IronPort Virus Defense
The most comprehensive multi-scan, multi-vendor anti-virus solution.
Cisco has acquired Ironport. Please visit our Cisco site for the latest re-branded Ironport products.
The scale and complexity of recent virus attacks have highlighted the importance of a robust, secure messaging platform to protect your network perimeter. The traditional approach of being able to identify and block known viruses is no longer enough.
To combat this evolving threat, IronPort offers the most comprehensive multi-scan, multi-vendor anti-virus solution:
- IronPort Virus Outbreak Filters™ - a critical first layer of preventive defense against new outbreaks, detecting and stopping viruses before any other technology.
- Integrated McAfee and Sophos anti-virus engines - enabling multiple traditional virus detection methods to ensure protection against even the most complex virus attacks.
Maximum Virus Protection: Proprietary IronPort technology and virus filtering from McAfee and Sophos.
Virus Outbreak Prevention and Protection
With the highest performance virus detection and scanning technologies in the industry, anti-virus technologies from IronPort, McAfee and Sophos provide fully integrated layers of virus protection on the IronPort C-Series™ and IronPort X-Series™ email security appliances.
During any virus outbreak, there is invariably a period of time between virus detection and when the actual anti-virus identity file is deployed. During this period, administrators can utilize IronPort Virus Outbreak Filters technology to identify and quarantine viruses based on known patterns and delete or archive the messages until new identity files can be updated. This innovative preventive anti-virus solution is fully integrated with anti-virus engines from both McAfee and Sophos and has the ability to rescan messages automatically when new signature updates are available during an outbreak.
Multiple Detection Methods: Protection Against the Widest Variety of Viruses
During the scanning process, the McAfee and Sophos anti-virus engines both analyze each incoming message and file, identify the type and then apply the relevant technique to ensure highest efficacy and throughput. The McAfee and Sophos anti-virus engines employ multiple detection methods, such as:
Pattern Matching detects viruses and other potentially unwanted software by specific code sequences known to be present within a virus. The patterns are created to ensure that the engine catches not only the original virus but derivatives within the same virus family. In doing so, McAfee and Sophos approach viruses in a complementary fashion. McAfee's scanning engine starts from a known place in a file, then searching for a virus signature. Often, they must search only a small part of a file to determine that the file is free from viruses. Conversely, Sophos' scanning engine searches for multiple short code sequences in tandem to detect virus signatures.
Advanced emulation technology is used to detect encrypted and polymorphic viruses. If either engine suspects that a file contains a virus, it creates an artificial environment in which the virus can run harmlessly until it decodes itself and its true form becomes visible. The engine then identifies the virus by scanning for a virus signature. The robust engine supports multiple scanning modes to optimize performance.
Heuristic analysis is utilized by both engines to ensure that variants of viruses are caught with minimal information available about virus code patterns. Heuristic analysis is based on the fact that programs, documents or email messages that carry a virus often have distinctive features. They might attempt unprompted modification of files, invoke mail clients, or use other means to replicate themselves. The engines analyze the program code to detect these kinds of computer instructions. The engines also search for legitimate non-virus-like behavior before taking anti-virus action to avoid raising false alarms.
Multiple Options for Virus Handling
Administrators have multiple options to handle virus infected messages. As viruses evolve, new strains of attacks try to bypass anti-virus protection by concealing viruses within password protected, encrypted files or malformed messages. The IronPort solution detects potentially dangerous messages, giving the administrator full control over how these messages should be handled by the system.
The fully integrated Virus Quarantine provides additional options to customers to determine what actions to take on viral messages along with end-user notification options.
Scalable Gateway With Best-of-Breed Integrated Anti-Virus Defense
The unparalleled performance of IronPort's email security appliances enables the scalability required for fully integrated anti-virus protection for continued message growth. The anti-virus solution likewise protects your infrastructure from being overwhelmed by complex virus outbreaks and ensures that your mission critical email will continue to be accepted.
Highest Efficacy By combining IronPort Virus Outbreak Filters with anti-virus technology from McAfee and Sophos, IronPort appliances provide industry-leading virus prevention and protection, while maintaining near zero false-positive rates. By integrating multiple independent solutions, IronPort appliances leverage the efficacy of each to provide maximum security.
Scalable Virus Protection The unparalleled performance of the IronPort appliances ensures the scalability required for fully integrated anti-virus protection for continued message growth. Performing virus filtering at the gateway significantly reduces the resources needed at the groupware servers and the bandwidth requirements within the network.
Lower TCO with an Integrated Gateway Solution With integrated management and deployment within the appliances, the solution offers ease of management with automatic updates and "set and forget" policies to address any customer specific requirements.
Additionally, performing virus filtering at the gateway significantly reduces the resources needed at the groupware servers and the bandwidth requirements within the network.
Figure 1: Flexible and Intuitive Interface for Ease of Management
IronPort email security appliances provide multiple layers of defense against potential viruses.
Download the IronPort Virus Defense Datasheet (PDF).