Avinti iSolation Server 1.1

Avinti iSolation Server 1
Avinti
Price: Starts at $20

It's in your inbox--an e-mail with an unfamiliar attachment from a trusted co-worker. Is it legitimate or has it been spawned by an e-mail spoofing worm that captured your address from an infected system? Some enterprises prohibit types of e-mail attachments, but that means blocking whole file classes and impeding operations for the sake of security. Others depend on resource-intensive gateway filters.

Avinti has come up with a clever idea to stop e-mail malware without necessarily prohibiting attachment types, but retaining network performance: the Avinti iSolation Server (AIS).

AIS is a gateway software product placed in front of any SMTP-based e-mail server. Running on Windows 2000/2003, the IIS SMTP virtual server intercepts all incoming e-mail messages and passes them through a simulated computer running Windows 2000, Microsoft Office, WinZip, Adobe Acrobat and other common applications.

The downside is that the current version is a only suited for small businesses and branch offices. Even with its recommended hardware and configurations (a 3 GHz Pentium 4 processor with 2 to 4 GB RAM), it can only process 500 externally generated e-mail messages per hour at the gateway, clearly ruling it out for even mid-sized organizations.

More Information Use this checklist on the job to fortify your Web server. Test your knowledge of e-mail security

Nevertheless, it's a promising technology. The key advantage is its protection against malware during the critical time between when a virus is released and a signature is posted by AV vendors. Security managers can configure filters by proposed action (block, ignore or observe) and file extension through an easy-to-use interface. For example, e-mails with Word or Excel attachments can be immediately blocked, while text files are ignored, since they pose no risk.

AIS passes suspicious e-mails and attachments to its virtual machine, where it behaves as if it has reached its target. AIS monitors the activity in the virtual machine for abnormal behaviors such as self-replication, file system access and Microsoft Outlook address book lookup. It will unpack .zip files to discover malicious activity; security managers also have the option to block password-protected or encrypted .zip files. It blocks malicious e-mails, while letting harmless ones through.

To test AIS, we sent a variety of text and HTML e-mails and attachments--all of which were handled correctly. Both blocked and allowed e-mails were processed nearly instantaneously, while the processing of suspicious messages took up to 30 seconds. AIS assigns an ID to malicious e-mails and their attachments, so multiple copies are blocked without subsequent testing. Security managers can change default settings and track blocked e-mails and attachments through an administrative Web page. Details about blocked e-mails are easily retrieved by searching for the date, sender or recipient using the admin interface.

Though the first version needs improvement, especially in the virtual machine and documentation, AIS offers a new option for SMBs to combat e-mail-born malware.

About the Author
Steven Weil is a contributor to Information Security magazine.

This review orginally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT URL Filtering Google Chrome unlikely to attract security-minded users Web security gateways keep Web-based malware at bay What can be done to block adult images in search engine results? Web security gateways meet rising malware threats Can watching online videos present enterprise security risks? How can hackers bypass proxy servers? What are the best ways to block proxy server sites? How well do content filtering tools limit network traffic? At Your Service Blocking Web anonymizers in the enterprise Windows XP and Server Security Windows registry forensics: Investigating system-wide settings Microsoft provides guidance on GDI flaws Microsoft plugs Media Player, graphics handling flaws Microsoft to patch critical flaws in Office, SQL Server Microsoft patches critical Access, Excel flaws Inside MSRC: Microsoft addresses critical Snapshot Viewer flaw Microsoft to revamp patching, add exploitability index Vendors rally to repair dangerous DNS flaw Microsoft issues DNS, SQL Server updates Inside MSRC: Microsoft issues guidance on DNS server update Software 2006 Products of the Year: Antivirus Websense Enterprise 5.5 Kaspersky Anti-Virus Business Optimal 5.0 HOT PICK: Aladdin's eSafe5 chock full of content protections Content Alarm 1.1 Products of the Year: Antivirus/antiworm Week 33: Pretty Good Privacy --More than pretty good Your desktop antivirus product may be leaving you wide open to attack RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary content filtering  (SearchSecurity.com) Web filter  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.