• United States

Avinti safely isolates e-mail-borne malware based on actual behavior

Jan 02, 20064 mins

* A look at Avinti's iSolation Server

My desktop hard disk crashed a few weeks ago. We think it got a virus that brought the whole PC down. Recovery has been expensive and time-consuming. Although I had anti-virus software running on the PC, I could have avoided this whole painful experience if my network had iSolation Server from Avinti.

Unlike other anti-virus solutions, which largely rely on matching the signatures of known viruses and other malware, Avinti’s solution offers zero-hour defense against e-mail-borne threats, whether they are already identified or not. Avinti’s iSolation Server uses virtual machine technology to create a replica of the end-user’s desktop, to observe the actual behavior of potentially malicious content. If a message is harmless, it gets passed along to the intended recipient.  If it acts in a malicious manner, it is quarantined where it can do no harm.

Avinti is a three-year-old privately funded company, and Symantec is one of the investors.  It’s good to see that one of the world’s largest security software companies has faith in the strategy and product Avinti has developed.  Perhaps it’s no coincidence that Symantec and Avinti products work together to create a layered approach to e-mail security.

Avinti’s specialty is stopping unidentified viruses and other malware as they attempt to enter your e-mail system.  ISolation Server works best when you pair it with anti-spam and other anti-virus applications that weed out undesirable messages and known malware before the Avinti software does its thing.  (Note: iSolation Server works with just about any anti-spam or anti-virus solutions – not just those from Symantec.)

So, for example, using the layered approach, you’ll have a spam filter that removes the high volume of spam coming in, allowing more meaningful mail to pass through.  Then an anti-virus application using pattern matching screens these messages for known viruses, Trojans and keystroke loggers.  After those problem messages are removed, remaining e-mail attachments are examined by iSolation Server, which tests the attachments in an environment that is a replica of a typical user workstation.  This software monitors actual executable behavior instead of just looking for digital signatures.  Because this environment is both virtual and isolated, no harm comes to your actual network or client PCs when a virus is encountered.

ISolation Server runs at the network server level to contain threats at the edge of the network.  It does not require any additional software or screening at the workstation level, simplifying implementation and network management.  It is a software solution that runs on any industry-standard server.  A single iSolation Server can screen about 250,000 messages per day with very little perceived delay – literally seconds.  For enterprises that receive more than a quarter million messages daily, the Avinti solution can scale up with the addition of another processor.

One problem of traditional virus scanners is the occurrence of false positives, where a message is suspected of carrying a virus when it really doesn’t.  ISolation Server has a false positive rate approaching zero.  Since suspect message attachments are identified by actually observing their behavior, it’s easy to tell which messages are malevolent and which aren’t.

There are a couple of documents that will give you more information about this unique product – the first is the Ferris Research report; the second is an Avinti white paper.  Also check out this newsletter from Michael Osterman, and this article by John Fontana.

Hackers and those who subject us to all sorts of malware are staying a step ahead of the companies that produce the signature files that help us detect the problems.  As the window of time from when a virus is released into the wild to the time it reaches critical mass gets shorter and shorter, the best way we can protect our networks is to layer on the security and use multiple protection schemes.  For the mere cost of between $6 and $12 a year per mailbox, Avinti’s iSolation Server is worth the cost for the added peace of mind.