Virtual Machine Fights a Real Security Problem

Opinion: Avinti says its iSolation Server stops malicious files other techniques miss.

Its been rare in my reporting life that one minute I realize I have a problem and the next minute—literally, almost—the solution appears during an interview.

Heres the setup: E-mail arrives with an attachment.

Most attachments get stripped off by the anti-virus/anti-spam software on my Exchange server. Or by Exchange itself, which automatically stops certain types of attachments.

This .zip file wasnt stopped and seemed to be from a legitimate source. I ran Norton antivirus against the file and it checked out clean.

However, when I unzipped and tried to open the file, I was stopped by a warning that a script was trying to run.

Being dense sometimes, but not stupid, I blocked the script and deleted the file. Crisis averted.

I am confident its just coincidence—or a heck of a PR stunt—but a half-hour later I did an interview with a company that, unbeknownst to me, offers software that automates the process Id just gone through by opening every unknown attachment that appears in the SMTP stream.

Avinti Inc. is a Linden, Utah-based company that has created what it calls an "iSolation Server" that sits behind anti-virus and anti-spam protection but ahead of user mailboxes.

The Avinti server runs four layers of additional filtering, but if it still cant determine an e-mail attachment is clean, it actually opens the file and sees what happens.

Avinti CEO Terry Dickson told me the typical malicious file will attempt perhaps 10 actions that a non-malicious file doesnt.

The iSolation Server opens the file in a highly monitored virtual machine environment. If something bad happens, the file never gets to the user desktop.

Each Avinti server can handle up to 250,000 messages per day, Dickson told me.

The news this week is the addition of load balancing features that allow multiple Isolation Servers to work together in an enterprise environment.

Avinti prices its servers on an annual license that begins at $12.50-per-mailbox protected and falls to half that as quantities increase.

Dickson said that instead of thinking of the iSolation Server as a last line of defense, it ought to be considered the only defense a company might have against an attack directed specifically at its users.

"I dont know why people arent talking about this," Dickson said, adding that attacks too small to ever be detected—and defended against—by traditional security products could still compromise targeted companies.

I assured Dickson that he wasnt as alone in his concerns as he had thought.

Asked what security issues concern him most, Microsoft Windows boss Jim Allchin mentioned company-specific threats to me during an interview last month at WinHEC in Seattle.

Allchin said such targeted attacks are already taking place, though most victims are completely unaware of them.

/zimages/1/28571.gifTo read more about how virus writers are bypassing filters, click here.

Armed with a new investment by Symantec, 3-year-old Avinti currently has about 100 customers, Dickson told me.

Given the downside of having to publicly announce the unauthorized disclosure of personal data, Dickson said Avinti hopes to find a fertile market as customers realize the expanding threats and consequences they face.

Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.