advertising information
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Security elite form SWAT teams to attack viruses

by Matthew Nelson



Have you lost time on your network due to a virus intrusion?

Yes No
View Results

(IDG) -- As malicious network viruses increasingly resemble terrorist attacks, the security industry is developing its own version of SWAT teams that aim to swiftly diffuse crises and get hostages out of a jam.

Recently, security vendor Network Associates Inc. (NAI) was faced with a difficult virus to eradicate when its customer MCI WorldCom contracted the Remote Explorer virus, which affects Windows NT machines and encrypted data.

To combat the virus, NAI called on its anti-virus researchers in the United States, Japan, and England to fix the damage. The company even recalled a team manager from vacation in Mexico.

"That is the job. The guy carries a beeper. The customer has a problem, and the customer wants it fixed now," says Peter Watkins, general manager of the Net Tools Secure division at Network Associates, in Santa Clara, Calif. "The guy we had to pull back from Mexico was the manager of the lab. This is the guy that has to determine the priorities. We just pull them in. You have to."

No longer is it enough to purchase anti-virus or intrusion-detection software and install it on a network. Users must now evaluate security vendors' capability to address a new virus or attack and quickly respond with a fix to the problem.

  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at's personal news page
  Subscribe to's free daily newsletter for IT leaders
  Questions about computers? Let's editors help you
  Search in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute

"As the networks become ever more intertwined and the code becomes more self-replicating and vicious, the amount of damage is growing exponentially," says Jim Balderston, an industry analyst at Zona Research, in Redwood City, Calif. "The key, now and into the future is shrinking response times so the damage can be limited or minimized."

As customers evaluate possible security solutions, most SWAT teams point to several key points of differentiation of which to be aware.

  • What is the size and availability of the team?
  • What kind of turnaround time does the group usually have on viruses?
  • What is the ease of attaining updates for products?
  • Do they provide the services you need to keep up and running?
  • Which platforms do they support?
  • What is their virus-detection track record?

"I love my job," says Vincent Gullotto, manager of Anti-Virus Emergency Response Team at Network Associates, in Beaverton, Ore. "It's definitely what we live for. Most of these people are hard-core anti-virus people. A lot of them eat, sleep, and breathe these sort of things."

"I love my job a lot," says Carey Nachenberg, chief researcher on Symantec Anti-virus Research Team, or SARC, at Symantec, in Santa Monica, Calif. "I look forward to every day. It's actually quite challenging."

Users dealing with security issues, however, expect this level of commitment when it comes to getting networks back online after a virus attack.

"Any kind of company that deals with the ongoing threat of viruses would have some system in place where if we came to them with a virus they would come to us with a fix," says a virus security administrator at a large software publication company in California, who wished to remain anonymous. "You don't hear a lot of stories about viruses, but our company has been passing a lot of viruses lately. Thankfully none that have been very malicious."

The simple fact is, however, if a major virus hits, the first thing most administrators will do is remove their systems from a network.

That leaves users without network access and unable to conduct business as usual, and a company at a standstill is a company not making money.

"Basically if you don't have to wait and your users don't have to wait, that's important. Turnaround time is going to be critical in this field," says SARC's Nachenberg. "Every minute that an IS manger is waiting, they have people who are waiting to get their systems back."

SARC has an average response time of 19 hours. In an effort to cut response times to virus alerts, SARC is working with IBM to create and perfect a digital immune system that will use computers to scan, identify, and fix viruses without the need for human intervention.

"Rather than humans doing the analysis, we're going to have computers do it," Nachenberg says. "That way we won't have to come back from our vacations."

NAI has set the bar high for itself and is taking a slightly different approach, according to Watkins.

"I'd like to get that cycle time to less than six hours," Watkins says. "Over the next year, I'd like to have some of our electronic analysis tools onsite on the server.

"What I'm doing here is having more points of analysis near the customers, because the key here is quick containment," Watkins adds.

Message Board:

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.