Microsoft’s Sybari Experience: How the Antivirus Software Protects Microsoft’s Crucial Communication and Collaboration Infrastructure

REDMOND, Wash., Feb. 8, 2005 — For the past eight months, Microsoft has been using the products of Sybari Software Inc. to protect its enterprise communication and collaboration infrastructure. Privately-held Sybari, based in East Northport, N.Y., is a leading provider of such enterprise-class edge and gateway antivirus security solutions; more than 10 million computer users are protected by Sybari products.

Today, Microsoft announced that it has a signed a definitive agreement to acquire Sybari, due in part to the success Microsoft had in deploying its solution. In its announcement, Microsoft said it expects the purchase will help it to better meet customer needs for enhanced computer security.

Ron Markezich, Microsoft Chief Information Officer.

To understand why Microsoft is so bullish about Sybari — and why Microsoft’s customers should be in the future, as well — PressPass spoke to Microsoft Chief Information Officer Ron Markezich . As CIO, Markezich leads the Microsoft Information Technology group (Microsoft IT), and is responsible for delivering the company’s worldwide internal technology infrastructure, corporate information and internal systems.

PressPass: Microsoft chose Sybari to help protect its communication and collaboration infrastructure. What challenges were you facing?

Ron Markezich : Microsoft’s security challenges are similar to those of many other corporate environments. Like every company, we see a constant stream of e-mail borne viruses; that’s probably the primary source of infection. Worms are an increasingly dangerous type of virus, not only because of their payloads but because they can generate enormous traffic hammering at our gateways, potentially leading to denial of service (DOS) attacks. In addition to viruses and worms, there’s always the issue of malicious content inside e-mail messages, such as the seemingly harmless e-mail of jokes that launch spyware, were they to be opened.

PressPass: How does that compare to the threat profile facing other companies?

Markezich : It’s similar. The worldwide cost of viruses and worms in 2003 has been estimated at more than US$12 billion. I think other companies have learned what Microsoft has learned: that it’s not enough merely to have some base level of protection for an infrastructure — you can have that and still get hit. What we’ve found, and this is true for others as well, is that we need the best infrastructure protection possible, and then we need to continually enhance that protection as the threats evolve — particularly when you’re talking about protecting communication and collaboration infrastructure, since that’s a critical focal point in the battle against malicious software.

For example, a recent ICSA Labs survey found that e-mail attachments were the means of infection in 88 percent of virus incidents in corporate environments — despite the fact that 94 percent of companies in the same survey said they had antivirus protection on their e-mail servers. Simply “having antivirus protection” isn’t enough.

PressPass: How was Microsoft dealing with this threat?

Markezich : A multilayered approach is crucial to maximizing an antivirus defense. Microsoft has long had such an approach — for example, with protection both at the desktop and at the Internet gateway.

PressPass: What led to your consideration of Sybari for Microsoft’s own IT environment?

Markezich : One factor was the evolving nature of Internet threats — for example, the increasing volume of worms that not only needed to be removed, like traditional viruses, but that also required the elimination of the e-mail message. And we were seeing an increasing volume of spoof viruses and viruses in Zip attachments. We needed a better way to handle these.

Another factor was our interest in consolidating our Microsoft Exchange Server messaging and collaboration environment to reduce total cost of ownership (TCO). Exchange Server 2003 enables tremendous computer server consolidation — but other gateway solutions require dedicated servers for virus scanning and don’t integrate natively directly into Exchange. So with other solutions we couldn’t get the maximum benefit from consolidation.

A third set of factors had to do with performance and reliability: Like many companies, our use of e-mail and collaboration technologies is rising exponentially. We need a gateway solution that will scale to provide superb support not only at the volumes we have today, but at the volumes we anticipate over the next few years.

PressPass: How did these factors lead you to Sybari?

Markezich : About a year ago we conducted a major analysis of leading gateway antivirus products. We set up a controlled lab environment that fully matched the Microsoft production environment in number of servers, simulated traffic and so on. We tested on the basis of both performance and functionality. Could a product maintain its virus-catching performance even under the most stressful loads? Could it perform under unexpected conditions, such as when a computer reboots because of maintenance updates? Did the solution support all the messaging encoding it was likely to encounter? Did it integrate natively with Exchange Server, eliminating the need for dedicated virus scanning computers?

Perhaps the key issue from a management perspective was, did the solution support multiple scanning engines? That’s absolutely crucial because, if you depend on a single scanning engine and it misses the infection or is taken down by it, you’re sunk. With multiple engines all working through a single scanning solution, you get faster response, more certain response, and more reliable operation during an actual threat.

PressPass: And how did Sybari measure up?

Markezich : On all of these measures, Sybari was far and away above anything else we looked at. We went into production with Sybari on our communication and collaboration environment in May 2004 and it immediately became an integral part of our messaging hygiene defense. We have better protection at lower cost than we had before. We strip harmful attachments without losing mail. We scan Zip files. We consolidated the number of our Internet gateways from 18 to 10 for a tremendous reduction in TCO. We have full protection even during peak traffic.

PressPass: Your bottom-line evaluation of Sybari?

Markezich : We haven’t had a single e-mail related infection since adopting Sybari. Our vision for security in workplace collaboration is that it requires layered defenses, tight integration with the rest of the infrastructure, and protection from the latest threats. Sybari met our needs on all of these criteria.

PressPass: And that’s why Microsoft is acquiring the company?

Markezich : In part, yes — but more importantly, we think that Sybari offers strong technologies and approaches that we can offer to help protect our customers from the threats of malicious software. There’s no single answer to the problem of greater security, so Microsoft has been engaged in helping customers secure their environments by providing guidance, taking a leadership role in the industry and making investments in technology.

For example, our guidance to customers has come in the form of product deployment guides, security seminars, books and training. We’ve worked to become leaders in the security industry through the formation of working groups such as the Virus Information Alliance, which fosters information sharing among antivirus providers about emerging threats, for better response and greater protection for customers. We also partner with service providers and government agencies as a member of organizations such as the Global Infrastructure Alliance for Internet Safety.

And of course we invest heavily in security-enhancing technology, such as Microsoft Windows Server 2003 Service Pack 1, Windows XP Service Pack 2 and malicious software removal tools.

PressPass: How do acquisitions fit into this strategy?

Markezich : As part of our technology investment, Microsoft makes acquisitions, as well as invests internally. For example, our acquisition of GeCAD helped us to deliver cleaner tools to help customers recover after the Blaster, MyDoom, Sasser and Download.Ject infections. It also helped us to provide the Microsoft Malicious Software Removal Tool to more than 133 million PCs. In December, we acquired GIANT Software Company to help give customers relief against spyware; there have been more than 5.5 million copies of the Microsoft Windows AntiSpyware beta downloaded since it became available last month. Our acquisition of Sybari is consistent with this approach. It provides us with additional technology to help address customer concerns regarding security.

PressPass: And the key reason CIOs at other companies should be as excited about using Sybari as you are?

Markezich : I think many other CIOs will be excited about the ability to use multiple scanning engines with Sybari, which I mentioned earlier, as well as by the performance, manageability, and solid integration with their messaging servers like Exchange. Choice and performance — that’s an exciting combination.

Related Posts