Open Source Cloud Authors: Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz

Related Topics: Open Source Cloud

Open Source Cloud: Article

EOS First Look — Introducing the Malware Trend

Protecting your IT infrastructure

Malware is a generalized term to describe a collection of viruses, worms, spyware, and Trojans. The Microsoft Windows community is familiar with malware since the Windows industry is based on many independent software vendors that develop vertical applications. The complexity of a mixed operating environment presents an ideal opportunity for malware since security vulnerabilities are everywhere, and it's difficult for IT management to distribute patches as needed.

Over the past few years, major virus outbreaks have shut down businesses - from Bank of America to mom-and-pop shops. Recovery from an outbreak is so expensive that companies often have to reallocate their budget to pay for IT security expenses. Security is no longer a luxury of large businesses, but an infrastructure investment for business continuity.

Cross-platform infection recently became a reality, and there are now three types of viruses to keep you on the alert:

  1. Open source applications have fewer resources to deal with security patch issues, and certain Linux viruses utilize open source vulnerabilities to attack.
  2. A new breed of viruses infect both Linux and Windows file systems. This is a common operating environment in education and research organizations.
  3. The major push by UNIX to replace Microsoft Office applications also attracts hackers. The XML_DUSTAR.A is the first virus to attack StarOffice/OpenOffice Suites on Windows 98, ME, NT, 2000, XP, and Server 2003; Linux; and Solaris.
Introduce Enterprise IT Strategy for a Heterogeneous Environment
Although malware was perceived by the UNIX community as a Windows problem, the UNIX community is typically more tech savvy and proactive when dealing with security threats. Patch management is handled with great care since most UNIX servers are a platform for large databases and mission-critical systems.

Since its inception, Linux has evolved from a platform for the hobbyist community to an alternative to UNIX and Windows servers. Many enterprises, including Google, for example, are testing large deployments of Linux technology. Linux servers that were initially deployed as e-mail and Web servers have now migrated to replace Windows file servers. As a file server, a Linux server shares its file system with Windows clients through FTP and SAMBA. This sharing is usually on the departmental level or small business. The lack of supervision on those servers tends to make patch management more challenging, and the multi-purpose nature of Linux servers increases their exposure to outside attack.

For most enterprises that want to minimize operating costs, Linux offers a great return on investment and superior reliability. The IT strategy for the enterprise is to optimize each business process silo with department and business units taking new initiatives. The Linux server is the best candidate for a business initiative. The heterogeneous environment for the enterprise is a natural consequence of organic growth as Linux builds from its success in live deployment.

The AV Compliance Policy for Enterprise Customers and the Top Concern for Security Deployment
The enterprise not only needs security policies to protect its IT infrastructure, it needs to enforce security compliance. Since viruses account for 70% of all enterprise security problems, antiviral compliance is the top concern when deploying a security solution. The initial damage and cleanup process of an antiviral problem is expensive since it is often necessary to dispatch IT personnel. The nature of viruses requires antivirus security and enforcement on every desktop and server. This is the best way to limit viruses from spreading when an outbreak occurs.

The global supply chain also introduces third-world countries to computers and links their systems to first and second world countries. The low-cost nature of Linux systems makes it the largest adoption among manufacturers and connecting to those systems is a necessity for global trade. The challenge, however, is to address unknown viral threats in the Linux platform just like Windows.

Conclusion There are companies in the business world that utilize Linux as an infrastructure for its openness, reliability, and performance. Enterprises that have already adopted Linux servers need a reliable and integrated security solution to protect mixed environments with both Windows and Linux platforms. For complex Linux environments, system administrators need to consistently deploy patches to multiple distributions of Linux. This will reduce the risks posed by constantly changing applications or sharing configurations.

A migrating enterprise needs a strategy that lowers the risk of migration from Windows to Linux, and Microsoft Office to Open Office. The intercompany and intracompany network application traffic needs to be filtered and secured for viral outbreak prevention.

The Trend Strategy and Solution for the Enterprise Environment
Trend Micro has a strategy to deal with this security problem using a centralized server to push out the latest malware patches for both platforms - Linux and Windows. Trend Micro Enterprise Protection Strategy offers multiple layers of products and services to protect mixed-platform environments, including complex distributions of Linux technology. Trend Micro handles Debian, Red Hat, Red Flag, and SuSE with its product release 2.5. This helps solve a problem that most global enterprises face today. While users in Asia, Europe, and North America tend to use different distributions, being able to tackle all various distributions can be a huge benefit if the outbreak is able to infiltrate an network segment with low protection coverage. Global IT managers no longer need to master multiple distributions in order to achieve 100% security patch coverage.

Whenever there is an outbreak, Trend Micro notifies its subscribers to ensure the day-zero protection. The push model of its security patches helps enterprise IT managers reduce their polling efforts by checking disparate vulnerability information sources. With limited resources and more demands on today's IT administrators, Trend Micro helps automate the security patch process, creating a relationship of trust and reliability.

More Stories By David Perry

David Perry is an authority on computer virus prevention with more than 25 years in the technical support and education field.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...