PaulDotCom mailing list archives
Corporate AV suggestions
From: jpommerening at SYMBION.COM (Pommerening, Jeremy)
Date: Tue, 11 May 2010 18:45:29 +0000
I was having an issue with Sophos not catching Fake-AV too until I turned on HIPS. I'm catching most of it now with HIPS. Environment is approx 1000 nodes. I will agree that the online database is slim but I'm much happier than when we used Symantec EP. As a bonus Sophos includes a lot of functionality at no extra cost with Data Control (DLP) and Device Control. Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Little Sent: Tuesday, May 11, 2010 12:15 PM To: pauldotcom at mail.pauldotcom.com Subject: Re: [Pauldotcom] Corporate AV suggestions I'm on the fence regarding our Sophos EP distribution. I have a feeling that it is a little less resource intensive on the clients than the Symantec 10 system we replaced, but not by a whole lot. Logging and reporting isn't that strong, especially if you are looking at offloading events to a SIM or centralized log collector. Their online database of threats is very slim on information, especially when compared with Symantec's offering at http://www.sarc.com . It also doesn't deal very well with fast morphing threats like the rash of fake security products that have blown up in the last year. Almost all of the incidents I respond to are fake AV crap. The management console is still fairly nice, beyond being weak with reporting. One strong point is deployment - it was very easy to deploy out using SMS. Hope that helps... ZT On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:
I've been very pleased with Sophos Endpoint protection both from a pricing perspective and support perspective. Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermx Sent: Tuesday, May 11, 2010 8:33 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Corporate AV suggestions So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc.
Current thread:
- Corporate AV suggestions xgermx (May 11)
- Corporate AV suggestions Pommerening, Jeremy (May 11)
- Corporate AV suggestions Josh Little (May 11)
- Corporate AV suggestions Pommerening, Jeremy (May 11)
- Corporate AV suggestions xgermx (May 11)
- Corporate AV suggestions leslie l (May 11)
- Corporate AV suggestions Matthew Perry (May 11)
- Corporate AV suggestions Francois Lachance (May 11)
- Corporate AV suggestions Josh Little (May 11)
- Corporate AV suggestions Aaron Moss (May 11)
- Corporate AV suggestions Raffi Jamgotchian (May 12)
- Corporate AV suggestions Pommerening, Jeremy (May 11)
- Corporate AV suggestions Butturini, Russell (May 11)