iSolation Server Technical Whitepaper
Disclaimer
This document is provided 'as is' without any express or implied warranty relating to the sale and/or use of Avinti products. While all information in this document is believed to be correct as of the time of publication, this document is for reference purposes only and may not reflect the actual state or progress of the products described. All brand names and product names are trade names or trademarks of their respective holders. Avinti, Inc. makes no implication of association with other vendors or products mentioned in this document.
© 2003-2005, Avinti, Inc.
The Problem
Overview
Rapidly evolving viruses escape pattern scanners
Virus writers often modify existing viruses to elude virus scanning software. This may involve altering the appearance or changing the byte patterns of the viruses so that they escape detection. Recently, virus writers have modified familiar viruses to avoid pattern detection and infect millions of computers. These include the following attacks:
Sober.P (May 2005) This variation on a familiar virus spread by harvesting e-mail addresses from address books and databases.
Netsky and Bagle (February 2004) More than 60 variants of these e-mail viruses caused huge disruption to services and damage across the entire Internet.
SoBig.F (August 2003) This e-mail virus escaped detection because it was a variant of an earlier version and virus signatures in existing database files could not detect the new variant. Although major antivirus software companies developed a new signature for SoBig.F in near record time, the fast-moving virus infected millions of PCs world-wide, causing massive Internet and e-mail outages.
Figure 3: SoBig Worm Attack Method
False positives and false negatives
Not only do unknown and rapidly changing viruses escape pattern scanners, but relying on traditional virus scanning technology as the only network antivirus strategy poses two additional problems:
False Positives. A false positive is a false alarm. Because the number of viruses is increasing, the potential for false positives reported in scanning for known virus signatures also increases. These factors also add to the time and processing power required to complete virus scans.
False Negatives.False negatives are a larger concern in using pattern-matching technology. A false negative is when a new or unknown virus does not match any of the signatures in the pattern scanner database file. The pattern scanner does not detect these viruses and allows them to enter the network and execute their payload.
iSolation Server stops unknown viruses before they enter the network
Instead of relying on signatures of known viruses, Avinti's iSolation Server catches new viruses carried by e-mail by monitoring the behavior of the virus before it is allowed into the network. iSolation Server detects behaviors like those exhibited by Sober.P, Netsky, Bagle, SoBig.F, MyDoom, Mimail and other viruses. iSolation Server traps viruses before they can damage the network.
E-mail — Open Channel into Otherwise Secure Networks
E-mail is a mission-critical application
E-mail is an essential application for companies worldwide. Not only do organizations depend on e-mail for internal communication, collaboration and scheduling, they use it to maintaining relationships and communication with customers, vendors, and suppliers. E-mail is the preferred means of transmitting information among the vast majority of businesses worldwide.
E-mail: Number one entry point for viruses
E-mail is also the most frequent point-of-entry for viruses into the network. Since e-mail is a critical application for many businesses and most e-mail users are non-technical, attackers use it to accomplish their criminal activities. ICSA Labs indicate that e-mail attachments account for 86% of all viral infections.
Figure 1. Virus origin. (Source: ICSA Labs 2002)
Limiting e-mail encourages a backdoor environment
Because e-mail is the leading carrier of viral threats into networks, many system administrators limit either (1) e-mail use among employees or (2) the number/types of attachments permitted into the e-mail system. Limiting employee use of e-mail not only stifles business productivity, it actually creates a backdoor environment where employees open accounts on public e-mail systems or bring in potentially harmful executables using personal media. Limiting employee use of e-mail because of e-mail viruses is like asking people to stop driving cars because they cause accidents. Both are counter-productive, unreasonable requests.
Targeted attacks are an IT problem
Another problem facing system administrators today is targeted virus attacks. Rather than creating a mass-mailing virus, some criminals create attacks for only a single business or set of businesses. These types of attacks slip past most virus scanners because they rely on previously defined, public signatures. Since iSolation Server tests attachment behavior rather than relying on public signatures, it quarantines targeted attacks before they enter the network.
Social engineering provides a virus entry point
Even within otherwise secure networks, e-mail provides an entry point for attackers who depend on social engineering techniques and unsuspecting users to transmit malicious code. With social engineering, criminals coerce suspecting users into opening destructive programs, including auto-execution with the e-mail viewer or through an inadvertent click of the mouse. iSolation Server prevents unsuspecting users from inadvertently opening malicious e-mail because it tests the content of messages and quarantines suspicious messages before they reach the user.
iSolation Server allows the full-use of e-mail with attachments
iSolation Server gives e-mail system administrators peace of mind because it monitors and checks for policy enforcement before allowing e-mail into the network. With iSolation Server monitoring for malicious executables, IT administrators can allow the full use of e-mail with attachments and provide a greater level of security.
Virus Signature Systems — Window of Vulnerability
Outbreak viruses spread rapidly because no matching pattern exists
Traditional virus scanning systems rely on a database of known virus signatures and cannot detect new or unknown viruses. To protect their systems, network and security administrators must constantly verify that virus signature files are updated. "Outbreak" or "day-zero" viruses infiltrate and infect networks immediately because no matching pattern exists for them in signature databases. These viruses use their anonymity to replicate rapidly and infect hundreds of thousands of machines. Even when using pattern-matching antivirus systems that automatically search for and update virus definitions ("real-time" pattern scanning), networks are vulnerable to new outbreak viruses.
Developing signature patterns takes time
In order for antivirus software companies to develop new virus patterns, they must first contain and study emerging viruses. Although multiple "honeypot" systems currently attract new viruses and trap them for study, many IT administrators still catch these same viruses after they have infected their systems. They later send them to antivirus companies for evaluation. After antivirus companies receive a new virus for study, researchers create a new signature that must be added to the existing database of known viruses in order to trap the new virus the next time it hits.
The window of vulnerability in which networks can be infected by outbreak viruses follows this timeline:
- Release of new virus into the wild
- Detection and study of new virus
- Development of new virus signature pattern
- Addition of signature pattern to database of known viruses
- Distribution and installation of new virus signature database in users systems
Popular antivirus companies employ teams that work around-the-clock just to catch, identify, and develop definitions for new outbreak viruses. Even in the best case, this process is measured in terms of days — during which time a new outbreak virus runs wild.
Outbreak viruses force administrators to disable e-mail systems
When system administrators become aware of new viruses, they often disable outside access to their networks to prevent delivery or use of e-mail until the window of vulnerability has passed. Although network administrators recognize that these methods stifle employee productivity and burden network personnel, they allow them because they provide a better option than dealing with the aftermath of a virus attack.
Some system administrators also disable their e-mail system by stripping all e-mail attachments or blocking certain executables from entering the network. These brute-force methods may be helpful in preventing some viruses, but more often they are counter-productive and easily circumvented. For example, outside users can easily rename *.EXE and *.SCR files to *.EX1 or *.SC1, bypassing the system administrator's filter.
iSolation Server observes the behavior of attachments instead of using pattern-matching
Instead of matching file contents and network data against a database of known virus signatures, iSolation Server monitors executable behavior in an isolated environment, traps malicious or viral executables, and keeps them from entering the network. iSolation Server defends networks from new e-mail-borne outbreak viruses — without a window of vulnerability problem.
False Positives and False Negatives
Using traditional antivirus as the only network antivirus strategy presents the problem of false positives and false negatives.
False Positives
A false positive is simply a false alarm. False positives are common byproduct of some behavior-based antivirus and intrusion detection systems. Some error-prone 'sandboxing' systems detect a false positive when calling certain operating system Application Programming Interface (API) routines. The API routines erroneously report a false positive without verifying exactly the behavior of the calling program. Instead of allowing the suspect program to proceed after detecting that the monitored API has been called, sandboxing systems simply halt the program and flag it as malicious. This type of system is extremely prone to false positives — they sound an alarm when in reality no alarm is necessary.
iSolation Server minimizes false positives by actually executing e-mail
iSolation Server places suspect code in a protected, isolated environment and allows it to execute. Not only does it monitor the called APIs, it also allows the program to execute and notes all events associated with it. Instead of guessing the future actions of the code, iSolation Server observes precisely what suspect code actually does within the security of a protected environment. Consequently, the system is much more precise in judging what suspect code does. This drastically reduces false positives, while still quarantining programs that violate set policies.
False Negatives
A false negative is a miss. This occurs when the software program fails to detect a virus attack. A false negative can bring grave consequences because it means a malicious program has bypassed network security and has infiltrated the network. By executing and observing behavior of a suspect program, iSolation Server can precisely determine whether or not executables violate set policies.
Traditional antivirus systems are prone to false positives and negatives
Both pattern-matching scanners and sandboxing behavior analysis systems are susceptible to false positives and false negatives. Armed with a database of virus signatures, pattern scanners can incorrectly flag a file as viral if it contains a coincidental byte pattern that matches a known virus signature. API-monitoring sandbox systems are error-prone to false positives because they trap innocent programs that happen to call an API that could be used for malicious purposes. The greater threat with pattern-scanners, however, is their inherent susceptibility to false negatives because they cannot detect new and unknown viruses.
Observing actual behavior allows for precise analysis
Monitoring program execution allows for more precise and exact analysis. By allowing suspect executable code to execute in a closely guarded environment, iSolation Server significantly reduces the possibility of false positives and minimizes false negatives. iSolation Server can ascertain exactly what a suspect executable would do in the actual system by first monitoring the executable's behavior in a virtual environment.
Server vs. Client Software
Traditional antivirus on client machines is labor-intensive
Since viruses often deliver their payload on end-user workstations, many antivirus and intrusion detection software systems require that software be installed on all client machines to be protected. In many cases, the software requires hands-on installation and configuration for each individual workstation. Individual attention at each workstation creates a complex and time-consuming network management situation for the system administrator. Furthermore, many of these same systems must be un-installed and then re-installed whenever other system software is to be added or modified. This dramatically affects workstation performance and usability, and creates an environment that makes any changes, enhancements, or modifications to the workstation very difficult.
iSolation Server requires no workstation configuration
iSolation Server eliminates the workstation configuration problem by simulating client workstation environments on a server-level device. It enforces security policies long before executables are ever allowed into the network or onto workstations. No workstation configuration or workstation software needs to be installed with iSolation Server because iSolation Server operates as a server-based solution.
The Solution – a closer look at iSolation Server
Overview
iSolation Server eliminates new and unknown viruses
iSolation Server eliminates new and unknown viruses because it tests the actual behavior of e-mail attachments in a virtual machine. Because it observes the behavior of incoming e-mail attachments, it is able to identify and quarantine new and unknown e-mail viruses before traditional antivirus vendors develop and distribute their signature patterns. Consequently, iSolation Server eliminates the window of vulnerability between virus outbreak and signature pattern distribution. It allows the open use of e-mail within organizations and permits the productive use of attachments.
iSolation Server tests e-mail attachments in a secure environment
Before unproven e-mail attachments are allowed into a network, iSolation Server intercepts the e-mail that contains these attachments and tests them a protected, virtual environment isolated from the regular production network. It tests e-mail attachments in a separate environment from the network for two reasons: (1) to keep potential viruses away from the network and related systems and (2) to not burden core network systems with any additional task.
Virtual machines monitor the actual behavior of attachments
Inside the virtual environment, iSolation Server executes e-mail attachments. The software carefully monitors each action the attachments takes and compares it against a set of rules to determine whether or not the attachment is malicious in nature. If iSolation Server determines that a program is viral, it quarantines it so that administrators can examine it more closely. It forwards other e-mail messages and attachments to the e-mail server. The virtual environment within iSolation Server is able to run different environments so that all target environments in the network can be simulated and protected. After testing each attachment, iSolation Server rebuilds its the virtual environment to avoid any legacy remnants of suspect code. It is then ready to analyze the next program.
How iSolation Server Works
iSolation Server observes the actual behavior of e-mail attachments
iSolation Server tests e-mail attachments in an environment that is a replica of a typical user workstation.
It monitors executable behavior instead of looking for an embedded digital pattern or signature that identifies a virus. Unlike other behavior-based security systems that merely hook or trap API calls, iSolation Server executes suspect programs and allows them to run within an isolated environment where it monitors all program actions.
iSolation Server is server-based software
iSolation Server runs at the network server level to prevent viruses from entering the e-mail system. Since viruses are contained at the edge of the network, IT administrators do not need to implement additional software or screening at the workstation level. In this way, iSolation Server simplifies network management and implementation.
iSolation Server's virtual machine determines if executing e-mail violates policy
iSolation Server's components form a comprehensive system to intercept, analyze, and send suspect executable e-mail to an appropriate protected simulator environment. In the virtual environment, the executable runs in an environment that mimics a recipient workstation environment. During the simulation, iSolation Server monitors the execution of the suspect e-mail and compares it to a set of policies. The system determines whether the executable violates set policies, sends policy-violating e-mail to quarantine, and forwards clean e-mail to the e-mail server for transmission to the intended recipient.
The Process
Using several patent-pending techniques, iSolation Server protects users from malicious viruses that cause destruction to networks.
SMTP stream profiling
 As e-mail enters the network from any SMTP transfer agent, it is intercepted by iSolation Server and routed through a series of filters that profile the SMTP stream for possible viral indicators. After passing through the initial filters, iSolation Server determines if an e-mail needs to be simulated and assigns the e-mail to an execution manager that determines which simulation environment should be used in order to most closely simulate the intended target system.
Attachment execution
After passing the e-mail into an appropriate simulation environment, iSolation Server executes and monitors the e-mail and its attachments. iSolation Server monitors all executable actions are monitored for viral behavior, including:
- file system access and activity
- self-replication
- system timer events
- address book lookup
- modification and access of the system registry database
- disk access
- interrupt table use
- other program behaviors
If the e-mail exhibits any unusual behavior, it is routed to a containment chamber where the IT administrator may examine it. If iSolation Server observes no unusual behavior, it forwards the e-mail and attachments to their intended destination.
Architecture features
The architecture of iSolation Server has the following characteristics:
- Designed and built for standard SMTP e-mail messaging environments.
- Intercepts SMTP e-mail at the Mail Transfer Agent (MTA) server level.
- Works in conjunction with other antivirus products and services.
- Provides a scalable and configurable architecture.
- Isolates and contains viruses from entering the network.
- Prevents new and unknown viruses from causing damage to networks.
- Requires no additional workstation software or support.
- Has a Web-based user interface.
- Executes e-mail and attachments to look for viral behavior.
- Requires no updated signature files.
Key Internal Components of iSolation Server
Key iSolation Server engines
Several major components comprise iSolation Server, including the following engines:
- E-mail interception
- E-mail filtering
- Threat potential analysis
- Simulator management
- Simulators
- Analysis
- Output filters
Figure 4. iSolation Server engines
Intercept Mechanism
iSolation Server uses SMTP interception techniques associated with IIS
iSolation Server intercepts the e-mail stream using SMTP interception techniques associated with the Internet Information Services (IIS) component of Windows 2000/2003/XP servers. This allows iSolation Server to obtain e-mail records and process them before forwarding them on to the e-mail server.
Virtual Machine
Virtual machines simulate PC hardware
The virtual machine within iSolation Server simulates standard PC hardware, making it possible to install, configure, and run a complete operating system within the virtual machine. All components of the virtual hardware and the operating system on it are contained within a virtual operating environment that can be programmatically manipulated, altered, and managed. This allows iSolation Server to:
- Execute suspect e-mails (and associated attachments/programs) within an environment completely isolated from the actual network, and
- Monitor the behaviors of the executables from within the virtual machine.
Virtual machines encapsulate executables in a virtual framework
A virtual machine is a self-contained operating environment behaving as if on a separate computer, similar to Java applets running in a Java virtual machine. The Java virtual machine interprets Java code, allowing it to function within the confines of the Java virtual machine and prevents any access to the host operating system—this is precisely how the virtual machine works in iSolation Server. It encapsulates executables within a virtual framework and allows them to execute without actually affecting (or harming) the real system.
Virtual machine pros and cons
Generally, virtual machines have two benefits:
- System Independence. Applications run the same in a given virtual machine without regard to the real hardware and software underlying the system.
- Security. Because the virtual machine has no contact with the real operating system, very little possibility exists that a program running in the virtual machine will damage files, applications, or users of the real system.
There are also two drawbacks to virtual machines:
- Access. The virtual system, by its very nature, lies apart from the underlying operating system and has less access to its functions.
- Speed. Because machine instructions must be simulated or interpreted in a virtual machine, program instructions take many times the amount of actual machine cycles to execute. Hence, program execution is drastically slower.
Isolation Details
iSolation Server runs on a separate, dedicated server
To more effectively protect the network from malicious threats and attacks, iSolation Server runs on dedicated hardware separate from the standard networking and e-mail hardware already installed. This isolates the examination and quarantining of suspect executables from the rest of the system. iSolation Server monitors and executes suspect executables in a virtual machine — providing a logical barrier from the real machine. This barrier prevents any actions taking place inside the virtual machine from affecting the real machine or network. iSolation Server contains and isolates viral behavior within the virtual machine and stops it from migrating to the real world.
Quarantine Area
iSolation Server quarantines unusual messages for inspection and deletion
iSolation Server detects programs that exhibit pre-determined illegal parameters that define unacceptable behavior. Any executable exhibiting such behavior is marked for containment and forwarded to a quarantine area that can be further examined by a system administrator and either forwarded to the intended recipient or deleted from the system. Executables not exhibiting such behavior are forwarded to the regular e-mail system where they are sent to the intended recipients.
Scalability
iSolation Server scales to protect enterprise-class networks
iSolation Server is designed to be highly scalable; it scales vertically by making use of multiple processors on the same machine, and horizontally by running its processing over multiple physical machines. iSolation Server's scalability means it can be deployed in a variety of environments according to the volume of e-mail traffic in individual organizations. Currently, iSolation Server can be either deployed on a single server or on multiple servers.
Single server deployment
When deployed on a single server, iSolation Server can handle typical e-mail loads for up to 2500 users.
Multiple server deployment
When greater scalability is needed, iSolation Server can be deployed on multiple machines. In a multiple machine configuration, iSolation Server uses one machine as a single configuration and management console and uses the other machines as dedicated execution modules. In this setup, the iSolation Server configuration and management machine uses an execution manager to send suspect executables to multiple execution modules. These execution modules (or behavior engines) are run on different physical machines networked together to form a logical 'farm' of iSolation Servers. Using multiple servers to test e-mail attachments, iSolation Server scales to support environments with enterprise-level e-mail traffic. High throughput and heavily used e-mail systems can also be supported well by running iSolation Server on high performance multiprocessor machines.
iSolation Server runs on dedicated hardware
For functional reasons, iSolation Server requires dedicated hardware that is separate from the e-mail server hardware. As a general rule, each e-mail server should be paired with a dedicated iSolation Server. In order to effectively isolate and protect the network from potential malicious attacks, iSolation Server's simulation and evaluation engines are located on separate hardware from the rest of the e-mail system. Additionally, by running on dedicated hardware, iSolation Server does not burden the e-mail server with unnecessary processing.
iSolation Server Performance, Throughput, Latency, and Requirements
Performance
External factors affect iSolation Server performance
The overall performance of iSolation Server is predicated by multiple parameters, including the following:
- Number of e-mail messages received per minute by the e-mail system
- Percentage of e-mails containing executable elements in the body
- Percentage of e-mails containing executable attachments
- Number of e-mails needed to be simulated
- Capability of the hardware where iSolation Server is running
- Number of processors
- Amount of memory
- Speed of network channels
- Number of separate physical machines used to run iSolation Server
iSolation Server requires a machine similar in processor and memory to the e-mail server
Designed to operate with typical e-mail systems, iSolation Server needs to operate on a machine equivalent in processor and memory to the machine running the e-mail server. The machine running iSolation Server, however, does not need to be equivalent in disk storage capacity to the e-mail server because it runs none of the e-mail associated stores.
Multi-threading allows for peak performance
Some of the heaviest processing of iSolation Server is performed in running its virtual machines. Virtual machines may utilize 100% of available processing power on the machine where they are running. However, because of the multi-threaded characteristics of iSolation Server, it takes advantage of the capabilities of multi-processor machines to operate at peak performance.
Throughput and Latency
iSolation Server facilitates high system throughput
The multi-threaded design of iSolation Server allows for high system throughput. When executable e-mail attachments are not being executed and monitored, the system is intercepting the e-mail stream and looking for other executables. E-mail messages containing only clear text are rapidly forwarded on to the normal e-mail system, as are other messages that do not contain executable attachments. In this manner, high e-mail throughput is attained while executable content is siphoned from the e-mail stream and sent to the iSolation Server simulator engine to be processed.
Executables examined by iSolation Server arrive in the end-user's mailbox later than they would have without having passed through iSolation Server, but these e-mail messages have been examined and monitored for illegal actions and behavior.
iSolation Server only imposes a necessary latency
Executing and examining e-mail and attachments before forwarding to the e-mail server induces latency—the required amount of time to successfully manipulate and examine all behavioral aspects of the executable—into the e-mail stream. Some executables will only require several seconds to be executed and evaluated in a virtual environment while others may take much longer. The iSolation Server system ensures that no emulated executable will take longer than a pre-determined execution time. Non-executable e-mail components will only incur the amount of time for the system's decision to forward the e-mail to the regular e-mail server. Because the system is multi-threaded and is working on multiple e-mail messages simultaneously, it does not stop the flow of e-mail into the e-mail server.
True isolation and security comes at the price of speed in examining suspect executables. This is similar to the analogy of scanning carry-on baggage at the airport: Travelers must take the extra time necessary for their bags to be x-rayed, examined, and tested. Everyone, however, feels more secure that everyone else's baggage has been checked, too. This imposes a necessary latency on the overall system, but generally travelers are comfortable with the extra latency knowing that they have better chances of arriving safely at their destination.
E-mail processing in iSolation Server
iSolation Server performs the following general tasks:
- Intercepts e-mail.
- Determines if executable portions exist in the e-mail or in any attachments.
- Forwards non-executable e-mail to the normal e-mail system.
- Determines the extent of executable code associated with each e-mail/attachment.
- Runs e-mail through several input filters
- Determines most suitable operating environment in which to run the suspect e-mail.
- Passes the suspect e-mail and/or attachment into a protected operating environment.
- Executes the e-mail/attachment.
- Monitors and notes execution elements.
- Determines if observed execution details violate approved behavior.
- Forwards innocent e-mail to the normal e-mail system.
- Quarantines or stops suspicious or malevolent e-mail from being delivered, reporting such actions to the system administrator.
- Loads a new copy of the protected operating environment so that a new e-mail can be tested.
iSolation Server minimizes processing time by running on dedicated servers
The overhead associated with executing all e-mail and attachments is substantial, requiring significant processor time and computer resources. To minimize processing time and maintain a secure network, iSolation Server runs on its own dedicated machine (or sets of machines in larger environments). This way, iSolation Server operates as quickly as possible while still affording maximum e-mail throughput. iSolation Server also uses multi-threading to perform multiple tasks in parallel. Performance enhancements are attained when using multi-processor machines to run iSolation Server—in large scale environments, multiple machines will be used to run iSolation Server.
Clear text messages
In order to maximize system throughput and performance, iSolation Server does not attempt to analyze non-executable e-mail such as clear text and other non-executable e-mail messages. The system sends such messages directly to the e-mail server.
Default timeout period
Some executables only take a few milliseconds to run and be analyzed, while others take much longer. iSolation Server is programmed to quarantine executables that fail to exhibit any executable behavior within a default time period , even if they do not display malicious behavior.
System Requirements
iSolation Server is designed to work with standard SMTP based e-mail servers. iSolation Server must be installed on dedicated hardware that is network connected to the e-mail server.
Recommended |
Minimum |
Dedicated server running:
Windows 2003 Server Service Pack 1
2.4 GHz dual Xeon processors
2 GB RAM
30 GB disk space |
Dedicated server running:
Windows 2000 Server Service Pack 4
1 GHz Pentium 4 processor
512 MB RAM
10 GB disk space |
Ethernet NIC 100 Mb |
Ethernet NIC 100 Mb |
CD-ROM drive |
CD-ROM drive |
Conclusion
Traditional antivirus software systems are becoming increasingly susceptible to false negatives because they allow new and unknown viruses into networks before virus signatures can be updated and installed. New viruses spread rapidly and are increasingly complex – this greatly worsens the window of vulnerability in which networks are exposed to viral threats. More sophisticated means are necessary to stem the tide of new and unknown viruses.
E-mail is essential for high productivity in business, yet it is the primary vector for spreading viral infections. Instead of limiting the use of e-mail or crippling the functionality of e-mail by disallowing attachments, new technology is needed that will protect the users of e-mail systems from new and unknown viruses.
iSolation Server protects e-mail systems from new and unknown viruses by examining executable behavior in an isolated environment before the e-mail is delivered to the normal e-mail system. E-mail or attachments exhibiting aberrations from acceptable behavior are quarantined by iSolation Server, while clean e-mail is forwarded to the regular e-mail system. Avinti's patented system allows system administrators to permit full use of e-mail and e-mail attachments.
About Avinti
About Avinti Inc.
Founded in 2002, Avinti Inc. provides e-mail outbreak protection against known and unknown e-mail-based viruses. By delivering an outbreak protection layer for corporate e-mails systems that works in a vendor-agnostic fashion with existing antivirus and e-mail security solutions, Avinti closes the window of vulnerability stemming from threats for which there is no existing signature or patch. The company's iSolation Server is the first enterprise e-mail security solution using virtual-machine technology to test potentially threat-bearing messages in a monitored, secure, virtual replica of the target user's desktop prior to actual delivery . For additional information, contact Avinti at (801) 443-3200 or visit http://www.avinti.com/
Jon Swartz, "More workers get shut out of e-mail," USA Today, 8 Sept. 2003, sec. B, p. 1
|
