As the bad guys get more sophisticated with launching online attacks on your business PCs, you have to get smarter about how you are protecting them. And in the past year, many of the traditional anti-virus (AV) vendors have improved their products by streaming their updates, adding integrated browser protection against phishing and session hijacking, and improving ways to thwart zero-day exploits.
It still is an escalating arms race, but there is hope that you can stay ahead of the infections, botnets, malware, and Trojans that run wild around the Internet.
Viruses and malware have been around since the early days of DOS, when they were transmitted on infected floppy disks. But as the Internet reaches deeper and deeper into even the smallest business networks, you have to be better prepared for the latest in attack software. These days, it is easy to manufacture a custom virus that will only infect one or two computers. This makes virus signature and pattern matching obsolete.
Last year, I spent a day at Symantec Labs and they showed me exactly how easy this was: With toolkits you can download, within minutes I was a script kiddie, creating infections left and right. No real skills required, either, other than knowing where to go to get started.
In the past, you had separate desktop software products for anti-virus/anti-malware, browser-based screening tools, host-based firewalls (the ones installed on each desktop, outside of the security features that were found in the underlying operating system), and mobile device management tools. These desktop products didn't include the tools that handled network-level intrusions, firewalls, and data leak protection products. That meant having lots of different vendors’ stuff to manage – as well as the task of choosing the right software and (if your company is big enough) negotiating license agreements with the vendor.
It helps that our desktop operating systems are more secure; certainly, Windows 7 and Mac OS Lion are better than their ancestors. But it also helps that the security vendors are getting better at integrating the various protective features. They have also done a better job at automation rather than waiting for you to schedule them or download various updates. While things are still far from flawless, the quality of the endpoint protection software is the best it has been in several years.
Let's take a look at several different recent products to give you an idea of where things are going in this particular market segment.
Better signature updates
For years, anti-virus software relied on signature updates that needed almost constant downloading to stay on top of threats. But as we mentioned earlier, this is outmoded technology, because custom viruses have become so easy to create. An alternative solution was something I wrote about last year about cloud-based AV protection: The cloud contains the updates and can stay on top of recent outbreaks.
But moving AV to the cloud isn't the only solution. The security vendors have come up with their own algorithms to detect whether your PC is doing something that it shouldn't, such as sending out lots of e-mails with attachments or making frequent connections to servers in suspicious locations.
For example, Symantec's Endpoint Protection software comes with four different detection routines to look for oddball network behavior, specific malware files that have found their way to your desktops, the reputation of the sites that you visit, and the actual programs that are running on your computers and how they behave. They call this "defense in depth" and it is typical of what many of the modern desktop security vendors have to do to keep your PCs protected.
Even Symantec's Norton line of products is also getting more full-featured. Norton 360 can manage a fleet of computers for online backups, tuning up your registry and other system files, and handling security tasks. See the screenshot of its main control console below.
Protecting both PCs and smartphones, too
Norton has another new product called Norton One. It offers protection across a broad spectrum of endpoints, including Windows, Macs, and Android devices. This is the first time that they have moved to combine both PC and mobile devices into a single offering, and it represents another direction for security administrators who are worried that their smartphones can serve as an infection vector. A single subscription covers updates to a wide range of Norton products, too. Pricing starts at $150 to cover up to five devices.
McAfee VirusScan is moving in a similar direction with its Mobile Security for Enterprise, also protecting all business-owned Android devices.
Combining browser protection with anti-virus
Other niche security vendors have begun to branch out to cover different infection avenues. For example, one of the leading browser scanning tools for many years has been Webroot. This month, they have come out with an enterprise version of SecureAnywhere. This puts a small agent on any Windows desktop or server OS since Windows XP, including both 32 and 64-bit and Windows running in VMs too. It provides cloud-based endpoint protection that doesn't rely on signature updates, unlike earlier Webroot products. The new version includes anti-malware scanning, a host-based firewall, cleanup of various system and registry files, and the ability to quickly scan your desktop. It is priced at between $16 to $35 per user per year, depending on volume licenses. While the first version is just for Windows, they are working on Mac versions for later in the year. You can see an example of its main control console below.
Better ways to ensure automatic software updates
With the proliferation of phishing sites and other browsing exploits, many free or low-cost scanning tools make sure that you didn't accidentally download malware while you were out surfing around the Net. Some of these can be launched from a Web browser (such as Bitdefender's free QuickScan online) and others require downloading some software.
New from Secunia is v3 of its Personal Software Inspector, which takes the scanning process a step further to try to remediate the problem once you finish with your scan. It looks to see what is out of date on a wide spectrum of software that is installed on your PC. If it can update the software, it does, but at least it puts everything that is outmoded (that it knows about) in a single screen, as you can see here:
Casting a wide net for malware
One alternative to installing desktop software on all your PCs is to set up a network-based appliance that can catch the incoming infections before they reach your desktops.
This is what Network Box has done with its device using its Z-Scan technology. Network Box uses hundreds of thousands of what it calls “virus traps” spread around the world on key network segments to detect malware and other anomalies that are flowing across the Internet. When one of these traps finds something bad, it sends this information to one of more than a dozen different global analysis centers run by the company. They can create and release a new signature within seconds, as shown in this diagram of how it works.
This cuts down the time that an exploit can operate before it is discovered, ensuring that you can be adequately protected before an infection spreads across the Internet.
As you can see, a number of vendors are trying unique methods to stay ahead of these online-based infections and make it easier for network administrators, even for small businesses, to protect their PCs.