Posted by Brian Gladstein on Thu, Nov 08, 2007
If you haven't seen it, there was a really well-written and in-depth article on Information Week last week about Who Really Owns the PC in a corporate setting - the user, or the company.
I loved reading this article because at Bit9 this is exactly the dilemma we are helping companies solve. A flexible solution that can give flexible control to IT so users have a lot of freedom, but IT still maintains the ability to keep the system's integrity maintained and security in line.
One of the most important points made in this article is the need for better communication between IT and the business units who run software. They need to discuss what applications are important, why, what risks are involved, and how IT can best support those applications the business needs.
Although it sounds very basic - it's very difficult to do with today's Windows operating system. There is so little visibility into what users are doing on their local PCs, and when using group policy or managing administrative privileges - all decisions are made locally to each PC, and therefore very difficult to roll up and spot trends and exceptions.
So what? Well - what that all means is - there are no tools that automate communciation. IT has no ability to monitor, dicsover, or be proactive (or reactive even) when it comes to what business users are doing. As important as regular face-to-face meetings are to discuss this - and we certainly believe that level of communication is critical to achieve a more controlled enviornment - it must be accompanied by the right information systems to make everything easy and build trust. Otherwise there is too much opportunity for misinformation, misunderstandings, and mistakes.
What do you think? Please comment on this post and let me know!
Posted by Brian Gladstein on Mon, Nov 05, 2007
We had some exciting news to report today. Bit9 has teamed up with Kaspersky, one of the leaders in antivirus solutions, to integrate our whitelisting technology into future Kaspersky products. Here's some information directly from our news release:
Specifically, Kaspersky Lab will leverage the Bit9 Knowledgebase, the largest collection of actionable intelligence about the world's software, including commercial applications, open-source software, drivers, libraries, and malware, currently comprising more than 4 billion files and growing by up to 50 million records a day. This software identification service helps users understand what applications, good and potentially malicious, are on their desktops, laptops, and servers.
So you may ask - why would Kaspersky need Bit9? Well obviously there is a lot going around these days about whitelisting and clearly Kaspersky - a technological leader in the sapce - is eager to introduce the capability.
Without speaking for Kaspersky, I think this is an incredibly important step for threat research. Any antivirus or security entity that tries to identify malicious software is facing the growing challenge now that malware is getting custom, targeting, it's changing all the time, and it doesn't behave in obviously malicious ways. So that means threat researchers have to do more malware testing and more regression testing to make sure they are properly identifying the bad guys.
But if you think about the positive security model - consider anything unknown as malicious, until you can demonstrate it isn't - well it's a much easier thing to do as long as you have a good source of known goodware.
And that's where Bit9's software identification service comes in. No one has invested in developing a knowledgebase as rich and detailed as Bit9 - and it can be tremendously valuable to help navigate the ever-changing waters of malicious software research. Though Kaspersky has not yet disclosed their product strategy, I for one am very excited to see what happens when they incorporate this information and technology into theirs.
What do you think? Submit a comment and let's discuss!