Traditional anti-virus software only stops known computer viruses – stopping undefined computer viruses requires a different approach.
In past, network administrators scrambled to apply new virus signatures whenever new computer viruses were discovered. While these signatures will stop a known threat, it takes time for anti-virus vendors to develop them. Unfortunately, newest and most damaging viruses are able to spread so quickly that damage is done before a signature can be developed and distributed.
In fact, independent testing laboratory AV-test.org found response times for major anti-virus software publishers to range from just under 7 hours to almost 30 hours , with four leading vendors (Sophos, McAfee, Symantec and Trend Micro) clocking in at no less than 12 hours.
In January 2004, computer virus known as “MyDoom” created mass disruption to corporate resources and reputations as it quickly spread through e-mail networks worldwide. At its peak, MyDoom infected one in every five e-mails transmitted over Internet. The worm broke records set by previous malware, such as Sobig.F, to become fastest-spreading virus ever. This incredible propagation speed left many networks vulnerable - despite presence of anti-virus software - because of lag time between when virus outbreak began, and when a virus definition became available.
As a result of recent malware threats, corporations and organizations have learned a painful but important lesson: simply deploying a signature-based solution is no longer enough. Detecting and eliminating computer viruses requires a multi-faceted, rapid-response approach that traditional anti-virus protection cannot provide. Even a single unprotected computer on an enterprise network can bring down entire system in just minutes, rendering even most expensive and up-to-date software useless.
Why E-Mail is Particularly Susceptible
In many organizations, e-mail has replaced telephone as most useful business tool available. Unfortunately, e-mail has also been a victim of its own success and presents a unique threat to enterprise network as a whole.
Detecting and eliminating threats has traditionally been combined responsibility of firewalls, virus scanners, and intrusion detection systems (IDS) set up by enterprises to defend against attacks. Firewalls prevent unauthorized programs from accessing network, virus scanners scan each PC in network for malicious code, and gateway servers lock down extraneous ports to protect against unauthorized access.
But key Internet-facing applications, including e-mail are unguarded by firewalls. In order to function, e-mail must expose firewall ports, including port 25, port used by SMTP (Simple Mail Transfer Protocol) and port 110, port used by POP (Post Office Protocol).
When a firewall receives a connection on port 25, it generally assumes that transmission is e-mail and allows it to flow through to e-mail server. The transmission may very well be a valid e-mail; however, it could also be a virus, spam or something much worse. Firewalls are not able to distinguish between “good” mail and “bad” mail and therefore they are unable ot protect e-mail application.
Stop E-Mail Threats at Gateway
Therefore, some sort of protection is needed specifically for e-mail and, since best place to stop a threat is before it gets inside network, protection should be at e-mail gateway. Protecting e-mail gateway requires a coordinated effort to combat a host of issues, including spam, viruses, corporate policy infringements, directory harvest attacks, denial of service attacks, phishing, spoofing, and snooping. As e-mail threats evolve, distinction between each of these types of threats becomes blurred.
Furthermore, accuracy in identifying “bad” e-mails is crucial. Extreme care must be taken to avoid filtering out legitimate e-mails (false positives), which could contain important information from customers or partners.
Historically, enterprises have turned to multiple vendors to solve their e-mail security issues. They have relied on anti-virus vendors to protect them from viruses. They use a separate anti-spam vendor to help cut back on spam. Then, there are issues of content filtering, policy enforcement, encryption, and network security. Unfortunatley, attackers are now highly adept at exploiting these non-integrated solutions. This “Swiss cheese” defense has not only been costly, but increasingly ineffective at protecting corporate email systems.