This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."
Download it now to read this article plus other related content.
Avinti iSolation Server 1.1
Price: Starts at $20
|Avinti iSolation Server 1.1|
It's in your inbox--an e-mail with an unfamiliar attachment from a trusted coworker. Is it legitimate or has it been spawned by an e-mail spoofing worm that captured your address from an infected system? Some enterprises prohibit types of e-mail attachments, but that means blocking whole file classes and impeding operations for the sake of security. Others depend on resource-intensive gateway filters.
Avinti has come up with a clever idea to stop e-mail malware without necessarily prohibiting attachment types, but retaining network performance: the Avinti iSolation Server (AIS).
AIS is a gateway software product placed in front of any SMTP-based e-mail server. Running on Windows 2000/2003, the IIS SMTP virtual server intercepts all incoming e-mail messages and passes them through a simulated computer running Windows 2000, Microsoft Office, WinZip, Adobe Acrobat and other common applications.
The downside is that the current version is a only suited for small businesses and branch offices. Even with its recommended hardware and configurations (a 3 GHz Pentium 4 processor with 2 to 4 GB RAM), it can only process 500 externally generated e-mail messages per hour at the gateway, clearly ruling it out for even mid-sized organizations.
Nevertheless, it's a promising technology. The key advantage is its protection against malware during the critical time between when a virus is released and a signature is posted by AV vendors. Security managers can configure filters by proposed action (block, ignore or observe) and file extension through an easy-to-use interface. For example, e-mails with Word or Excel attachments can be immediately blocked, while text files are ignored, since they pose no risk.
AIS passes suspicious e-mails and attachments to its virtual machine, where it behaves as if it has reached its target. AIS monitors the activity in the virtual machine for abnormal behaviors such as self-replication, file system access and Microsoft Outlook address book lookup. It will unpack .zip files to discover malicious activity; security managers also have the option to block password-protected or encrypted .zip files. It blocks malicious e-mails, while letting harmless ones through.
This was first published in January 2005