IronPort's latest app detects and responds to e-mail viruses

E-mail security systems supplier IronPort Systems has released new versions of its C-Series line of Email Security Appliances,...

E-mail security systems supplier IronPort Systems has released new versions of its C-Series line of Email Security Appliances, with features that make it easier for administrators to predict new virus outbreaks and manage e-mail security across corporate networks.

IronPort's C-Series appliances now feature virus outbreak filters, which use data from IronPort's SenderBase global e-mail monitoring network to predict and defend against virus outbreaks.

IronPort has also added Email Security Manager, a new administrative GUI (graphical user interface) which centralises management of antispam and anti-virus services on an e-mail infrastructure, and Enterprise Management Tools that makes it easier to monitor and configure multiple IronPort devices on a network, the company said.

Developed by IronPort, virus outbreak filters use information submitted to the SenderBase network to detect and respond to new virus outbreaks. The filters, which have been used by IronPort customers in beta tests, can provide hours of warning about developing virus outbreaks by studying patterns in SenderBase, said Craig Taylor, vice-president of technology at IronPort.

For example, the filters might notice a steep increase in e-mail messages with Zip file attachments that contain executable files, or e-mail file attachments with two or more file extensions. While not proof, in itself, of a new virus, the increase could be the first evidence of the emergence of a new e-mail virus, Taylor said.

IronPort claims that the filters provided four hours advance notice of the appearance of Mydoom.O, a recent version of the Mydoom e-mail worm.

With that much notice, e-mail administrators can use the C-Series appliances to identify and quarantine the suspect messages until a signature is developed for the new virus. After the release of a signature, quarantined messages can be scanned to determine if they are virus-infected, then deleted or sent on to their intended recipient, he said.

IronPort's appliances use technology from Sophos for virus detection and Brightmail, now part of Symantec, to spot spam.

The Email Security Manager feature simplifies management of antipsam, anti-virus and e-mail reputations filters on the IronPort appliances by allowing network administrators to tailor e-mail policies for groups of users or even individual e-mail senders.

The Manager integrates with Microsoft's Active Directory or other LDAP (Lightweight Directory Access Protocol) directory services, allowing administrators to easily assign and distribute mail policies to users on their network. Reporting features in the Manager allow administrators to view e-mail traffic reports in real time, or for a set period in the past.

Coupled with new management features that enable IronPort appliances to communicate using a P2P style architecture, the new features will make it easier to manage deployments of multiple IronPort appliances and ensure that no appliance is a single point of failure, IronPort said.

Paul Roberts writes for IDG News Service

Read more on IT strategy