New Threats Require New Measures

Anti-virus scanners are the front line technology for preventing virus attacks. They can reside on a server, gateway, or client. The heart of an anti-virus product is the scanning engine, which conducts the scanning of files as it looks for viruses. A database of known virus signatures is what the scanning engine checks against. A signature is a search pattern, characters or bytes that are usually unique to each virus.

Because anti-virus software is primarily a reactive measure against known threats, updating, detection and policy enforcement play a key role in meeting the latest threats and protecting networks from infection. Updating your anti-virus software in the fastest time possible is the only way to minimize damage to your network. Today's virus protection is all about time-to-protection.

Time to Protection

Virus protection is ultimately about how quickly the anti-virus software can be updated to protect your network against the latest virus attack. Traditional anti-virus software is vulnerable during two critical gaps. First is the gap between the release of a new virus and the release of the anti-virus update. Second, the time it takes to implement virus updates to every PC on your network.

When a virus outbreak happens, virus vendors analyze the virus, identify its unique signature, and create the anti-virus. This process can take hours or days to complete. Virus vendors often send out incremental anti-virus updates as they develop more knowledge about the threat. Unless the anti-virus software has a mechanism to get these updates instantly instead of at scheduled intervals, the network remains vulnerable.

The biggest time-to-protection gap is getting the new virus updates to all the computers on a network. Anti-virus software deployed on PCs without centralized enforcement requires users or administrators to update the virus software one at a time. Even with a centralized anti-virus management console, an administrator needs to manage the updates.

Removing the Human Factor in Enforcement

The human factor in virus protection represents a potential risk to your business network. Keeping up with the rapid-fire changes in anti-virus updates places a heavy burden on administrators. Employees can easily turn virus protection off, as, for example when installing new software. Without a method of ensuring that the anti-virus software is always active, virus protection across the network will degrade as more and more users fail to restore their virus protection.

Enforcement is an essential element of virus protection. Virus policy enforcement isn't just about getting updates quicker, it's also about ensuring virus protection is always running on every PC on the network.

Automatic Anti-Virus Management

While AV protection is most effective at the desktop, desktops are also the most likely place where exposure risk is highest or where maintaining effectiveness is most difficult.

Centralized enforcement is an economic necessity for any business with more than a few computers. It's simply not viable to manage every desktop's anti-virus software by manually installing and configuring each time there is an update. Besides the enormous costs involved, there is too much margin for error in a manual process.

On the downside, most centralized anti-virus management products create more cost and complexity to your virus protection infrastructure. Typically, the virus management software runs on a network server and requires IT resources to set up and maintain.

A centralized virus management solution that automatically installs, maintains, and updates anti-virus clients eliminates nearly 80% of the total cost of implementing virus protection.

Integrated Firewall Protection

Today's virus threats can carry sophisticated payloads designed to attack network vulnerabilities that require a firewall to protect against. A good firewall provides the first line of defense against Internet hackers and a solid foundation for your anti-virus protection. Any weakness in your firewall capabilities opens up vulnerabilities in your virus protection.

The International Computer Security Association (ICSA) classifies firewalls into three categories: Packet Filters, Application-Level Proxy Servers, and Stateful Packet Inspection firewalls.

• Packet Filtering Firewall. A packet filtering firewall simply examines the packet header and decides whether or not to let the packet proceed. Decisions are made in accordance with a set of rules or filters. The inability of packet filtering to dig deeper into the packet exposes your network to Denial of Service (DoS) attacks and a host of prevalent Internet attacks. Most broadband routers include packet-filtering firewalls.

• Proxy Server Firewall. Proxy server firewalls provide upper level examination of IP packets. While providing superior firewall protection compared to packet filtering, a proxy server firewall causes significant performance degradation at the Internet gateway. Also, proxy servers are difficult to set up and maintain, and they require updates for each new application on the network.

• Stateful Packet Inspection Firewall. A stateful packet inspection firewall intercepts packets until it has enough to make a determination as to the state of the attempted connection before passing judgment. By maintaining a table of current connections and their most recent events, these firewalls are able to spot abnormal sequences inherent in hacker attacks. Stateful packet inspection is the most trusted firewall technology and is widely used in enterprise-class firewalls.

Virus Threats | Anti-Virus Strategy | Anti-Virus Protection

Contact us to discuss your requirement in more detail