IronPort Speeds Up Response to Viruses

IronPort Speeds Up Response to Viruses
Rhett Pardon
SAN BRUNO, Calif. — IronPort Systems Inc. plans to announce Monday a new early-warning technique that allows a quicker response against computer viruses, promising to reduce the impact of malicious programs.

The macro email technology, called Virus Outbreak Filters, involves monitoring email traffic across a large number of organizations for deviations caused by viruses or other malicious programs, then taking action to slow or block their delivery.

IronPort’s approach is expected to offer a head start over conventional responses, which are based on individually analyzing new viruses and sending out data that allows antivirus programs to identify and stop them.

The San Bruno, Calif.-based company makes specialized hardware for delivering email and protecting corporate networks against spam and virus programs.

IronPort says it has access to data about nearly 3 billion emails sent daily through more than 28,000 Internet service providers, as well as corporations and universities.

That broad view of email flow makes it possible to sniff out viruses and automatically alert the IronPort systems handling its customers' email.

"We've seen we can gain four to five hours on the virus," IronPort CEO Scott Weiss told XBiz. “Four to five hours is life for the network administrator.”

The Virus Outbreak Filters system relies on the unusual traffic patterns created by viruses, such as increased message volumes from specific senders and messages with similar subject lines or containing a particular type of attachment file.

It can then tip off email software to destroy or quarantine the suspect messages. Once makers of traditional antivirus software have updated their software to identify a new virus, organizations can use those products to filter any email they have quarantined.

IronPort said it will release its Virus Outbreak Filters in the fall.