 |
|
||||
|
Sybari: Enterprise Messaging Security with SmartsBy Lyne BourqueFebruary 16, 2005
This can be a problem if that overlooked virus or worm is something like Blaster. Particularly so if it's on our email server (say one like Lotus Notes), which already has a heavy load on its hands; it doesn't need the added burden of dealing with a nasty infection. Making matters worse, some worms/viruses are geographic-specific. If your AV software's developer is located in a different geographic area, updated signatures may arrive too late. So how can this be best dealt with? The answer: An interesting and well thought-out product called Antigen from Sybari. Antigen is specifically designed to ensure a secure messaging environment for the enterprise, whether email or instant messaging, by embracing an unorthodox approach. By default, Antigen comes with four well-known anti-virus engines: Sophos (UK), Norman (Europe), and Computer Associates (Asia and North America). You can add on additional optional engines from the likes of Kaspersky Labs (Europe), Authentium's Command (North America) and Virus Buster (Europe). And what surprises me the most is that few other AV companies (in fact, I don't know a single other one) have implemented this idea. I mean, why not? It makes logical sense that no matter how good your product, there will be a hole. This approach, on the other hand, results in more "eyes" on the lookout for nasty worms and a way to tighten the noose around them. You probably think that means visiting a lot of sites to download, eh? Not in this case. Sybari obviously thought this out and provides downloads directly from their site. Even when you update and/or patch, you're never down. Your server will continue to function 24/7. In fact, there is only one time that Antigen is taken offline: when you reboot the server. But they don't just stop there. Relying on signatures always means spending a little time behind the 8-ball. That's just not a viable solution for today's embattled enterprise IT departments. We certainly don't want a repeat of events like those with the old 'I Love You' worm. So, in addition to the signature-based anti-virus engines, there is also a heuristic scanner that detects for things that "just ain't right", so to speak. All of these factors combined should reduce that "window of vulnerability", also known as the time until the next signature is released. Now, all of this may sound like it's going to be CPU and memory intensive. Of course, some thought was put into this as well. While most of the emails are scanned in memory (in an apropos named area called SCAN.BOX) the scanning is done based on bias settings put forth by the administrator, as well as algorithms that determine which AV engine to use. For instance, I might be more inclined to use Sophos engine on emails from the UK than just the CA engine from North America. And for a Notes environment, this only helps to reinforce existing policies in regards to dealing with virus/worms. As an administrator, I could stop there and be quite content. Well, almost. Continued on Page 2.
|
|
|
|
Email
Print
Digg This
Add to del.icio.us
