Improving defenses

Information security companies are working to bolster their defenses, and antivirus products have become a focal point for activity.

Antivirus vendors endeavor to churn out signature files — the .dat files that identify viruses — as soon as new threats are discovered. But the process of constantly updating antivirus products is a difficult tactical battle, said John Watters, president and chief executive officer of iDefense Inc. Virus writers have become "effective at coming out with a new variant at a pace [anti-virus vendors] can't catch up with," he said.

Customers face exposure from the time a malware or hybrid threat is first identified to the time vendors update their antivirus signatures. Another critical issue: Signature-based products can only ward off known threats.

"Signature-based antivirus software isn't enough anymore; it needs to be complimented," said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group.

Antivirus vendors are supplementing their signature-based products with detection methods that guard against unknown threats. One such approach is behavior-based technology, which analyzes the behavior of a given piece of code to check for undesirable characteristics. Network Associates Technology Inc., for example, offers Entercept, an intrusion-protection system, which employs both signatures and behavior rules.

Eset Co. Ltd., meanwhile, uses heuristics technology in its NOD32 antivirus software. One aspect of the technology analyzes instructions in a suspicious file or a piece of code to determine whether a virus-like pattern exists, said Anton Zajac, Eset's chief executive officer. The company's heuristics approach also lets code run in confined, virtual memory within a PC to check for suspicious activities, said Maros Mozola, vice president of business development at Eset.

Another tactic, which goes beyond product technology, is to anticipate what's coming next in the world of viruses, worms and other threats. Michael Rasmussen, a principal analyst with Forrester Research's security group, said some organizations are pursuing security intelligence.

Most anti-virus vendors run their own intelligence-gathering operations, but Rasmussen also pointed to independent intelligence firms. One such company is iDefense, which collects information on vulnerabilities and emerging threats. Watters said such intelligence can help organizations implement an interim patch in the time gap between threat and remedy. Workarounds may include changing a configuration setting on an e-mail gateway or firewall. The idea is to "close the gap and not rely just on the vendor to update," Watters said.

Oltsik added that proactive firewall management, aggressive filtering and constant monitoring should also complement traditional anti-virus ware.

Sources: Computer Associates International Inc., F-Secure Corp., Network Associates Technology Inc. and Symantec Corp.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group