Kaspersky, Bit9, and Whitelisting
Posted by Brian Gladstein on Mon, Nov 05, 2007
We had some exciting news to report today. Bit9 has teamed up with Kaspersky, one of the leaders in antivirus solutions, to integrate our whitelisting technology into future Kaspersky products. Here's some information directly from our news release:
Specifically, Kaspersky Lab will leverage the Bit9 Knowledgebase, the largest collection of actionable intelligence about the world's software, including commercial applications, open-source software, drivers, libraries, and malware, currently comprising more than 4 billion files and growing by up to 50 million records a day. This software identification service helps users understand what applications, good and potentially malicious, are on their desktops, laptops, and servers.
So you may ask - why would Kaspersky need Bit9? Well obviously there is a lot going around these days about whitelisting and clearly Kaspersky - a technological leader in the sapce - is eager to introduce the capability.
Without speaking for Kaspersky, I think this is an incredibly important step for threat research. Any antivirus or security entity that tries to identify malicious software is facing the growing challenge now that malware is getting custom, targeting, it's changing all the time, and it doesn't behave in obviously malicious ways. So that means threat researchers have to do more malware testing and more regression testing to make sure they are properly identifying the bad guys.
But if you think about the positive security model - consider anything unknown as malicious, until you can demonstrate it isn't - well it's a much easier thing to do as long as you have a good source of known goodware.
And that's where Bit9's software identification service comes in. No one has invested in developing a knowledgebase as rich and detailed as Bit9 - and it can be tremendously valuable to help navigate the ever-changing waters of malicious software research. Though Kaspersky has not yet disclosed their product strategy, I for one am very excited to see what happens when they incorporate this information and technology into theirs.
What do you think? Submit a comment and let's discuss!