Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Thu, Aug 14, 2003 at 09:00:36PM -0400, Duane Morin wrote: > So I trip my way into this magazine article assignment on corporate > antivirus strategies. Anybody got any recommendations where I could do > some research? In particular it would be great to find some IT management > types that wouldn't mind being quoted. I'm coming out of financial > services where nobody talks about anything without half a dozen PR people > and lawyers present. :( > > And I have been seriously tempted to write something in the "Maybe it's > time to try a new OS..." vein, but haven't gotten to that one yet. I > should bang something out while the iron is hot and people are frustrated. > > Duane > > Disclaimer: Yes, I work for Symantec, but speak for myself. Most companies it seems have realized that chasing the never ending patch train and outlook updates is a cat and mouse game that they'll never win. Managing patch versions on thousands of machines is no easy task, and more important, this method is often reactive and not proactive and hence, too late. Instead, the stratagy is to prevent virus/work/trojan code from entering the network to begin with. Symantec, for example, has firewall appliances which do AV scanning at the gateway level, smtp gateways that scan incoming/outgoing mail (http and ftp too), and an AV scan engine that can run on linux and solaris, which can recieve scan request from other 3rd party applications and gateway services. There are also event managers, which take the logs from the AV products, and correlate them with IDS and firwall logs to produce "Incidents" showing a more accurate picture of whats going on. In the future, I think host based AV scanning, and host based IDS will converge, since we're no longer talking about goofy viruses that make your Word docs and Excel spreadsheets funny colors, or even *just* destroy your local drive/boot sector. We're talking about network exploit code and root level access to machines behind the firewall. -Clint > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://www.blu.org/mailman/listinfo/discuss
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |