Applying the sprinkler theory
ANTIVIRUS “The antivirus industry has done a poor job of protecting large business.” Hold it right there: the person who is speaking is none other than Chris Poulos, managing director of Trend Micro Australia.
“The reason I say that is because 96% of corporations have engaged in some level of antivirus protection in their environment. Yet, every time there is an outbreak, they all get hit to some degree or another.”
It’s a great line, coming from the head of an antivirus business, but he has a point. Security against intruders continues to be a huge problem, if only because businesses are not good at policing themselves. Poulos names two reasons for poor antivirus performance. One is that corporations do a poor job of initiating their AV software. Another is that the nature of antivirus attacks is changing. Take the infamous Nimda virus — that was a three-pronged attack that completely threw most corporations.
“We re-evaluated the game after Nimda. We talked to 1000 corporate customers and looked at the way they performed their duties when a virus outbreak occurred. What happened was that they would immediately pull every wire out of the wall when a virus outbreak came. That was a form of protection because obviously electrons could get through the walls to the computers. Then they would research the threat, find out what is going on.”
In fact, what most people do is adopt a seven-step process for responding to new security threats. For example, they will notify personnel of a new security threat via telephone, fax or email. They will individually configure gateway-level antivirus software settings to deter a specific threat, and consult with management and security specialists to determine the most effective course of action.
The trouble was that taking appropriate action took time — something few businesses can afford when faced with a critical threat. It could take a minimum of 45 minutes and sometimes at least a day for everything to be put in place. Way, way too long.
Poulos says that what Trend Micro’s CEO did was look at a fire sprinkler and say, “That’s a good idea”. If a fire starts, the sprinkler goes off to stem the intensity of the fire before the fire brigade arrives.
And so the organisation applied the sprinkler idea to its AV systems. What Trend Micro did was design its software from the ground up to be an antivirus engine, as well as a content filtering engine. The research and intermediate measures taken by security officers has now been largely taken over by the antivirus software and the result is a much faster automated response time: 15 minutes.
Poulos sees new virus challenges on the horizon. “The mobile world is concerning us,” he says. “And we look for viruses in other everyday technology areas such as Jpeg (compressed) pictures.”
Let’s not forget that the biggest weakness in the battle against viruses is you, the CIO or your security officer. Be staunch. Fight the good fight.