The Web    Google
Shaving Time From The Virus Race

Shaving Time From The Virus Race
September 27, 2004

IronPort Systems has launched the latest version of its IronPort C-Series E-mail Security Appliance, adding Virus Outbreak Filters that the company said could respond to new virus outbreaks within minutes.

"We can see when a virus is breaking out pretty much in real time and enable a pro-active preventive security measure for our customers," said Tom Gillis, senior vice president of worldwide marketing for the security software company.

The software scans mail from the company's customers, which include six out of ten of the world's largest ISPs. It looks for unusual traffic patterns or suspicious messages. The appliance, a hardware and software combo, automatically quarantines all mail that looks suspect.

"When we know virus protection is in place, we release the mail," Gillis said. "Outbreak filers are used to close the reaction time gap that a traditional anti-virus system has." IronPort partners with Sophos for traditional virus protection; he said protection generally runs four to five hours ahead of the standard virus definition files.

The company claims that in beta testing during the "my doom.o" variant outbreak, the IronPort Virus Outbreak Filters detected and quarantined infected messages 4 hours and 48 minutes ahead of traditional defenses.

since many enterprises don't want important e-mail held for several hours, the San Bruno, Calif.-based IronPort also added E-mail Security Manager, a dashboard that lets administrators control all email security tools from a single Web-based interface.

Administrators can use the Security Manager to set or change policies for reputation filtering, anti-spam, anti-virus, content scanning, policy management, and message encryption. Network administrators can set different incoming mail flow policies for individual senders or limit message delivery based on the reputation of each sender.

"It allows complex policies to be administered simply," Gillis said.

The management interface also introduces clustering capability for managing multiple machines. A centralized reporting infrastructure gathers traffic data from each box and stores it in a SQL database. Administrators can run reports, analyze trends or search for a particular message.

The new version of the appliance will be provided as an upgrade to existing customers, with an additional charge for the virus filters. The product is sold on an annual license fee plus a per-seat basis, starting at $10,000 per box.

  • 7/12 Atak.A Worm Low Threat but High Traffic
  • How hacking has entered the age of mass production.
  • How hacking has entered the age of mass production.
  • Symantec, Nortel Play Team Defense
  • 7/30: Dropper-O a 'High Threat' Trojan
  • Sigaba Extends Email Security To Wireless LANs, Blackberry
  • OpenVMS: An Old OS Hasn't Lost Security Footing
  • 7/1: PWSteal.Refest Steals Banking Info
  • 2/3: Rbot-SQ Worm Has Backdoor Abilities
  • Stomping Out Spam: The Spam Series, Part 1
  • Tabbed Browsing Flaws Detected
  • Compare Security Camera Products