Managing security: Building a defence

Stephen Withers ZDNet Australia

Published: 13 Jun 2002 11:32 BST

Here we look at the issues presented by viruses, the deployment and ongoing management of antivirus tools, and the role of end-user education.

Throughout this article we use the term "virus" in a generic sense that includes worms, Trojans, and any other malicious code.

Business issues
Jakub Kaminski, antivirus research manager at Computer Associates, points out that viruses can be expensive, not just because of the intended effects of their payloads, but because of the unintentional damage they cause, as well as the need to stop systems to check (and if necessary repair) them. Such downtime can be very costly.

Managing director of security software distributor Janteknology Glenn Miller was previously instrumental in setting up McAfee's Australian operation. "Meta Group estimates that public exposure of an IT security breach can shed, on average, 1.75 percent off a company's stock price within 48 hours, converting to hefty losses in real dollar terms," he says.

"Thus, having a solid contingency plan to shore up intrusions has become as important as having a barrier to protect against them in the first place."

Even though there are products that are able to identify virus-like behaviour, antivirus software is not sufficient as it is essentially reactive.

"Indeed, there are many more security vulnerabilities -- holes -- than there are viruses...multi-layered solutions are required," says Miller.

This fact is not lost on antivirus vendors who, operating in an already mature market, are increasingly moving to become broader-based players. Symantec, for example, has bought a security company and is now selling hardware firewalls.

Meanwhile, McAfee has done a deal with eEye -- the company that discovered the first Microsoft hole and developed Secure IIS in response -- and is offering Secure IIS as a download from its US site.

Forrester Research interviewed 50 security managers at major organisations, and just over half said a one-day outage would "have a disastrous effect". It's not simply the operational problems, "the PR damage associated with an incident would be hard to recover from," said one manager.