Software, Services, and Research
If I told you that a company offered software, provided services, and conducted research, you'd probably think I was talking about IBM or Microsoft. Actually, I'm talking about Configuresoft (http://www.configuresoft).
I spoke with Chris Farrow, director of Configuresoft's Center for Policy & Compliance. The center does research on implementing IT controls to comply with regulations and industry standards such as the Information Systems Audit and Control Association's (ISACA's) Control Objectives for Information and related Technology (COBIT), the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and California's SB 1386.
Configuresoft's product Enterprise Configuration Manager (ECM) complements the center's research. ECM allows administrators to centrally control clients and audit them against templates and includes template configurations that link settings to specific rules from legal texts. Chris told me that Microsoft uses ECM to provide security assessment services to its premier customers. If you're not a Microsoft premier customer, Configuresoft offers its own service, Rapid Security Configuration Assessment (RSCA).
New Antivirus Paradigms
I recently spoke with Steven Hofmeyr, the founder and chief scientist of Sana Security (http://www.sanasecurity.com), about new paradigms in antivirus software. Steve founded Sana Security based on biology and immunology research he did at the Massachusetts Institute of Technology (MIT) and the University of New Mexico (UNM). Sana Security's antivirus technology mimics the human immune system by protecting computers from specific classes of attacks, such as buffer overflows. It doesn't need a signature for each attack implementation. The technology is similar to the data execution prevention (DEP) feature that Microsoft supports in 64-bit versions of Windows. DEP takes advantage of a new hardware feature in 64-bit architectures that prevents the processor from executing code stored in the default process stack or heap—areas of memory reserved for data. These memory areas are also where malicious code ends up when a virus exploits a buffer overflow. Sana Security's Attack Shield antivirus software takes a similar approach but operates on 32-bit systems.
In Pursuit of Compliance
Enterprise IT pros across the United States have been talking about the Sarbanes-Oxley Act (SOX) and dealing with many of its requirements, such as the late-2004 deadline for instituting internal-control and financial-reporting procedures. But the SOX compliance timeline has been so tight and the act's requirements so broad that many organizations have taken a "lick-and-a-promise" approach to meeting the initial deadlines by instituting time-consuming manual procedures. Maintaining compliance over the long term will require automating processes, so I was particularly interested to hear about NetPro's (http://www.netpro.com) ChangeManager for Active Directory, due out early this year.
Active Directory (AD) is so fundamental to the integrity of IT systems in Windows shops that controlling it and documenting those controls will be a vital aspect of SOX compliance—particularly compliance with Section 404's requirement for an adequate internal control structure. ChangeManager automates procedures for making and documenting changes to AD and enforcing company policies for modifying AD. The product reports on changes that were made but not approved and on changes that were approved but not implemented. I think we'll see IT pros starting to use ChangeManager and similar products to automate ongoing SOX compliance now that the rush to meet the initial deadlines is behind us.
Turn Back the Clock on Viruses
The ability to scan email messages is an essential capability in today's antivirus solutions. Antivirus products come in various forms: software that runs on a client or on an SMTP server, hardware-based gateways that sit in front of your mail server, and companies that provide services that redirect your DNS MX records to their servers for filtering and forwarding. But with all this scanning in every possible location, viruses still get through. That's why I was excited to talk to Storactive (http://www.storactive.com) about its product, LiveServ for Microsoft Exchange. LiveServ replicates your Exchange Server Store to a Microsoft SQL Server database. Although the product's primary purpose is backup and recovery for Exchange, it also supports rollback and replaying. For example, suppose you discover a worm stuffing your users' Inboxes. A patch is available, but you've already been hit. With LiveServ, you can roll back the Exchange Store, update your antivirus software, and replay the messages. Only this time, your antivirus solution will catch the culprit before it spreads.
