Malware 2.0 Meets Security 2.0

A three-pronged approach can prevent threats from damaging data networks. Although many companies have policies in place that deny employee access to Web sites that are not work related, the monitoring and enforcement of these policies is not always easy. Over the past year, there have been numerous stories about employees who visited Web sites such as YouTube or, resulting in their work computer becoming infected with a piece of Web-borne malware. This type of problem is likely to grow as cyber criminals find that the use of Web-borne malware can infect hundreds of thousands of users in moments.

Designed to keep Web traffic flowing and safe from malware, the latest Web security appliances scan all HTTP and SMTP traffic coming in and going out of the network to ensure that each piece of content is not infected with malware. The traffic is scanned against a database of threat-protection signatures and is allowed to pass through the network if no malware is detected.


by John Yun

One way to address security concerns caused by new technologies, such as peer-to-peer (P2P) applications like instant messaging (IM) and voice over IP (VoIP), is to add dedicated application security appliances, such as those designed specifically for P2P applications. Purpose-built hardware and software focus tightly on a single problem and offer plug-and-play simplicity, but narrow- focused solutions solve only one problem. Point products also introduce network complexity that can compromise not just security, but the network’s performance and quality of service (QoS).

New applications often introduce new underlying protocols. The capabilities in P2P applications, for example, come from specialized IP protocols-multimedia protocols in IM attachments, or various protocols for voice communications. As with other protocols, hackers and viruses can exploit implementation flaws in P2P protocols to launch attacks.

Dedicated appliances designed specifically to assure protocol integrity before granting network access can be effective, but many enterprise networks already have that capability and more built into the deep-inspection and intrusion-detection capabilities of modern security products. To realize that capability, an enterprise’s existing infrastructure vendors should provide regular updates- supporting the popular and latest IM protocols; providing capabilities for IM attachment scanning; and sending updates promptly on release of new applications. If such updates are provided, the network is most likely already protected from protocol abuse without the purchase of any new, special-purpose gear.


Leave a Reply