Banking on virus detection

The bank already used Network Associates’ antivirus service on the desktop and at the gateway but, for an 80,000-seat organisation, the process of updating signatures was not easy, explained Bob Spencer, head of group IT security at Lloyds TSB. ‘For a global firm, it is difficult to get the antivirus [strategy] right,’ he said.

After some consideration, the bank opted for SkyScan from email security firm MessageLabs, a managed service that monitors emails and prevents infected messages from reaching corporate networks. Prices start at £2 per month per user, with discounts as the number rises. Spencer said that Lloyds TSB is already benefiting from reduced in-house administration. ‘The service makes life a bit easier,’ he admitted.

Getting the message

MessageLabs was chosen because of its record for quickly spotting viruses. Lloyds TSB reviewed products from other antivirus vendors, but only one other firm offered a comparable service, and it was judged to be inferior.

The SkyScan service re-routes every incoming and outbound email to the nearest MessageLabs control point, where they are checked by four separate scanners from antivirus specialists including McAfee and F-Secure. Infected emails are automatically stopped, preventing them from reaching the bank’s network.

This additional layer of protection does not significantly delay email delivery. Because each message is always directed to the nearest control point, only about a second is added to the entire delivery process.

Proactive detection

The service carries out signature updates every 10 minutes across the network, and updates instantly in the event of a virus outbreak. It is also designed to identify viruses proactively, rather than simply comparing code against previously identified viruses.

MessageLabs marketing director Jos White said: ‘[The historical antivirus technique of] identifying a threat, then producing, testing and making available a fix, leaves customers vulnerable to infection.’

The company employs its own scanner, Skeptic, which has a knowledge base of virus techniques and behaviour.

‘Every virus that has been stopped by our systems in the past has been broken down to its component parts. If we see similar techniques in the email being processed, it is checked,’ White explained.

Desktop defence

MessageLabs aims to stop viruses before they reach the customer network, and offers to refund a month’s fee if it lets a virus slip through. ‘This hasn’t happened yet,’ said White.

The service has given Lloyds TSB better protection and may save it money. Previously, viruses could infiltrate desktops, infect the system and require a clean up.

‘Now the virus is stopped before getting to the desktop,’ said Spencer. ‘This saves time and potentially money because of the way you are able to manage the process.’

Spencer added that Lloyds TSB has not encountered any problems with the service so far. ‘It is purely re-routing internet emails in and out of the organisation through the MessageLabs’ service,’ he said.

Implementation took about a month and was not particularly easy, but he pointed out that the process would be the same for any large firm. ‘It went as well as we could expect,’ he claimed.

Room for improvement

The SkyScan service has been running for over a month for 15,000 users on the domain, and the bank plans to roll out the service to other domains during 2002.

Spencer maintained that Lloyds TSB is still trying to strengthen defences against viruses, and that his team is making recommendations for improvements in 2003.

Related reading

HMRC banknotes