• United States

HP, IBM, Sun to unveil server security initiative

Jul 25, 20032 mins

HP, IBM and Sun are allying with three security providers to announce on Aug. 5 an open standards initiative for safe computing.

HP, IBM and Sun are allying with three security providers to announce on Aug. 5 an open standards initiative for safe computing.

Although the vendors did not provide details of the initiative in an invitation to a conference call on the subject sent Friday, Gartner analyst John Pescatore said that the announcement centers around the adoption of a technology allowing companies to monitor changes made to software on servers.

Pescatore said he was previously briefed on the subject and that the initiative will bring technology from Tripwire to HP, IBM and Sun’s server products.

The announcement is being made with Tripwire, RSA Security and InstallShield Software.

Tripwire develops technology that uses digital fingerprints and is designed to let companies see if software on their servers has been changed. RSA will make the digital signatures, Pescatore said, and Tripwire will provide the signature database.

InstallShield provides software that enables the distribution and management of software and digital content.

Using the technology, a company would be able to tell if a hacker takes a software module and puts a trojan program version in its place, Pescatore said, because it would not match the fingerprint of Sun, HP or IBM’s software.

According to the analyst, 80% of the most common attack paths involve changing the software on the machine.

“This is pretty effective for (fighting) common attacks,” Pescatore said.

However, he noted that the “obvious downside is who is missing” – Microsoft and Linux vendors.

“Everyone has Microsoft servers in the mix,” Pescatore said, so the security offered by the initiative will not be as strong as it could be if Microsoft were involved.

Sun has invested in Tripwire in the past and it’s possible that it could include the auditing technology in its Solaris operating system, Pescatore said. Whether HP and IBM include the technology in their software or just make it available with their products remains to be seen.

A conference call on the announcement scheduled for 8 a.m. PDT Aug. 5 will include HP CTO Jan-Maarten van Donger.

Sun’s Product Line Manager for Solaris Security Mark Thacker will also be on board, as will Tripwire President and CEO Wyatt Starnes, along with other executives.