Symantec Tries its hand at SMTP zero day protection

Protection against the zero day attack has been a buzzword in anti-malware software marketing. Its an important thing to have. You can’t run a business while waiting multiple days for virus definitions to be released covering the latest attack.

Symantec Mail Security for SMTP 5.0 is an new email gateway solution that attempts to provide such protection. It combines Brightmail antispam technology with Symantec antivirus and content filtering.

One key new feature is zero-day protection against threats, which uses information on emerging exploits gathered from Symantec’s network of more than 3 million e-mail addresses. When a suspicious e-mail arrives at the server, this feature can be configured to automatically strip off and quarantine the attachment until a virus definition is released, or simply delete the message, said Caccia.
Many vendors are attempting to enable zero- day threat protection by adding multiple virus engines in order to maximize detection, but that doesn’t offer the same level of protection as Symantec’s new offering, said Tom MacArthur, principal of Storbase, a solution provider in Waltham, Mass.
“Although you get some incremental benefit from the [former] approach, it is always better if you can catch viruses early on,” MacArthur said.

Hopefully there will be a bakeoff between this product and those that use multiple engines. It will be interesting to hear more about this approach. I wonder if it is using technology similar to the Real Time Threat Protection Service they just bought when they purchased IMLogic.

Neither approach is going to get 100% of the viruses. They are each vulnerable to targeted attacks. Message Labs on the otherhand uses a heuristic scanner (Skeptic) in addition to three scan engines. Even targeted attacks will have a difficult time penetrating this defense.