Corporate Anti-Virus strategies

Clint M. Sand clint at neotrance.dyndns.org
Sat Aug 16 12:18:29 EDT 2003 

On Thu, Aug 14, 2003 at 09:00:36PM -0400, Duane Morin wrote:
> So I trip my way into this magazine article assignment on corporate 
> antivirus strategies.  Anybody got any recommendations where I could do 
> some research?  In particular it would be great to find some IT management 
> types that wouldn't mind being quoted.  I'm coming out of financial 
> services where nobody talks about anything without half a dozen PR people 
> and lawyers present. :(
> 
> And I have been seriously tempted to write something in the "Maybe it's 
> time to try a new OS..." vein, but haven't gotten to that one yet.  I 
> should bang something out while the iron is hot and people are frustrated.
> 
> Duane
> 
>
Disclaimer: Yes, I work for Symantec, but speak for myself.

Most companies it seems have realized that chasing the never ending
patch train and outlook updates is a cat and mouse game that they'll
never win. Managing patch versions on thousands of machines is no easy
task, and more important, this method is often reactive and not
proactive and hence, too late.

Instead, the stratagy is to prevent virus/work/trojan code from
entering the network to begin with. Symantec, for example, has firewall 
appliances  which do AV scanning at the gateway level, smtp gateways 
that scan incoming/outgoing mail (http and ftp too), and an AV scan 
engine that can run on linux and solaris, which can recieve scan request 
from other 3rd party applications and gateway services. There are also 
event managers, which take the logs from the AV products, and correlate 
them with IDS and firwall logs to produce "Incidents" showing a more 
accurate picture of whats going on. 

In the future, I think host based AV scanning, and host based IDS will 
converge, since we're no longer talking about goofy viruses that make 
your Word docs and Excel spreadsheets funny colors, or even *just* 
destroy your local drive/boot sector. We're talking about network
exploit code and root level access to machines behind the firewall.

-Clint

> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss

More information about the Discuss mailing list