Virus Signature Solutions from SECURE COMPUTING®
Limitations of Virus Signature Solutions
Secure Computing's in-depth protection against viruses presents a multi-layered strategy to ensure that your network is protected from viruses of all types, regardless of origin, and regardless of which protocol is used in the attack.
The most common and straightforward method of preventing viral attacks on the network is virus signature technology. Virus signature databases have doubled or tripled over the past two years to keep up with the ever-increasing volume of malware; unfortunately, new viruses will still get through, no matter how large the signatures become, or how fast they are updated.
Virus signature technology, despite the inherent limitation, is still an important part of your anti-virus strategy, and makes up a significant part of your defense. But as any strategist will tell you, whether on the football field, on the battlefield in combat, or in cyberspace, having only a single line of defense puts you in a very risky position. The vulnerability of virus signature technology means that it must be supplemented—not replaced—with complementary technologies to make sure that every possible attack vector is covered, preferably on multiple fronts. The inherent limitation of virus signatures is that it requires new viruses to be caught, included in the database, and updated on each individual system. There is a natural time lag between when a virus is first released into the wild, and when it is included in the database. There may be an additional time lag between when it is included in the database, and the individual enterprise updates their system.
The best virus signature system will mitigate some of this risk by providing an automatic update system that occurs without user intervention, and also has a configuration compliance system that checks all endpoints to make sure they have the latest virus signature updates before being allowed to connect to the network.
But even with these protections, there remains an additional vulnerability in virus signature solutions. This is the lag that exists between when the virus appears, and when it is included in the database. Even if that time lag is less than a day, it can still penetrate thousands of computers in less than an hour. The only way to overcome this limitation is to supplement robust virus signature technology with additional solutions that go beyond the signature database, to catch viruses that are not yet known. A virus that has not yet been detected by security experts, known as a zero-day attack, can still be caught through additional means, ensuring that your network is fully virus-free.
Eliminating or regulating access to file-sharing applications based on the IM or P2P protocol can help eliminate unknown viruses, simply because these applications are common entry points for viral infections. Additionally, regulating access to web sites that are known to be hazardous, or have been categorized as potentially harmful, will eliminate drive-by infections. Secure Computing's Webwasher technology serves this goal, by supplementing virus signature systems with powerful gateway web access control. The other way Secure Computing prevents zero-day attacks is through its TrustedSource global reputation engine, which evaluates the reputation of every sender of email and every URL. For more information on Secure Computing's multi-layered anti-virus strategy and how it can work in your network, please visit Secure Computing's web site at http://www.securecomputing.com.
