Black Hat USA 2013 - CMX: IEEE Clean File Metadata Exchange26:29 71 views 0% Published 8 years ago
By: Mark Kennedy & Igor Muttik
False positives are a huge problem in the security space. Organizations can spend more time and engineering on reducing FPs than on detecting new malware. Whitelists can help, but there are difficulties with these. Many organizations will not permit the exchange of files for copyright reasons. 3rd party developers must deal with multiple security vendors to get their software whitelisted.
CMX is a system being operated by IEEE. 3rd party software developers can submit metadata for their applications to a single portal. Security vendor subscribers can then pull -- in realtime -- all the metadata being pushed into the system. Since only metadata is being exchanged, there are no copyright problems.
This system will greatly simplify the maintenance of global whitelists.