Improving defenses

Information security companies are working to bolster their defenses, and antivirus products have become a focal point for activity.

Antivirus vendors endeavor to churn out signature files — the .dat files that identify viruses — as soon as new threats are discovered. But the process of constantly updating antivirus products is a difficult tactical battle, said John Watters, president and chief executive officer of iDefense Inc. Virus writers have become "effective at coming out with a new variant at a pace [anti-virus vendors] can't catch up with," he said.

Customers face exposure from the time a malware or hybrid threat is first identified to the time vendors update their antivirus signatures. Another critical issue: Signature-based products can only ward off known threats.

"Signature-based antivirus software isn't enough anymore; it needs to be complimented," said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group.

Antivirus vendors are supplementing their signature-based products with detection methods that guard against unknown threats. One such approach is behavior-based technology, which analyzes the behavior of a given piece of code to check for undesirable characteristics. Network Associates Technology Inc., for example, offers Entercept, an intrusion-protection system, which employs both signatures and behavior rules.

Eset Co. Ltd., meanwhile, uses heuristics technology in its NOD32 antivirus software. One aspect of the technology analyzes instructions in a suspicious file or a piece of code to determine whether a virus-like pattern exists, said Anton Zajac, Eset's chief executive officer. The company's heuristics approach also lets code run in confined, virtual memory within a PC to check for suspicious activities, said Maros Mozola, vice president of business development at Eset.

Another tactic, which goes beyond product technology, is to anticipate what's coming next in the world of viruses, worms and other threats. Michael Rasmussen, a principal analyst with Forrester Research's security group, said some organizations are pursuing security intelligence.

Most anti-virus vendors run their own intelligence-gathering operations, but Rasmussen also pointed to independent intelligence firms. One such company is iDefense, which collects information on vulnerabilities and emerging threats. Watters said such intelligence can help organizations implement an interim patch in the time gap between threat and remedy. Workarounds may include changing a configuration setting on an e-mail gateway or firewall. The idea is to "close the gap and not rely just on the vendor to update," Watters said.

Oltsik added that proactive firewall management, aggressive filtering and constant monitoring should also complement traditional anti-virus ware.

Sources: Computer Associates International Inc., F-Secure Corp., Network Associates Technology Inc. and Symantec Corp.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.