Mixing old tactics with new In the R&D labs Creative strategies Vendors unite

Assaults such as the recent Bagle and MyDoom worms prove once again that "malware" attacks - viruses and worms - are not only growing more prolific but also more sophisticated. And this is only the beginning, the IT security community fears.

As their companies become more interconnected via new data center technologies, network security officers and their security vendors worry about the next generation of such attacks, called "superworms." This malware would feature the most potent elements of existing worms and be aimed at specific targets.

"In the past, viruses never spread far because people had to execute them and we could develop virus signatures to counteract them," says Steven Hofmeyr, chief scientist at Sana Security, an intrusion-prevention software vendor. "Worms spread very rapidly because there's no human intervention. We need different mechanisms for dealing with them."

It's war, and network managers and security vendors have only just begun fighting back. They're exploring new technologies and launching creative efforts to counter attacks that cost billions of dollars in fixes and lost productivity.

Mixing old tactics with new

To protect their companies against today's fast-moving malware, network executives are combining aggressive policies with new and existing technologies. For instance, The Weather Channel in Atlanta uses MailMarshal from NetIQ. The product blocks e-mail messages with suspected viruses as if they were spam. When SoBig.F hit in June 2003, The Weather Channel immediately grabbed the details about the content of SoBig.F messages and loaded that data into MailMarshal to filter inbound mail, says Christina Neustadt, director of customer service at The Weather Channel. Consequently, it quickly stopped infected attachments without disrupting legitimate e-mail.

Neustadt says the company, which filters out as spam about half of the 100,000 or so e-mails received per day, is aware that some zero-day viruses could slip through. Zero-day viruses are new attacks that appear before anti-virus companies have had a chance to release fixes. To deal with those attacks, The Weather Channel uses Network Associates' McAfee anti-virus software, which scans all desktop machines daily. The company is exploring intrusion-prevention technology, subscribes to CERT advisories and analyzes anti-virus sites. "We do a lot of upfront due diligence, constantly trolling for what may be out there," Neustadt says.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports