RSA `07: Avinti powers e-mail security appliance for enterprise use

Blocks zero-day threats by observing code behavior

Avinti on Monday will release Version 3.0 of its iSolation Server, an e-mail security appliance that the company has tuned for enterprise use.

Go to RSA '07 HQ for complete coverage

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Avinti on Monday will release Version 3.0 of its iSolation Server, an e-mail security appliance that the company has tuned for enterprise use.

Go to RSA '07 HQ for complete coverage

Available now, iSolation Server 3.0 can be used to scan inbound e-mail for hundreds of thousands of mailboxes, making it appropriate for use by large enterprises, says William Kilmer, CEO of Avinti. Until now, the appliance was targeted primarily at small- and midsized businesses.

In addition to enhancing performance, the company has added fault-tolerant features and centralized reporting and administration capabilities, says Kilmer.

iSolation Server, which is also available as a hosted service, uses a technique for catching inbound threats that flags messages potentially containing a virus or malware and runs them through its Observation Engine that executes the code in a safe, contained environment at the gateway, Kilmer explains. If the code attempts to do something abnormal, such as modify the system registry or try to access an Outlook address book and scan e-mail addresses, the message will be quarantined.

The appliance only does this procedure with suspicious messages, such as those where the file extension of the attachment has been changed, and runs multiple virtual machines for executing potentially dangerous code at once so that performance doesn’t suffer, Kilmer says.

According to a recent Gartner prediction, 75% of enterprises will be infected with some undetected, financially motivated or targeted malware in 2007.

iSolation Server’s method of spotting and blocking malicious code gives one customer a high level of confidence that inbound e-mail messages won’t contain threats.

“This unique ability to recognize malicious attachments without relying on virus signatures…virtually guarantees that viruses or malicious code will not be able to make its way to a user’s mailbox,” says Grigoriy Milis, director of technology with Richard Fleischman & Associates, which provides IT solutions to financial institutions that manage hedge funds.

This technique allows iSolation Server to catch brand-new threats that signature-based filters can’t because no signature yet exists for them, says Kilmer. For example, the server was able to catch the recent Storm Worm on the day of its release because it saw that the e-mail messages containing the worm were trying to modify system registries, and another variant was looking for a back door on the recipient’s PC to send information through, he says.

When Storm Worm hit “there was no need for our users to update anything,” like traditional filters that need to get up-to-date signatures to protect users, says Kilmer. “That’s the advantage we bring, and it resonates well with enterprises – you don’t need to use signatures, this is very proactive technology that’s a complement to existing solutions.”

Avinti recommends enterprises take a layered approach to e-mail security, not only using products from different vendors but also ones that vary in their techniques.