Sybari Additions Fortify Windows Security

In February 2005, Microsoft announced that it had signed the paperwork to acquire antivirus and antispam software vendor Sybari Software, giving Microsoft a leg up in adding antivirus/antispam technology to Microsoft Exchange Server and other enterprise server applications. When Microsoft announced the acquisition, it stated that the Sybari purchase will help Microsoft more fully address its customers' needs for enhanced computer security. Exchange customers—including users of legacy Exchange versions as well as Exchange Server 2003—can look forward to integrated antivirus and antispam protection for their messaging system.

EXTENSIVE PROTECTION
On the surface, Microsoft's stated purpose for the acquisition seems obvious. Sybari Antigen for Microsoft Exchange has been an award-winning antivirus solution for Exchange Server for the last few years, with a customer base of more than 10,000 businesses. But Exchange mailboxes number well into the millions, and the concept of a single solution for protecting all those mailboxes is clearly attractive to Microsoft. Antigen is based on a single-product model; that is, the same version of the product works on all generations of Exchange starting with Exchange Server 5.5. All Exchange environments—even mixed environments—use the same Antigen product. The acquisition also stands to offer Microsoft entrée into non-Exchange shops because Microsoft intends to continue Sybari's support for IBM Lotus Notes and IBM Lotus Domino users on Windows platforms.

With the Sybari acquisition, Microsoft doesn't gain just the Exchange antivirus solution; it also gets Antigen versions for Microsoft SharePoint Portal Server and Microsoft Live Communications Server 2005, along with Domino and Windows Server-hosted SMTP gateways. The Sybari products allow Microsoft to provide a comprehensive antivirus solution across the board for its server-messaging enterprise, including the IM environment (provided by Live Communications Server), which has recently become the subject of malicious code attacks.

Microsoft also gains Sybari's server-based antispam and content-filtering server, Sybari Advanced Spam Manager, and its real-time Sybari Advanced Spam Defense product. These additions mesh well with Microsoft's well-publicized antispam initiative, the addition of antispam features to Exchange, and en-hanced junk-mail filtering in Microsoft Office Outlook 2003.

Consider also that many large installations still running Exchange 2000 Server and Exchange 5.5 will, in the mid- and long term, need to migrate to newer versions of Exchange. Sybari already offers antivirus protection for those earlier Exchange versions and also for Exchange 2003 and clustered Exchange installations. Now that Microsoft can offer its customers antivirus support that protects legacy Exchange servers as well as those that are upgraded or are being migrated, Exchange users can significantly reduce the likelihood that a virus outbreak will catch them in the middle of a software upgrade and compromise their email infrastructure. And the single-product Sybari model that includes legacy versions of Exchange means that users of those older versions will get the latest protection from newly discovered threats as quickly as users of the latest Exchange version.

The addition of the Sybari product line fits well with the multilayered email security strategy that many corporations are implementing and that Microsoft advocates. Email security isn't merely a matter of scanning each user's mailbox for potential threats; stopping those threats before they reach a user's mailbox is a far more effective defense against virus outbreaks. Content and spam filtering take the user out of the equation, greatly reducing the chances that one user who clicks the wrong file in his or her inbox will affect the entire network infrastructure. Additionally, spam filtering cuts down on the overhead associated with antivirus software by stopping potentially viral messages before they need to be scanned.

EXPANDED ANTIVIRUS COVERAGE
Sybari products use a multiengine model to provide what Sybari has claimed is the strongest and fastest antivirus protection. A customer can use up to eight separately licensed engines, running in tandem, which minimizes the possibility of a hole in the protection. Because each engine runs a signature file from a different antivirus lab (which is what accounts for the extreme confidence in the level of protection), an administrator need never take more than a single engine offline at a time for file updating. This means that you never have to shut down the antivirus protection, even for a few minutes, while the software updates. Sybari's Multiple Engine Manager software determines how many engines will do the scanning, changing its parameters according to the administrator's weighting of performance versus protection.

This multiple-vendor approach to the antivirus signature files also means that the latest virus threat to appear will likely be updated in short order (not all antivirus labs release signature updates to new threats at the same speed). Because the technology that each scan engine uses is unique to the lab that produces it, it becomes less necessary for a particular engine to excel at every method of detection. Because Sybari (and now Microsoft) offer a large selection of scan-engine providers, each scan-engine vendor's individual strengths can be combined to make the coverage that Sybari provides as bulletproof as possible. For this multivendor model to continue to work, Microsoft will need to keep working with many third-party antivirus vendors so that it can provide the best possible protection solution for its customers. With close to 90 percent of all virus infections coming from email, clearly quite a bit of work still needs to be done.

MORE SECURE COLLABORATION
When you add spam and content filtering to antivirus protection, the combination provides a firm foundation for your messaging infrastructure's security. But email isn't the only infection vector for viruses, spam, and inappropriate content. Because of the proliferation of portal sites, both for internal company use and for public exposure to customers and business partners, the same antivirus protection and content filtering that you apply to the mail servers needs to be available to collaboration systems. Because Microsoft is pushing the adoption of the Share-Point Portal Server and Windows Share-Point Services, the availability of the Antigen for SharePoint solution and its ability to scan document libraries for viruses, filter content according to predefined dictionaries and policies, deal with found problems, and provide real-time alerts to administrators will help to curb the threats that can enter the network through portal sites and services.

MANAGEMENT TOOLS
All this protection would be significantly less desirable if administrators didn't have a way to manage all the various Sybari installations across the enterprise. Sybari Enterprise Manager meets this need by providing a centralized management solution to all Sybari products that might be installed in an enterprise. Sybari Enterprise Manager is a full-function management solution that not only manages the software but also deploys and installs Sybari product upgrades, patches, hotfixes, and signature files via a browser-based console. Sybari updates are deployed by using a hot-upgrade technology that doesn't require you to take antivirus and antispam services offline. Like any good management tool, Sybari Enterprise Manager provides complete and detailed reporting on all the installed Sybari applications, their activities, and their current status.

For HP OpenView users, Sybari provides a plug-in for OpenView that monitors Antigen services and can automatically launch Sybari Enterprise Manager. And most important to Microsoft, Sybari provides the Sybari Antigen Manage- ment Pack for Microsoft Operations Manager (MOM) 2005, meaning that integration of the Sybari protection infrastructure into the Microsoft management structure is well underway.

INTEGRATED SECURITY
As Microsoft begins to integrate the software capabilities it's amassed in the Sybari acquisition into the Exchange product line (as well as into SharePoint Portal Server) administrators are likely to find that they're no longer spending as much time as they used to worrying about defining their antivirus and spam protection needs. If the Sybari acquisition fulfills its promise, Exchange and its related technologies will finally have the antivirus and spam protection they both need and deserve as integral components of the application server.