Hewlett-Packard Co. (HP), IBM Corp. and Sun Microsystems Inc. are allying with three security providers to announce an open standards initiative for safe computing next month.
Although the vendors did not provide further details, Gartner Inc. analyst John Pescatore said that the announcement centres on the adoption of a technology allowing companies to monitor changes made to software on servers.
Pescatore said he was previously briefed on the subject and that the initiative will bring technology from Tripwire Inc. to HP, IBM and Sun's server products.
The announcement is being made with Tripwire, RSA Security Inc., and InstallShield Software Corp.
Portland, Oregon-based Tripwire develops technology that uses digital fingerprints and is designed to let companies see if software on their servers has been changed. RSA will make the digital signatures, Pescatore said, and Tripwire will provide the signature database. InstallShield provides software that enables the distribution and management of software and digital content.
Using the technology, a company would be able to tell if a hacker takes a software module and puts a trojan program version in its place, Pescatore said, because it would not match the fingerprint of Sun, HP or IBM's software.
According to the analyst, 80 percent of the most common attack paths involve changing the software on the machine.
"This is pretty effective for (fighting) common attacks," Pescatore said. However, he noted that the "obvious downside is who is missing" -- Microsoft Corp. and Linux vendors.
"Everyone has Microsoft servers in the mix," Pescatore said, so the security offered by the initiative will not be as strong as it could be if Microsoft were involved.
Sun has invested in Tripwire in the past and it's possible that it could include the auditing technology in its Solaris operating system, Pescatore said. Whether HP and IBM include the technology in their software or just make it available with their products remains to be seen.