The ability of new e-mail viruses to spread before fixes become available for them is nudging some vendors to look beyond traditional signature-based antivirus technology. Lindon, Utah-based Avinti Inc., a start-up with over US$30 million in venture capital funding, has introduced an e-mail security appliance designed to detect and block as-yet-unidentified e-mail viruses.
Unlike reactive signature-based products that block viruses by matching patterns, Avinti’s iSolation server looks for deviations in e-mail behaviour to identify threats. It intercepts all e-mail heading into a corporate network and looks at all attachments or executables in the body. E-mail attachments and executables are opened in a virtual execution module and inspected for behaviours suggesting malicious intent. Suspect e-mail is quarantined or filtered out based on user preferences.
The technology doesn’t replace signature-based antivirus products, said Teney Takahashi, an analyst at The Radicati Group Inc. in Palo Alto, Calif.
“It’s probably most effective as part of a comprehensive antivirus strategy,” he said.
The Make-A-Wish Foundation of Utah has been testing the iSolation server for a few months and has found it to be quite useful, said network administrator Darren Massey in Salt Lake City. Despite some early problems with false alarms, the technology helped block a recent virus that had gotten past the organization’s defences.
“It’s given us another layer of protection,” he said.
Avinti’s announcement is similar to the one made earlier by IronPort Systems Inc., a San Bruno, Calif.-based vendor of e-mail security appliances and services. IronPort now sells an appliance featuring the new Virus Outbreak Filter, which uses information culled from an IronPort spam-filtering database to identify new e-mail viruses.
In beta tests by Electronic Data Systems Corp. and some of its customers, the IronPort filters have provided warnings about new viruses hours in advance, said Richard Parvins, a systems engineer at EDS.