Guest

Cisco Email Security Appliance

Cisco Virus Defense

The Multiscan, Multivendor, Antivirus Solution

The scale and complexity of recent virus attacks highlight the importance of a vigorous, secure messaging platform. The traditional approach of identifying and blocking known viruses is no longer enough to protect your network perimeter.

To combat this evolving threat, Cisco IronPort offers the most comprehensive multiscan, multivendor antivirus solution:

  • Cisco IronPort Outbreak Filters provide critical first layer of preventive defense against new outbreaks and targeted attacks.
  • Integrated McAfee and Sophos antivirus engines - protect against even the most complex virus attacks.

Download Data Sheet (PDF - 262 KB)

Cisco IronPort Virus Defense
Cisco IronPort Virus Defense

Features

Outbreak Prevention and Protection

Cisco IronPort, McAfee, and Sophos provide fully integrated layers of virus protection on the Cisco IronPort C-Series and X-Series email security appliances. These antivirus technologies have industry-leading malware detection and scanning technologies.

During an outbreak, there is a period of time between detection of the virus and deployment of an antivirus identity file. During this period, administrators can use Cisco IronPort Virus Outbreak Filters to identify and quarantine viruses based on known patterns. They then delete or archive the messages until new identity files can be updated.

This solution is fully integrated with antivirus engines from both McAfee and Sophos. It automatically rescans messages when new signature updates become available during an outbreak.

Multiple Detection Methods

Protection Against a Wide Variety of Viruses

During the scanning process, both the McAfee and Sophos antivirus engines analyze each incoming message and file. Once the type is identified, they apply the relevant technique to help ensure the highest efficiency and throughput.

The McAfee and Sophos antivirus engines employ multiple detection methods:

Pattern matching detects viruses and other potentially unwanted software by specific known viral code sequences. Patterns help ensure that the engine catches not only the original virus but derivatives within the same virus family. In doing so, McAfee and Sophos approach viruses in a complementary fashion.

McAfee's scanning engine starts from a known place in a file, then searches for a virus signature. Sophos' scanning engine searches for multiple short code sequences in tandem to detect virus signatures.

Advanced emulation technology is used to detect encrypted and polymorphic viruses. If either engine suspects that a file contains a virus, it creates an artificial environment around the file. The virus then runs harmlessly until it decodes itself and its true form becomes visible.

The engine then identifies the virus by scanning for a virus signature. The engine supports multiple scanning modes to optimize performance.

Heuristic analysis, used by both engines, helps catch variants of viruses, even with minimal information about virus code patterns.

Analysis is based on the fact that programs, documents, or email messages with a virus often have distinctive features. They might attempt unprompted modification of files, invoke mail clients, or use other means to replicate themselves. The engines analyze the program code to detect these kinds of computer instructions.

To avoid raising false alarms, the engines also search for legitimate non-virus-like behavior before taking antivirus action.

Multiple Options for Virus Handling

Administrators have multiple options to handle messages infected by viruses. As viruses evolve, new strains of attacks try to bypass antivirus protection. This is done by concealing viruses within password-protected, encrypted files, or malformed messages.

The Cisco IronPort solution detects these potentially dangerous messages. This gives the administrator full control over how the system will handle these messages.

The fully integrated Virus Quarantine provides additional options along with end-user notification. Customers are able to determine what actions to take on viral messages.

Scalable Gateway With Integrated Antivirus

High performance from Cisco IronPort email security appliances helps enable the scalability required for full integrated antivirus protection. This provides for your continued message growth. The antivirus solution protects your infrastructure from complex virus outbreaks. This helps ensure that mission-critical email will continue to be accepted.

Benefits

Gain high efficiency. The combination of Cisco IronPort Virus Outbreak Filters with antivirus technology from McAfee and Sophos can make your organization more efficient.

Cisco IronPort appliances provide industry-leading virus prevention and protection, while maintaining near-zero false-positive rates. Cisco IronPort integrates multiple independent solutions to provide increased security and efficiency.

Get scalable virus protection. Cisco IronPort appliances help ensure scalability for fully integrated antivirus protection for continued message growth. Gateway filtering significantly reduces the resources needed at the groupware servers and network bandwidth requirements.

Lower TCO with an integrated gateway solution. The solution offers ease of management with integrated management and deployment within appliances. Automatic updates and "set and forget" policies help address customer-specific requirements.

Flexible, Intuitive Interface for Ease of Management

Cisco IronPort Virus Defense: Flexibility
IronPort email security appliances with Sophos anti-virus provide multiple layers of defense against potential viruses.

Additional Resources

Related Pages

Email Security