What have been some of the security issues that have hampered Linux in the past?
CEOs want to control their destiny and in that vein, CEOs are looking at Linux as option. When CEOs look at adopting Linux, they look at four criteria: speed, portability, clarity of code and robustness. Security has traditionally been in there with robustness; whether code is reliable enough and secure. CEOs are savvy enough these days that we had to make security the fifth criteria. CEOs come to us and tell us that they understand this code is built in someone's basement. These guys writing the code have no allegiance to them and how can the CEO be assured it will run and will be secure. We provide that assurance. HP generally isn't the first place enterprises go for their security needs. What does Secure OS for Linux offer enterprise customers?
We have a lot of security experience -- we offer VirtualVault and WebEnforcer security products -- and we've taken our lessons learned from that experience. Given how we understand security technology and Linux as an operating system, we needed to learn how to merge the two in a way that makes sense for Linux users. We've done exceedingly well. We've reached seven-figures in sales and we haven't actually released the product yet. I'm crossing my fingers that it keeps going. We're hearing from CEOs that they're moving toward Linux, but they're concerned about security. They turned to Linux originally because of the speed and how easy it is to modify, but they're not seeing security there. Can you highlight some features of Secure OS for Linux?
We've been building military-level security systems for a long time. We've taken pieces of that technology and applied it here. With this technology, we want to move one application and one customer onto a server. The technology modifies the Linux kernel and allows it to isolate each customer and application into a specific bubble. So, if you've got a program, a network card or a file, they only interact with other programs, network cards or files in their particular bubble. This is embedded in the kernel. We've taken the Linux kernel and made small modifications. Everywhere the kernel makes a decision, we've replaced it with a reference to a modification we've made called a Dynamically Loadable Kernel Module (DLKM).
One module is called a containment module (that contains attacks if the system is penetrated) and we have another auditing module (that detects attacks and records a hacker's identity). Everywhere a decision is made in the kernel, it defers it to the module. Inside, our algorithms know how to make a decision fast.
There is always a performance question with these kinds of modifications. But, we've been doing them for 25 years in the military space and learned how to make our algorithms run fast, make a decision and return it to the kernel so it can allow or deny access.
We are also offering configuration tools and HP Consulting will offer support. The cost is $3,000 per system.
All of this is offered open source. If you can take it and build a better mouse trap, please do so. Targeting ISPs and e-businesses makes sense on the surface. Why go after telcos?
They came after us. That was the surprise. Everyone knows there's a telco meltdown going on and we're all waiting for the recovery. That doesn't mean they don't have security concerns. We don't understand it; we just listen and learn as we go. What I can tell you is that as telcos consolidate, CEOs are worried about telcos in trouble getting desperate and having someone attack another telco. Also, they're concerned that hackers might turn their attention back to the phone system. The first hackers went after the phone system and it still remains a popular target. They were called phreakers. During a meltdown, they're concerned about seeing opponents play with a weakness.
FOR MORE INFORMATION:
Read this searchSecurity technical tip: "Linux clears scalability, security hurdles" How do you assure companies running non-HP equipment that the software will work?
We're offering it on HP servers and we're confident there. We're also offering it on non-HP servers. We don't always know what you may be using, so we insist in an on-site security survey and so far, it hasn't been a problem. Companies have been comfortable allowing us in and we've been well received. And, it shows through seven-figure sales.