Detecting and Eliminating Computer Viruses at the Gateway

Traditional anti-virus software only stops known computer viruses – stopping undefined computer viruses requires a different approach.

In the past, network administrators scrambled to apply new virus signatures whenever new computer viruses were discovered. While these signatures will stop a known threat, it takes time for anti-virus vendors to develop them. Unfortunately, the newest and most damaging viruses are able to spread so quickly that the damage is done before a signature can be developed and distributed.

In fact, the independent testing laboratory AV-test.org found the response times for major anti-virus software publishers to range from just under 7 hours to almost 30 hours , with the four leading vendors (Sophos, McAfee, Symantec and Trend Micro) clocking in at no less than 12 hours.

In January 2004, the computer virus known as “MyDoom” created mass disruption to corporate resources and reputations as it quickly spread through e-mail networks worldwide. At its peak, MyDoom infected one in every five e-mails transmitted over the Internet. The worm broke records set by previous malware, such as Sobig.F, to become the fastest-spreading virus ever. This incredible propagation speed left many networks vulnerable - despite the presence of anti-virus software - because of the lag time between when the virus outbreak began, and when a virus definition became available.

As a result of recent malware threats, corporations and organizations have learned a painful but important lesson: simply deploying a signature-based solution is no longer enough. Detecting and eliminating computer viruses requires a multi-faceted, rapid-response approach that traditional anti-virus protection cannot provide. Even a single unprotected computer on an enterprise network can bring down the entire system in just minutes, rendering even the most expensive and up-to-date software useless.

Why E-Mail is Particularly Susceptible

In many organizations, e-mail has replaced the telephone as the most useful business tool available. Unfortunately, e-mail has also been a victim of its own success and presents a unique threat to the enterprise network as a whole.

Detecting and eliminating threats has traditionally been the combined responsibility of firewalls, virus scanners, and intrusion detection systems (IDS) set up by enterprises to defend against attacks. Firewalls prevent unauthorized programs from accessing the network, virus scanners scan each PC in the network for malicious code, and gateway servers lock down extraneous ports to protect against unauthorized access.

But key Internet-facing applications, including e-mail are unguarded by firewalls. In order to function, e-mail must expose firewall ports, including port 25, the port used by SMTP (Simple Mail Transfer Protocol) and port 110, the port used by POP (Post Office Protocol).

When a firewall receives a connection on port 25, it generally assumes that the transmission is e-mail and allows it to flow through to the e-mail server. The transmission may very well be a valid e-mail; however, it could also be a virus, spam or something much worse. Firewalls are not able to distinguish between “good” mail and “bad” mail and therefore they are unable ot protect the e-mail application.

Stop E-Mail Threats at the Gateway

Therefore, some sort of protection is needed specifically for e-mail and, since the best place to stop a threat is before it gets inside the network, the protection should be at the e-mail gateway. Protecting the e-mail gateway requires a coordinated effort to combat a host of issues, including spam, viruses, corporate policy infringements, directory harvest attacks, denial of service attacks, phishing, spoofing, and snooping. As e-mail threats evolve, the distinction between each of these types of threats becomes blurred.

Furthermore, accuracy in identifying “bad” e-mails is crucial. Extreme care must be taken to avoid filtering out legitimate e-mails (false positives), which could contain important information from customers or partners.

Historically, enterprises have turned to multiple vendors to solve their e-mail security issues. They have relied on anti-virus vendors to protect them from viruses. They use a separate anti-spam vendor to help cut back on the spam. Then, there are the issues of content filtering, policy enforcement, encryption, and network security. Unfortunatley, attackers are now highly adept at exploiting these non-integrated solutions. This “Swiss cheese” defense has not only been costly, but increasingly ineffective at protecting corporate email systems.

Computer Virus Risks

Recent attacks from various types of computer viruses and worms have had profound effects on computer systems around the world. Enterprises have been brought to their knees and forced to spend billions of dollars cleaning up the mess and rebuilding their infrastructures. While the increased IT costs are clear, there are other risks corporations face with regard to e-mail borne viruses.

System Downtime

E-mail has evolved to be the primary communication tool for most organizations and the loss of e-mail due to attack can severely affect enterprise operations. Beyond the immediate expenses involved in restoring the network, an attack on your enterprise e-mail system can also result in lost hours and days for employees who have come to rely on it to accomplish their daily tasks.

Resource Depletion

The costs of cleaning up after an attack are significant. IT teams are forced to spend considerable time and money repairing virus damage. The damage, however, is rarely contained to network servers. Once inside the network, viruses can quickly infect large numbers of relatively exposed client machines - all of which must be individually cleaned, patched and repaired.

Administration

In the past, when a new vulnerability was discovered, network administrators scrambled to apply security patches from the makers of their anti-virus software and manually reviewed quarantine lists for virus-infected messages. Software manufacturers release patches so frequently that network administrators cannot reasonably be expected to keep up with them all. As stated by Gartner Research, “Enterprises will never be able to patch quickly enough. After all, attackers have nothing else to do.” The staggering damage caused by recent computer viruses and malware attacks is clear evidence that manual intervention to institute emergency measures or review quarantined messages is rarely effective against rapidly propagating threats.

Compliance and Liability

Recent Federal regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) and Sarbanes-Oxley Act (SoX), require enterprises to protect data residing in mail servers and other internal systems. Security breaches violate these regulations, exposing sensitive data and opening the door to serious sanctions and costly litigation.

Credibility

Falling victim to a virus attack can also result in lost trust from business partners and customers. According to Gartner, “Enterprises that spread viruses, worms, spam and denial-of-service attacks will find not only that malicious software can hinder their profitability, but also that other businesses will disconnect from them if they are considered to be risky.” While an attack may not be your fault, it is most certainly your problem.

The Solution

Although signature-based anti-virus systems are inadequate to preventing virus attacks in the first few hours or days of an outbreak, it is possible to identify outbreaks before they infiltrate your organization’s network and become a problem. In fact, doing so successfully requires tight integration of several different technologies designed to analyze mail based on many different characteristics. One of the most innovative and important technologies for meeting these threats is known as Anomaly Detection.

Large-scale virus outbreaks create anomalies in mail flow which are identifiable by the message content, source, volume, attachment or any of a number of other indicators. When a particular message appears to be a part of a sudden surge of anomalous messages moving across the internet, the message can be quarantined until virus definitions can be developed to address the new threat.

Anomaly Detection

CipherTrust’s IronMail utilizes a unique Anomaly Detection Engine (ADE), which dynamically identifies and responds to abnormal behavior in mail flow. By monitoring “normal” e-mail traffic rates across the Internet, the ADE allows IronMail to identify spikes in traffic that are often the first signal of a malicious attack. Once these spikes are recognized, IronMail units take appropriate action to prevent infiltration of the network.





Article Source: http://www.BharatBhasha.com
Article Url: http://www.bharatbhasha.com/email.php/18039

Other Articles related to "Detecting and Eliminating Computer Viruses at the Gateway" by CipherTrust

•Maximizing Email Security ROI Part II Stop Viruses Before They Stop You by CipherTrustThis is the second of a five-part series on Maximizing Email Security ROI. Across the spectrum of information security risks, most casual users understand the dangers posed by viruses and worms. Network administrators have even more reason to fear a virus attack, as a successful assault can cripple corporate networks for days. The lasting damage, however, is much more difficult to determine with precision, as the residual financial impact of a virus infection extends long after... •Maximizing E mail Security ROI Part IV The Digital Monsters under Your Bed E Mail Intruders by CipherTrust This is the last of a five-part series on Maximizing Email Security ROI. Remember your kid fears? As soon as the lights went out, the monsters under your bed began plotting ways to get you. Somehow, though, you always managed to outsmart them and make it through the night. Then one night you grew up, and the monsters went away for good. Well, they're back. And they've unionized.International rings of hackers, many backed by funds from organized crime groups, are the new... •Maximizing Email Security ROI Stop Spam and Save by CipherTrustThis is the first of a five-part series on Maximizing Email Security ROI In the realm of email security threats, the costs of spam are relatively easy to recognize. Although most organizations rarely, if ever, take the time to calculate their spam costs, they can easily account for the losses caused by spam with regards to employee productivity, consumption of IT resources and help desk costs. Harder to measure are the less obvious, and potentially catastrophic, costs incurred... •3 Criteria for Controlling Enterprise Spam by CipherTrustOr: T*ake Y O U R email ba & ack + From the Sp@mmers! 0400constrictor bubble snake informational If you have a business, then you have a spam problem. The efficiencies of communicating through e-mail not only benefit organizations like yours; they also benefit the spammers who profit off of sending pernicious e-mails to millions of people every day. In fact, spam is so cost-effective that it costs less than $0.0004 to send a single spam. That’s 25 emails for just one penny! The... •Maximizing Email Security ROI Part III No More Mr Nice Guy Enforcing E Mail Policy by CipherTrustThis is the third of a five-part series on Maximizing E-mail Security ROI.E-mail is an easy, cheap and readily available form of communication. It’s a great tool for businesses, but without proper safeguards in place to regulate the information transmitted it can also be a potential threat. An effective e-mail policy should be all-encompassing, helping organizations comply with federal regulations, protect intellectual property and prevent offensive materials from being... •How Spammers Fool Spam Filters by CipherTrustAnd How to Stop Them Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of tools spammers use coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don’t work anymore. Examining spam and spam-blocking technology can... •Does Your Email Reputation System Have a Bad Rep Does Your Email Reputation System Have a Bad Rep?   by CipherTrustThe recent spike in the volume of spam traveling across the Internet, combined with the dangers of phishing and virus attacks that frequently accompany these messages, has forced enterprises to reconsider how they determine which messages will be allowed into their network. The latest advances in anti-spam technology have been enabled in part by the use of reputation services which determine the “good” and “bad” senders. There... •Why Corporations Need to Worry About Phishing by CipherTrustPhishing is a relatively new form of online fraud that focuses on fooling the victim into providing sensitive financial or personal information to a bogus website that bears a significant resemblance to a tried and true online brand. Typically, the victim provides information into a form on the imposter site, which then relays the information to the fraudster. Although this form of fraud is relatively new, its prevalence is exploding. From November 2003 to May 2004, Phishing... •E mail Security Governance E mail Encryption and Authentication as a Business Enabler by CipherTrust How to Easily Secure Your E-mail System and Comply with HIPAA, Sarbanes-Oxley, and GLBA RegulationsWhile recent government regulations vary in scope and purpose, the need to protect and ensure the integrity of information is universal. Much of the information germane to business today is assimilated and communicated over messaging platforms such as e-mail. As a result, the need for a comprehensive approach to the secure delivery of e-mail affects almost all organizations,...

Articles In LimeLight

Old School By Nikola Jankovic Added on Monday, April 21, 2008 Finding Informative Text Through An Article Marketing Network By Mark Stewart Added on Sunday, April 20, 2008 Cheap Holiday Vacations During The Spring And Summer By Michael Peterson Added on Tuesday, April 22, 2008 Passive Income From Wellness Membership Websites By Zachary Thompson Added on Wednesday, April 23, 2008 Bowling Ball Tips - Control Your Ball Better With A Custom Surface By John Tenn Added on Wednesday, April 23, 2008 Is A Steel Building Safe To Use As A Horse Barn? By Amy Nutt Added on Tuesday, April 22, 2008 Do You Know How A Mezuzzah Is Crafted? By Anita Satin Choudhary Added on Wednesday, April 23, 2008 Wedding Bridesmaid Dresses In Toronto By Rafi Michael Added on Wednesday, April 23, 2008 Getting Your Child To Put Down The Video Games And Start Swinging Into Action By Adriana Copaceanu Added on Friday, April 25, 2008 The Lazy Man’s Way To Links And Traffic? By Bruce Swedal Added on Thursday, April 24, 2008 Work At Home Customer Service Could Be The Best Home Based Business By Dustin Heath Cannon Added on Saturday, April 26, 2008 Visualize Your Ideal Client And Market Accordingly By James Copper Added on Friday, April 25, 2008 Student Loan Consolidation And Government Student Loan Consolidation By Dave Text Added on Sunday, April 20, 2008 Laser Tattoo Removal Cost: What You Should Know By Matty Mathias Added on Saturday, April 26, 2008 How To Pick An Online Pharmacy By Daniel Millions Added on Friday, April 25, 2008 Commercial Desks By Camille Howe Added on Friday, April 18, 2008 Prophylaxis Of Rheumatic Fever (RF) / Rheumatic Heart Disease (RHD) By Safron Jeen Added on Wednesday, April 23, 2008 Do You Know Which Ivory Is Legal? By Anita Satin Choudhary Added on Wednesday, April 23, 2008 Tips For Choosing Personalized Corporate Gifts By Gabriel Adams Added on Friday, April 25, 2008 Many Owners Do Not Prefer Pomeranian Cuts By Rosie A Allan Added on Thursday, April 17, 2008