Anatomy of a Commercial-Grade Immune System

We have built the first commercial-grade immune system that can find, analyze and cure previously unknown viruses faster than the viruses themselves can spread. The system solves several important problems. A single console allows a customer administrator to decide whether viruses are submitted for analysis automatically, or whether explicit approval is required, and permits new virus definitions to be distributed automatically in response to a new virus, or held for the administrator's approval. A novel active network architecture permits the system to handle a vast number of customer submissions quickly, so the system can handle floods due to an epidemic of a fast-spreading virus, or due to submission of many uninfected files. The analysis center can analyze most viruses automatically, and with greater speed and precision than human analysts can. The analysis center runs the viruses in a virtual environment, so the process is safe and lets our programs analyze the behavior of the virus in real time. Viruses can be replicated in a number of operating system and application environments, including various national languages. Upconversion and downconversion of macro viruses are handled automatically. Both the active network and the analysis center are scaleable, so the system can easily accommodate ever-increasing loads. End-to-end security of the system allows the safe submission of virus samples and ensures authentication of new virus definitions. During the presentation, we will give a live demonstration of a pilot that we have run with customers, and review our experience with the pilot system.