Microsoft and other software vendors will certainly continue refining their software and issuing patches. And IS organizations like yours will continue to test and apply them. But corporations that are tiring of this "cat and mouse" game with the virus writers and hackers—and the expense associated with it—have alternatives to consider. I'll look at two potential sources for relief: new products from antivirus vendors and new ISP services to outsource antivirus management.
New options for antivirus software
Most current installations incorporating software products and tools from the three key antivirus vendors—Symantec, Network Associates, and Computer Associates (CA)—involve either installing server-based antivirus programs that track e-mail messages or putting copies of their virus scanning tools directly on the Windows clients. Companies then have to use vendor-specific software distribution programs or platform-specific programs like Microsoft's System Management Services or Novell's ZENworks to track versions and virus signature files. But antivirus software vendors are looking for ways to help companies do more with their technologies.
Moving to hardware
Symantec recently released new versions of its Symantec Gateway Security (SGS) appliance devices, which combine antivirus protection, intrusion detection, and prevention with firewall and content filtering. Combining multiple functions on a single device not only increases performance but can dramatically reduce the cost of acquiring and managing the technology. These new SGS appliances also integrate with Symantec's Enterprise Security Architecture, which allows corporate administrators to centralize management through a Web-based interface and manage corporate policies and reporting functions. Surprisingly, the other virus vendor making a significant play isn't Network Associates this time, but CA.
Expanding device coverage
CA doesn't think the software approach to virus management is flawed—it's just incomplete. By only protecting the Windows machines in an organization, it leaves plenty of other openings for viruses to invade the enterprise. CA is expanding its eTrust Antivirus product this fall by expanding the number of devices it supports (including Microsoft Pocket PCs and the new Smartphone platform) and the management capabilities. The new management console can be used to administer CA's virus control solutions on any platform including not only these new devices, but Windows, Linux, NetWare, and UNIX. Given its focus on enterprise products, CA is in a prime position to introduce its technology into large organizations that are struggling to implement virus protection solutions. CIOs in heterogeneous environments who may have discounted the eTrust solution in the past should consider looking at the CA solution now—especially given its unique support for device protection as part of its enterprise solution.
Outsourcing virus and intrusion management
The answer to effective virus management may not lie in what you can do for yourself, but what your ISP can do for you. Most virus attacks and intrusion attacks occur through the ISP that provides your primary Internet connection. In the past, ISPs have separated themselves from these issues by having clauses in their contracts that specifically release them from any liability for an attack. Although a version of these protection clauses (specifically those that limit their liability) will certainly remain in their agreements, ISPs are now looking at these protection issues not as opportunities to litigate, but as opportunities to generate revenues. Although these services are still in their infancy, the dominant service areas are beginning to emerge.
Many large companies will not even consider outsourcing their entire e-mail systems, but this is still a viable option for many small and medium-size firms. Given the move toward rich Web e-mail clients and Web-based workflow systems, many firms no longer have a requirement to support client side-only solutions like Outlook for e-mail services. For these companies, ISPs can offer not only universal, secure access to company e-mail, but also bundle in the virus and security management. As Kerberos, LDAP, RADIUS, and other directory and authentication standards continue to mature and interoperate, ISPs will be able to offer secure hosted mail and workflow solutions that interact seamlessly with a corporation's existing directory solutions.
Even if companies don't want to turn over the management of their e-mail platform to ISPs, they may consider allowing the ISP to add layers of security in the form of hardware devices like the Symantec SGS appliances or other hardware that's designed to stop attacks before they reach the servers on the company's side of the wire. Many of these solutions are already being tested in small and medium-size businesses. Once the pricing and security models have been refined, I expect ISPs will be more aggressive in approaching corporations about their system protection offerings.
Don't wait for the vendors
Forward-thinking CIOs have a real opportunity. Rather than waiting for the antivirus vendors and ISPs to come to them with these solutions, CIOs who approach these vendors about partnerships and early adopter programs will benefit from the extra service and support afforded to these types of partners and programs. There are also likely to be other direct financial benefits in the form of discounts and payment plans to help the vendors prove their offerings. And that's a pretty good deal—a lower cost for a more secure network.
TechRepublic originally published this article on 8 October 2003.