How do you protect your network in the time between the initial outbreak of an e-mail-borne virus -- the zero hour -- and the time when an antiviral signature is available?
A recent report from Ferris Research Inc. examined three products that target enterprises looking to secure themselves during this sensitive time. Senior analyst Nick Shelness said that while nothing will work 100% of the time, a few software companies are creating products that attempt to block viruses before they reach a network.
Shelness looked at products from MessageLabs Inc., in New York, IronPort Systems Inc., in San Bruno, Calif., and Avinti Inc., in Lindon, Utah, and judged whether the products could reasonably do what they claimed and if the logic behind them made sense. In other words, did they keep viruses out of the enterprise?
"It's unlikely to find a perfect solution. That having been said, there's an interesting race going on," he said. "In order to be effective, early-stage viruses have to replicate very quickly because they have very little time. If you have a virus that can't replicate at a very high rate, it's not likely to be that dangerous in the period before a viral signature exists.
"All of this stuff is at the entrance to the enterprise -- before you get anywhere near your mail servers, Shelness said. MessageLabs is a service where mail is routed through before it's delivered to an organization. IronPort's Messaging Gateway is an appliance that e-mail flows through. Avinti uses the most novel approach, he said. Its software runs on an appliance that acts as a virtual machine, testing e-mail before it enters an enterprise.
"Is it a significant improvement? I would argue it is, Shelness said. "None are 100% solutions. It's the classic cost-benefit analysis. If in fact a virus makes it in, what is the cost to me of cleaning up and how many are a year versus what is the cost of adding this additional step?"
Some companies are deciding that step is one worth taking.
"It's enough of a problem that we had to do something about it," said David Clark, IT director for the Jones Waldo Holbrook & McDonough law firm in Salt Lake City. "I think everybody should be protected [from] the unknown, especially when you're dealing with your firm's data." He uses Avinti's product to scan attachments before mail is distributed to users.
"Most of the viruses are worms versus an e-mail attachment, but we get hit by viruses every day like everybody else," Clark said. "It's just a matter of does it affect you or not?"
Note: This article originally appeared on SearchWindowsSecurity.com.