Open Source Cloud Authors: Liz McMillan, Zakia Bouachraoui, William Schmarzo, Elizabeth White, Yeshim Deniz

Related Topics: Open Source Cloud

Open Source Cloud: Article

EOS First Look — Introducing the Malware Trend

Protecting your IT infrastructure

Malware is a generalized term to describe a collection of viruses, worms, spyware, and Trojans. The Microsoft Windows community is familiar with malware since the Windows industry is based on many independent software vendors that develop vertical applications. The complexity of a mixed operating environment presents an ideal opportunity for malware since security vulnerabilities are everywhere, and it's difficult for IT management to distribute patches as needed.

Over the past few years, major virus outbreaks have shut down businesses - from Bank of America to mom-and-pop shops. Recovery from an outbreak is so expensive that companies often have to reallocate their budget to pay for IT security expenses. Security is no longer a luxury of large businesses, but an infrastructure investment for business continuity.

Cross-platform infection recently became a reality, and there are now three types of viruses to keep you on the alert:

  1. Open source applications have fewer resources to deal with security patch issues, and certain Linux viruses utilize open source vulnerabilities to attack.
  2. A new breed of viruses infect both Linux and Windows file systems. This is a common operating environment in education and research organizations.
  3. The major push by UNIX to replace Microsoft Office applications also attracts hackers. The XML_DUSTAR.A is the first virus to attack StarOffice/OpenOffice Suites on Windows 98, ME, NT, 2000, XP, and Server 2003; Linux; and Solaris.
Introduce Enterprise IT Strategy for a Heterogeneous Environment
Although malware was perceived by the UNIX community as a Windows problem, the UNIX community is typically more tech savvy and proactive when dealing with security threats. Patch management is handled with great care since most UNIX servers are a platform for large databases and mission-critical systems.

Since its inception, Linux has evolved from a platform for the hobbyist community to an alternative to UNIX and Windows servers. Many enterprises, including Google, for example, are testing large deployments of Linux technology. Linux servers that were initially deployed as e-mail and Web servers have now migrated to replace Windows file servers. As a file server, a Linux server shares its file system with Windows clients through FTP and SAMBA. This sharing is usually on the departmental level or small business. The lack of supervision on those servers tends to make patch management more challenging, and the multi-purpose nature of Linux servers increases their exposure to outside attack.

For most enterprises that want to minimize operating costs, Linux offers a great return on investment and superior reliability. The IT strategy for the enterprise is to optimize each business process silo with department and business units taking new initiatives. The Linux server is the best candidate for a business initiative. The heterogeneous environment for the enterprise is a natural consequence of organic growth as Linux builds from its success in live deployment.

The AV Compliance Policy for Enterprise Customers and the Top Concern for Security Deployment
The enterprise not only needs security policies to protect its IT infrastructure, it needs to enforce security compliance. Since viruses account for 70% of all enterprise security problems, antiviral compliance is the top concern when deploying a security solution. The initial damage and cleanup process of an antiviral problem is expensive since it is often necessary to dispatch IT personnel. The nature of viruses requires antivirus security and enforcement on every desktop and server. This is the best way to limit viruses from spreading when an outbreak occurs.

The global supply chain also introduces third-world countries to computers and links their systems to first and second world countries. The low-cost nature of Linux systems makes it the largest adoption among manufacturers and connecting to those systems is a necessity for global trade. The challenge, however, is to address unknown viral threats in the Linux platform just like Windows.

Conclusion There are companies in the business world that utilize Linux as an infrastructure for its openness, reliability, and performance. Enterprises that have already adopted Linux servers need a reliable and integrated security solution to protect mixed environments with both Windows and Linux platforms. For complex Linux environments, system administrators need to consistently deploy patches to multiple distributions of Linux. This will reduce the risks posed by constantly changing applications or sharing configurations.

A migrating enterprise needs a strategy that lowers the risk of migration from Windows to Linux, and Microsoft Office to Open Office. The intercompany and intracompany network application traffic needs to be filtered and secured for viral outbreak prevention.

The Trend Strategy and Solution for the Enterprise Environment
Trend Micro has a strategy to deal with this security problem using a centralized server to push out the latest malware patches for both platforms - Linux and Windows. Trend Micro Enterprise Protection Strategy offers multiple layers of products and services to protect mixed-platform environments, including complex distributions of Linux technology. Trend Micro handles Debian, Red Hat, Red Flag, and SuSE with its product release 2.5. This helps solve a problem that most global enterprises face today. While users in Asia, Europe, and North America tend to use different distributions, being able to tackle all various distributions can be a huge benefit if the outbreak is able to infiltrate an network segment with low protection coverage. Global IT managers no longer need to master multiple distributions in order to achieve 100% security patch coverage.

Whenever there is an outbreak, Trend Micro notifies its subscribers to ensure the day-zero protection. The push model of its security patches helps enterprise IT managers reduce their polling efforts by checking disparate vulnerability information sources. With limited resources and more demands on today's IT administrators, Trend Micro helps automate the security patch process, creating a relationship of trust and reliability.

More Stories By David Perry

David Perry is an authority on computer virus prevention with more than 25 years in the technical support and education field.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...