Improving defenses

Information security companies are working to bolster their defenses, and antivirus products have become a focal point for activity.

Antivirus vendors endeavor to churn out signature files — the .dat files that identify viruses — as soon as new threats are discovered. But the process of constantly updating antivirus products is a difficult tactical battle, said John Watters, president and chief executive officer of iDefense Inc. Virus writers have become "effective at coming out with a new variant at a pace [anti-virus vendors] can't catch up with," he said.

Customers face exposure from the time a malware or hybrid threat is first identified to the time vendors update their antivirus signatures. Another critical issue: Signature-based products can only ward off known threats.

"Signature-based antivirus software isn't enough anymore; it needs to be complimented," said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group.

Antivirus vendors are supplementing their signature-based products with detection methods that guard against unknown threats. One such approach is behavior-based technology, which analyzes the behavior of a given piece of code to check for undesirable characteristics. Network Associates Technology Inc., for example, offers Entercept, an intrusion-protection system, which employs both signatures and behavior rules.

Eset Co. Ltd., meanwhile, uses heuristics technology in its NOD32 antivirus software. One aspect of the technology analyzes instructions in a suspicious file or a piece of code to determine whether a virus-like pattern exists, said Anton Zajac, Eset's chief executive officer. The company's heuristics approach also lets code run in confined, virtual memory within a PC to check for suspicious activities, said Maros Mozola, vice president of business development at Eset.

Another tactic, which goes beyond product technology, is to anticipate what's coming next in the world of viruses, worms and other threats. Michael Rasmussen, a principal analyst with Forrester Research's security group, said some organizations are pursuing security intelligence.

Most anti-virus vendors run their own intelligence-gathering operations, but Rasmussen also pointed to independent intelligence firms. One such company is iDefense, which collects information on vulnerabilities and emerging threats. Watters said such intelligence can help organizations implement an interim patch in the time gap between threat and remedy. Workarounds may include changing a configuration setting on an e-mail gateway or firewall. The idea is to "close the gap and not rely just on the vendor to update," Watters said.

Oltsik added that proactive firewall management, aggressive filtering and constant monitoring should also complement traditional anti-virus ware.

Sources: Computer Associates International Inc., F-Secure Corp., Network Associates Technology Inc. and Symantec Corp.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group