It's Time to Rethink your Corporate Malware Strategy

Due to a variety of reasons which will be outlined in this paper, signature-based antivirus scanning is becoming largely ineffective as the main tool against newer varieties of malicious computer code. Scanning performed at the gateway and server level, while still valuable, is proving inadequate as well. It is becoming evident that behavior-based policy enforcement middleware, deployed at the edge of the corporate network (PC workstations), will be required in the near future to handle known and unknown threats. Unfortunately, the big players in this industry currently are not incorporating the required technologies into their product lines, nor does it appear that they will be doing so in the near future. IT managers wanting to utilize these technologies today will have to take a chance on the smaller security software vendors. The purpose of this paper is not to review specific existing behavior-based policy enforcement middleware products or technologies in detail, but to make a case for their immediate further evaluation and incorporation into a corporate strategy. Specific evaluations could be the subject of a future paper.