canada on his observations of a philosophical change in the anti-virus market.
Nowak says in the article:
“Under the current system, a security firm discovers a new threat, adds it to its black-list database and updates its customers’ anti-virus software to combat the problem. A “white list” would instead compile every known legitimate software program, including applications such as Microsoft Word and Adobe Acrobat, and add new ones as they are developed. Every program not on the list would simply not be allowed to function on a computer.”
“This is the future of security technology,” Murphy said at a presentation of the company’s twice-yearly security report on Friday. The trick is to develop a “global seal of approval.”
Not that this is a really big surprise. There have been several articles and announcements in recent weeks and months that relate to the emergence of the “positive model” – or what some companies refer to as “security by inclusion.”
This is all really common sense stuff when you think about it right? The “black list” challenge continues to be highly elusive; after all, it IS an infinite problem. Not that black list will go away anytime soon. Our customers will continue to pursue the “defense in depth” strategy.
On the other hand, IT controls and measurement systems based on “white list” or manifests of authorized code sets can easily be managed in a highly finite way using SignaCert. Also, positive system affirmation really provides much more customer value at the end of the day. In addition to the “keep the bad stuff out” benefit of black list, we can fold in the “verify the good stuff is still as intended” and “make sure that the originally and intended code is still present on the platform” benefits.
So the value of IT measurement and controls go way beyond pure security. Implemented correctly it is FULL configuration verification (image manifest AND software measurements) and code validation with source of ownership information (software provenance and pedigree)….all grounded to a common trust reference within our customers domain.
It is interesting to consider: This is how most other industries made their “automation” transitions. Think aerospace, telecom, auto and others. More on that later.
So net-net – we agree…this IS the future of security.
And likely the key to more comprehensive and proactive systems management methods.
So, the pendulum continues to swing even faster. Stay tuned.