Recent announcements highlight a growing trend in the anti-virus market: Companies are focusing on threats to collaborative technologies, including instant messaging and mobile phones. According to Nemertes’ research, the vast majority of companies report having a handle on e-mail-borne viruses; almost 90% of IT executives who participated in Nemertes’ benchmark "Secure Messaging for a Changing World," say their anti-virus efforts are "very" or "extremely" successful.
But with the remote-worker population growing, and as companies start to use new technologies for convergence and collaboration, a renewed focus on anti-virus is critical for enterprise security. First up for attention: Instant messaging, which is in use at more than three-quarters of companies, only about a third of which use any kind of enterprise-class system. The rest, for now, are relying on consumer services, which typically go unscreened and unprotected. As viruses rise across IM networks, this opens a huge whole in many enterprises’ security net.
Hence, the spate of new products and services in this space. Instant messaging-gateway vendor FaceTime Communications recently announced its Day Zero Defense System for preventing worms and spyware downloads over enterprise and public IM networks. The tool, named to reflect the speed with which IM threats can spread, uses anomaly detection to analyze code against normal behavior, without the need for security signatures, according to the vendor. The goal is to identify and stop IM attacks before they spread, and the software is designed to work with all leading enterprise and public IM services and applications.
Akonix has launched L7 Remote User Agent, for delivering instant messaging security and logging capabilities for mobile workforces. It works in conjunction with the Akonix L7 Enterprise message management system to ensure that any employee working remotely will receive the same IM security and compliance protection as users connected to the corporate network.
And CipherTrust, a messaging security company, launched CipherTrust IronIM, a gateway security appliance for both e-mail and instant message communications. IronIM stops inbound and outbound messaging threats at the gateway, keeping them out of the corporate network. IronIM also lets IT managers automatically encrypt IM traffic, and it supports multiple IM services, including AIM, MSN Messenger, Yahoo! Messenger, Google Talk, Microsoft LCS and IBM SameTime. Similarly, Barracuda Networks will deploy an IM appliance early next year, although this box will include its own enterprise-class IM client, as well as support for the usual IM suspects.
And just this week, Archive One has announced support for archiving, search and retrieval of instant messages and RSS feeds to meet regulatory compliance and internal corporate requirements. IMlogic’s IM Manager is the first IM management software to integrate with Archive One, adding IM capabilities to the messaging lifecycle management solution.
But instant messaging is just the beginning. As more workers go virtual, look to other areas in need of protection. This includes cell phones, which are increasingly carrying critical enterprise data, such as contact information and calendars. Nokia and Symantec have partnered to help secure Nokia’s Series 60 smart phones from growing handset viruses. F-Secure, Trend Micro and Kaspersky Lab also develop software to combat viruses on handsets, which many see as a growing threat, although it will likely be 12-24 months before they reach the level of other threats today.
Next up: Solutions to protect conferencing (Web and video) and Voice over IP files—I honestly believe it’s just a matter of time before VoIP attracts significant hacker attacks.
Bottom line: for the majority of IT executives who tell us their traditional anti-virus efforts are successful, complacency may lead to trouble as new threats emerge around new technologies. Instant messaging has already shown itself to be a target of malicious hackers (the number of attack rises weekly), and as mobile devices such as phones and PDAs carry more enterprise-critical data, they will be targets as well.
It may be early, but smart security managers will look at emerging anti-virus options as part of their overall information-stewardship strategies. IT executives whose employees are using collaborative and mobile technologies to enable the virtual workplace should make sure the data that extends beyond traditional enterprise walls is protected—from viruses, but also from unwanted access and data-quality flaws.
Meanwhile, vendors should look to emerging technologies for growth. The traditional anti-virus market is mature, but there’s room for companies that focus on upcoming threats, either via heir own internal development, or through mergers and acquisitions. Look for more news in the area over the coming months.