Open Source Cloud Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski

Related Topics: Open Source Cloud

Open Source Cloud: Article

EOS First Look — Introducing the Malware Trend

Protecting your IT infrastructure

Malware is a generalized term to describe a collection of viruses, worms, spyware, and Trojans. The Microsoft Windows community is familiar with malware since the Windows industry is based on many independent software vendors that develop vertical applications. The complexity of a mixed operating environment presents an ideal opportunity for malware since security vulnerabilities are everywhere, and it's difficult for IT management to distribute patches as needed.

Over the past few years, major virus outbreaks have shut down businesses - from Bank of America to mom-and-pop shops. Recovery from an outbreak is so expensive that companies often have to reallocate their budget to pay for IT security expenses. Security is no longer a luxury of large businesses, but an infrastructure investment for business continuity.

Cross-platform infection recently became a reality, and there are now three types of viruses to keep you on the alert:

  1. Open source applications have fewer resources to deal with security patch issues, and certain Linux viruses utilize open source vulnerabilities to attack.
  2. A new breed of viruses infect both Linux and Windows file systems. This is a common operating environment in education and research organizations.
  3. The major push by UNIX to replace Microsoft Office applications also attracts hackers. The XML_DUSTAR.A is the first virus to attack StarOffice/OpenOffice Suites on Windows 98, ME, NT, 2000, XP, and Server 2003; Linux; and Solaris.
Introduce Enterprise IT Strategy for a Heterogeneous Environment
Although malware was perceived by the UNIX community as a Windows problem, the UNIX community is typically more tech savvy and proactive when dealing with security threats. Patch management is handled with great care since most UNIX servers are a platform for large databases and mission-critical systems.

Since its inception, Linux has evolved from a platform for the hobbyist community to an alternative to UNIX and Windows servers. Many enterprises, including Google, for example, are testing large deployments of Linux technology. Linux servers that were initially deployed as e-mail and Web servers have now migrated to replace Windows file servers. As a file server, a Linux server shares its file system with Windows clients through FTP and SAMBA. This sharing is usually on the departmental level or small business. The lack of supervision on those servers tends to make patch management more challenging, and the multi-purpose nature of Linux servers increases their exposure to outside attack.

For most enterprises that want to minimize operating costs, Linux offers a great return on investment and superior reliability. The IT strategy for the enterprise is to optimize each business process silo with department and business units taking new initiatives. The Linux server is the best candidate for a business initiative. The heterogeneous environment for the enterprise is a natural consequence of organic growth as Linux builds from its success in live deployment.

The AV Compliance Policy for Enterprise Customers and the Top Concern for Security Deployment
The enterprise not only needs security policies to protect its IT infrastructure, it needs to enforce security compliance. Since viruses account for 70% of all enterprise security problems, antiviral compliance is the top concern when deploying a security solution. The initial damage and cleanup process of an antiviral problem is expensive since it is often necessary to dispatch IT personnel. The nature of viruses requires antivirus security and enforcement on every desktop and server. This is the best way to limit viruses from spreading when an outbreak occurs.

The global supply chain also introduces third-world countries to computers and links their systems to first and second world countries. The low-cost nature of Linux systems makes it the largest adoption among manufacturers and connecting to those systems is a necessity for global trade. The challenge, however, is to address unknown viral threats in the Linux platform just like Windows.

Conclusion There are companies in the business world that utilize Linux as an infrastructure for its openness, reliability, and performance. Enterprises that have already adopted Linux servers need a reliable and integrated security solution to protect mixed environments with both Windows and Linux platforms. For complex Linux environments, system administrators need to consistently deploy patches to multiple distributions of Linux. This will reduce the risks posed by constantly changing applications or sharing configurations.

A migrating enterprise needs a strategy that lowers the risk of migration from Windows to Linux, and Microsoft Office to Open Office. The intercompany and intracompany network application traffic needs to be filtered and secured for viral outbreak prevention.

The Trend Strategy and Solution for the Enterprise Environment
Trend Micro has a strategy to deal with this security problem using a centralized server to push out the latest malware patches for both platforms - Linux and Windows. Trend Micro Enterprise Protection Strategy offers multiple layers of products and services to protect mixed-platform environments, including complex distributions of Linux technology. Trend Micro handles Debian, Red Hat, Red Flag, and SuSE with its product release 2.5. This helps solve a problem that most global enterprises face today. While users in Asia, Europe, and North America tend to use different distributions, being able to tackle all various distributions can be a huge benefit if the outbreak is able to infiltrate an network segment with low protection coverage. Global IT managers no longer need to master multiple distributions in order to achieve 100% security patch coverage.

Whenever there is an outbreak, Trend Micro notifies its subscribers to ensure the day-zero protection. The push model of its security patches helps enterprise IT managers reduce their polling efforts by checking disparate vulnerability information sources. With limited resources and more demands on today's IT administrators, Trend Micro helps automate the security patch process, creating a relationship of trust and reliability.

More Stories By David Perry

David Perry is an authority on computer virus prevention with more than 25 years in the technical support and education field.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...