I don't get it. If anti-virus isn't good enough for the detection of malware once it's installed, how is anti-virus going to be good enough on a gateway?
Why not detect and block ALL executable files unless from an known good source; Microsoft updates, Adobe, Intuit, etc. Then when your gateway reports that someone is trying to download a file, the "gatekeepers" can contact that user and see if it's something they really need. Nine times of out ten, they're going to either say "no" or "I wasn't trying to download a file".
If they weren't trying to download a file then you have a real good candidate for further investigation.
Why continue to rely on signatures when we all know the bad guys know how to evade them?
Why not stick to a policy of "only traffic that is absolutely necessary for the business"?
This strategy combined with Layer 7 identification of protocols can prevent and detect infection. No signatures to update, no anti-whatever to update. Just good sound security policies.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
