How should organizations implement virus protection?
Virus protection is a discipline of risk management. A 100% protection is neither technological nor economical feasible. When implementing virus defenses, an enterprise needs to determine its risk level and take action according to their perceived need for security. This need will not only be determined by internal factors, but also by governing laws and principles. To get started enterprises can turn to established guidelines like the ISO 27001. ISO 27001 certification can be used as a driver to implement a sound security policy.
Comprehensive virus protection for any organization needs to be implemented in layers and must be part of a more complete security and risk managing initiative. You can borrow the principles from the blueprints of the great cities of the middle ages: not a single but multiple walls, a ditch, guards at the gates, signal towers, nearby allies and citizens vigilance constitute their defense system. The number of layers to be implemented depends on the risk level determined beforehand.
To guard the "gates" a twofold approach must be taken: disallow known trouble makers to reach you and inspect arrivals carefully. The first task can be achieved using spam filtering techniques like black listing or content recognition, the second by using virus scanning and content blocking. Important aspect here: You should reject a message as early as possible. There is no point scanning a message content if it could have been rejected for trying to deliver to an unknown user in your domain or being send from an origination that is known to a blacklisting service.
Having a current virus scanner signature might give enterprises a false sense of protection, therefore it must be complemented by digital fingerprint based file blocking and quarantine to catch unknown harm. This way any executable content can be blocked and unknown maleware escaping the scanning patterns will be captured and blocked swiftly.
All "gates" need to be protected equally: email, instant messaging and individual PCs where removable or portable media could pose an attack vector. The signaling towers would be the notification system, that alerts all gatekeepers if one of the gates encounters an attack to improve the networks resilience. This notification feature must include the network protection layer (a.k.a Firewall), so an attacked or infected segment can be isolated automatically.
Citizen's vigilance can be achieved with meaningful training and regular updates on the security front. If every employee is able to identity a suspicious entry (mostly via email), the risk of an infection is lowered substantially. Finally, virus protection is no one time effort: scanning patterns need to be auto-updated, new thread sources blacklisted and employees updated on the latest developments in network attack and protection.
Spam is a very popular attack vector, so head over to Chris and learn about Domino SPAM fighting
Comprehensive virus protection for any organization needs to be implemented in layers and must be part of a more complete security and risk managing initiative. You can borrow the principles from the blueprints of the great cities of the middle ages: not a single but multiple walls, a ditch, guards at the gates, signal towers, nearby allies and citizens vigilance constitute their defense system. The number of layers to be implemented depends on the risk level determined beforehand.
To guard the "gates" a twofold approach must be taken: disallow known trouble makers to reach you and inspect arrivals carefully. The first task can be achieved using spam filtering techniques like black listing or content recognition, the second by using virus scanning and content blocking. Important aspect here: You should reject a message as early as possible. There is no point scanning a message content if it could have been rejected for trying to deliver to an unknown user in your domain or being send from an origination that is known to a blacklisting service.
Having a current virus scanner signature might give enterprises a false sense of protection, therefore it must be complemented by digital fingerprint based file blocking and quarantine to catch unknown harm. This way any executable content can be blocked and unknown maleware escaping the scanning patterns will be captured and blocked swiftly.
All "gates" need to be protected equally: email, instant messaging and individual PCs where removable or portable media could pose an attack vector. The signaling towers would be the notification system, that alerts all gatekeepers if one of the gates encounters an attack to improve the networks resilience. This notification feature must include the network protection layer (a.k.a Firewall), so an attacked or infected segment can be isolated automatically.
Citizen's vigilance can be achieved with meaningful training and regular updates on the security front. If every employee is able to identity a suspicious entry (mostly via email), the risk of an infection is lowered substantially. Finally, virus protection is no one time effort: scanning patterns need to be auto-updated, new thread sources blacklisted and employees updated on the latest developments in network attack and protection.
Spam is a very popular attack vector, so head over to Chris and learn about Domino SPAM fighting
Posted by Stephan H Wissel on 14 August 2007 | Comments (1) | categories: Software