Help To Combat The Next Big Blended ThreatHelp To Combat The Next Big Blended Threat

No one knows when it will happen, but most security experts expect that the day is coming--and soon--when a sophisticated "blended threat" attack will again wreak havoc on businesses' networks. Last year, Nimda and Code Red were the first to combine virus and worm propagation techniques with automated hacking capabilities in separate deadly programs, causing billions of dollars in damage to companies. Now, antivirus vendors are enhancing their security monitoring and management consoles to make it easier and more affordable for IT managers to thwart future attacks.

By introducing a new desktop firewall last week, McAfee Security, a division of Network Associates Inc., is enabling IT staff to monitor personal firewalls through its e-Policy Orchestrator console, which supports antivirus management. IT managers can view from one place viruses that are invading their networks via E-mail, as well as attack programs that gain entry through users' Web-browsing activities or other infected systems on the network. The catch: The integrated suite supports only McAfee security products. It's a trade-off--the software costs thousands of dollars less than more-sophisticated integrated security consoles from companies such as BMC, eSecurity, and Tivoli that support offerings from many vendors.

The added capability may lead Affinity Health System to re-evaluate a previous decision not to install McAfee personal firewalls on users' desktops to thwart blended threats and other attacks.

Deploying personal firewalls on each desktop is expensive, but worse, it presents "another management nightmare" without a centralized monitoring capability, says Doug Shew, project leader at the Menasha, Wis., health-care company. Shew uses e-Policy Orchestrator to manage McAfee antivirus software across 2,500 desktops, and that's helped reduce overhead for policy-administration and virus-definition updates, he says.

Companies can buy the desktop firewall as part of the e-Policy Orchestrator suite for $50 per node, or by itself for $30 per node, for 51 to 100 systems.

This week, McAfee also will debut ThreatScan, software that scans for specific vulnerabilities that may leave systems open to hybrid threats. ThreatScan can be managed by ePolicy Orchestrator, so administrators can efficiently determine what operating systems and patches have been deployed, as well as find potentially susceptible open ports, file shares, FTP, Telnet, and Microsoft Internet Information Services configurations. ThreatScan is priced at just over $20 per node for 25 to 500 nodes.

There's good reason to stockpile defenses against blended threats, says Roger Thompson, director of malicious code research for TruSecure Corp., a risk-management company. "Nimda was listed as version 0.5 by its author," Thompson says, "so it's reasonable to expect a version 1.0."