Enterasys Secure Networks technology quickly thwarts latest Bagle virus

Enterasys Networks Inc, the Secure Networks Company, today announced that on 9 August, it used the capabilities of its own Secure Networks infrastructure to quickly identify and protect its worldwide corporate network from the latest version of the Bagle Internet virus.

The resolution of the problem was a textbook example of applying the power of Enterasys Secure Networks technology to effectively protect against the challenges that every major enterprise faces from the potentially devastating business losses that such a virus can cause.

On 9 August, at 12.45pm, the company began receiving suspicious e-mails with the word `price` in the subject line, with a zip file attachment also using price in its naming convention. The IT staff quickly determined that these e-mails were a new version of the Bagle virus.

This virus sends e-mails containing a zip file to as many e-mail addresses as it can find on a recipient`s PC. If a recipient unzips and opens the files, his or her PC is infected. The virus also connects to various Web sites and download files - possibly to alert the virus writer that a new system is infected. The virus perpetuates itself by acting as its own e-mail engine and forges - or spoofs - e-mail addresses so it appears to be a legitimate message coming from a sender potentially familiar to the recipient.

The Enterasys IT department identified the problem before any updated virus definitions were available from anti-virus software companies. To limit the spread of the virus, Enterasys leveraged its Acceptable Use Policy solution to prevent users from accessing the SMTP server while it deployed a policy to prevent the virus from spreading.

"A virus like this is a nuisance that can quickly turn into a business-threatening problem if it widely infiltrates an enterprise network," said Len Couture, CIO of Enterasys. "Like most companies, our network is essential to our ability to conduct business, serve our customers and communicate within and outside of the company.

"As soon as we identified this threat, we created a policy to prevent the spread of the virus across our network," said Couture. "In less than two minutes, we pushed that new policy out to thousands of nodes on our network across 40 sites in 20 countries, protecting against potential business loss resulting from inaccessibility or compromise of our key enterprise services. We suffered no network downtime, no lost business, and no impact on revenue.

"To put this in perspective, without our AUP approach the only remediation mechanism available to attempt to control such a virus using other vendors` network security offerings would be to create a router access control list (ACL). This approach would only protect one LAN from another, instead of delivering the granular control-to the user and device level-provided by Enterasys Acceptable Use Policy. Applying policy took two minutes, changing router ACLs can take hours," said Couture.

Enterasys` industry-leading Secure Networks technology and solutions provide the highest level of infrastructure security available today. Secure Networks delivers the most granular level of security, providing visibility and control down to the network device, individual user and application level. This enables enterprises to quickly and easily detect, assess, locate and protect against attacks. This unmatched security comes from the integrated policy-based management software architecture that works with the embedded security capabilities Enterasys designs into its entire product line. This unique approach offers significant operational and business benefits, which vendors that add hardware or software to multiple network access points in an attempt to increase security cannot equal. In fact, Secure Networks technology can even make networks with competitors` equipment more secure.