IBM Adds Anti-Virus to ISS Endpoint Security Tools

Via a new partnership with BitDefender, IBM is expanding the footprint of Internet Security Systems' desktop protection system to allow companies to run fewer security software engines.

IBM unveiled an updated version of Internet Security Systems desktop security package on Nov. 20, adding new anti-virus and anti-spyware capabilities to the offering via an alliance with software maker BitDefender.

Expected to arrive before the end of 2006, ISS Proventia Desktop Endpoint Security aims to help companies manage the protection of PCs from external attacks.

With the integration of anti-virus tools provided by BitDefender, based in Ft. Lauterdale, Fla., the ISS system now offers personal firewall, intrusion prevention, buffer overflow protection, application and communications defense, and virus prevention technologies.

The release marks the first update of ISS flagship endpoint security software since IBM, of Armonk, N.Y., purchased the company for $1.3 billion in August 2006, and follows the firms roll out of a new ISS-branded security management appliance on Nov. 13, the first product released after the companies merger.

Just as anti-virus market leader Symantec has rolled its desktop and Internet security tools into multi-function packages, IBM officials said they are expanding the ISS software to offer more tightly integrated security applications.

In addition to giving IT administrators a single interface to manage multiple desktop security functions, IBM executives said that pulling the various technologies together to operate using a single software agent on the PC lets the individual tools better share information to help ward off outside attacks.

While previous iterations of Proventia Desktop Endpoint Security have featured advanced behavior-based anti-malware technologies, the addition of BitDefenders software adds more traditional signature-based virus protection to the package.

Anti-virus vendors use the signature-based systems to help users battle threats that have already been identified by security researchers, whereas behavior-based tools excel at discovering new attacks, such as the recent crop of so-called zero day vulnerability exploits.

/zimages/1/28571.gifAnti-virus leaders look to services for growth. Click here to read more.

Company officials estimate that ISS behavior-based anti-virus and anti-spyware technology can identify over 90 percent of all malware threats, but said the addition of signature-oriented tools helps provide for anything the system might miss.

"For a lot of the customized malware that were seeing out there, using signature-based anti-virus would be like giving vaccine to a corpse, but conversely there are thousands of malware attacks out there that can be effectively mitigated using this type of approach, and customers want defense in depth," said Joshua Corman, host protection architect for IBM ISS.

Corman said that customers are also pushing security software makers to fold traditional anti-virus tools into more advanced technologies, as they know the more sophisticated approach catches more attacks, but they have become comfortable with having signature-based scanning and remediation in-house.

As a next step, ISS is experimenting with adding other tools to the Proventia Desktop Endpoint Security package to help protect against internal threats, including DLP (data leakage prevention) technology and tools used to manage user privileges for saving data to portable storage devices.

Pushed by the arrival of security products from Microsoft and continued demand from customers for more integrated products, Corman said that IBM and its rivals will likely find themselves joining more alliances such as the companys deal with BitDefender to help make their products as inclusive as possible, and to help the smaller companies find new avenues to market.

"Clearly there continues to be obvious drivers for consolidating security technologies from the management side, and then there are all the benefits that can be appreciated from having these tools work together, as in this product with a single agent," Corman said.

"Companies who are relying primarily on signature-based anti-virus wont be able to stop serious attacks like root kits and ransomware, but customers still enjoy the familiarity of those products, so combining the two is really the best approach."

IBM is still planning to deliver its new Proventia Management SiteProtector appliances before the end of November. Those products, which are also aimed at helping companies simplify oversight of different types of security tools, take the integrated strategy one step further by combining the products in a hardware form factor powered by a dedicated microprocessor.

While the appliance approach is gaining popularity in the security market, Bob Kral, product strategist for security management at IBM ISS, said that enterprise customers still mostly prefer to consume their applications in the more traditional software format.

While greater numbers of large customers are buying the security devices, he said, many prefer to have the ability to pull the various applications apart to customize them to meet their specific demands.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.