• United States

IronPort counters anti-virus time lags

Jun 15, 20042 mins
Enterprise ApplicationsMessaging AppsViruses

* IronPort Systems slows virus-like traffic as anti-virus companies develop antidotes

Anti-virus defenses are perhaps the single most critical system any organization or individual can implement to protect the security of their network and e-mail system.

Most of these systems are generally very good at stopping known viruses and other suspicious, virus-like activity. However, the lag between the start of a virus outbreak and the development of a signature to detect and neutralize it can be several hours. During this time, e-mail systems can be quite vulnerable.

If a lag lasts nine hours or more, that means a virus outbreak that occurs at 8 a.m. might not have a cure until past the end of the business day. While using multiple virus scanners might reduce the lag time, there will always be a lag between an outbreak and the creation of a signature file to combat it.

One method to address this problem has been introduced by IronPort Systems. The company’s Virus Outbreak Filters work very simply: using the company’s SenderBase e-mail traffic-monitoring network, which sees about 25% of all e-mail traffic sent over the Internet, the system can detect suspicious e-mail traffic patterns and can quarantine or slow the receipt of files that might contain viruses before they enter a network. Virus-laden files can be held in an area where they cannot do damage and where they await the creation of new signature files that can clean them before they are sent on to their destination. IronPort’s testing has shown that the system can detect viruses at least four hours before virus signatures are available.

The advantage of such a system is twofold: first, it applies simple, spam-like quarantine techniques to suspicious files so that they can be stored and reviewed offline before they have the chance to do any harm. Second, it provides an extra level of defense for in-house anti-virus systems that can dramatically improve the efficacy of these systems while requiring no change to the amount of time required for anti-virus developers to create a new signature.

IronPort’s Virus Outbreak Filters will be released in the third quarter of this year.