IT managers trying to fend off mounting malware attacks are taking a closer look at host-based technologies to target a range of threats from spam to rootkits while providing network repair.
"Host-based protection is the last line of defense for the enterprise," said Dan Blum, a security analyst at The Burton Group, based in Midvale, Utah.
Host-based anti-malware products have two components: a security agent that resides on the desktop and a central management server, or host. The agent detects threats such as viruses, spam and rootkits while it provides protection. The server portion manages and updates the agents and produces any necessary reports. Also included, depending on the product, are firewalls and host intrusion prevention solutions, or HIPS.
Other ways to provide protection from malware include gateway appliances that sit on a network perimeter or routers and switches with enhanced security. An example of an appliance is McAfee's 3100 Secure Internet Gateway Appliance, which uses software and hardware to filter email and Web content for malware and unsafe Web sites. Cisco Systems has built security features into some of its routers and switches, which mitigate problems like denial of service attacks and IP phone call eavesdropping.
Companies are looking to combine a number of features in a unified end-point protection product, and these products fit the bill, Blum said. Symantec Corp., based in Cupertino, Calif., and Santa Clara, Calif.-based McAfee Inc. dominate the enterprise security market, according to Blum. In third place is Trend Micro Inc., also based in Cupertino, Calif., which offers a similar product, followed by a host of smaller companies that offer similar products.
Microsoft set to enter the enterprise security market
Microsoft's entrance in the enterprise security marketplace next month is expected to bring more competitive pressures to bear on all the makers of host-based anti-malware products, Blum said. Microsoft will launch in May its Forefront Client Security product, which it acquired in 2005 when it bought East Northwood, N.Y.-based security vendor Sybari Software Inc. and renamed some of that company's Antigen security products. Microsoft's Forefront Client may appeal to all-Windows shops, but it lacks features that might attract a wider following. For example, it doesn't have a host intrusion prevention system for application control or exploit-in-progress blocking, nor does it have remediation policies in the management console, Blum said. Because of these deficiencies, it will trail "best of breed," he said, adding that future releases will probably include those features.
Forefront does integrate with Microsoft's operating system through technologies like its Network Access Protection, which will make it attractive, Blum said. Microsoft's Network Access Protection (NAP) technology helps monitor computers for security compliance and protection before they enter a network and can quarantine them until they have the necessary protection. NAP will not be available until Windows Longhorn ships.
McAfee's product, without including Network Access Control and HIPS technology, costs $18.52 per user when there are 5,000 or more users. Symantec's AntiVirus Corporate Edition 10.2, which includes its Client Security 3.1, costs $25.73 per user for 5,000 users or more. Trend Micro charges $23.39 per user for 5,000 users or more for its OfficeScan Corporate Edition 7.3, which has antivirus, antispyware and other features.
Microsoft has not yet released the pricing for Forefront Client.
Versatile security products rank high on priority list
What seems to be high on the priority list of IT managers are security products that can help them protect networks from threats that come from all quarters. "We're thin staffed, we're trying to do a bunch of different things, and we were looking for an all-in-one solution," said Shannon Fitzpatrick, vice president of distributed systems at Community Operations Inc., a group of community banks in Forest, Miss.
"We were getting killed with spam. People were getting 100 to 150 spam messages a day per user," Fitzpatrick said. In the end, Community Operations didn't choose a host-based product, but it still wanted one that would cover a range of issues, including viruses, spam and spyware.
Although companies will differ regarding which security features they believe are the most important, Blum said a mix of prevention technologies and management capabilities of host-based anti-malware products makes those products attractive choices.
"In truth, it's a combination of capabilities in as unobtrusive a package as possible that will provide the most protection with the least impact on business," Blum said.