PaulDotCom mailing list archives

Corporate AV suggestions

From: jpommerening at SYMBION.COM (Pommerening, Jeremy)
Date: Tue, 11 May 2010 18:45:29 +0000

I was having an issue with Sophos not catching Fake-AV too until I turned on HIPS.  I'm catching most of it now with 
HIPS.  Environment is approx 1000 nodes.  I will agree that the online database is slim but I'm much happier than when 
we used Symantec EP.  As a bonus Sophos includes a lot of functionality at no extra cost with Data Control (DLP) and 
Device Control.





Jeremy Pommerening
MGR, Information Security
Symbion, Inc.
615-234-8912 Direct
615-429-6883 BB

GIAC - GCFA,GPEN, GAWN & GCFW,
GIAC Advisory Board Member
MCSE Win2K, MCSE NT4,
CompTia SERVER+, HP APS



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh 
Little
Sent: Tuesday, May 11, 2010 12:15 PM
To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] Corporate AV suggestions

I'm on the fence regarding our Sophos EP distribution. I have a feeling
that it is a little less resource intensive on the clients than the
Symantec 10 system we replaced, but not by a whole lot. Logging and
reporting isn't that strong, especially if you are looking at offloading
events to a SIM or centralized log collector. Their online database of
threats is very slim on information, especially when compared with
Symantec's offering at http://www.sarc.com . It also doesn't deal very
well with fast morphing threats like the rash of fake security products
that have blown up in the last year. Almost all of the incidents I
respond to are fake AV crap. The management console is still fairly
nice, beyond being weak with reporting. One strong point is deployment -
it was very easy to deploy out using SMS.

Hope that helps...

ZT

On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:

I've been very pleased with Sophos Endpoint protection both from a pricing perspective and support perspective.

Jeremy Pommerening
MGR, Information Security
Symbion, Inc.
615-234-8912 Direct
615-429-6883 BB

GIAC - GCFA,GPEN, GAWN & GCFW,
GIAC Advisory Board Member
MCSE Win2K, MCSE NT4,
CompTia SERVER+, HP APS


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermx
Sent: Tuesday, May 11, 2010 8:33 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Corporate AV suggestions

So, it's license renewal time for our A/V and I'm open for
suggestions/recommendations/horror stories. (I'll be covering roughly
500 Windows based machines).
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the 
individual or entity to whom they are addressed.  If you are not the original recipient or the person responsible for 
the delivering the email to the intended recipient, be advised that you have received this email in error, and that 
any use, dissemination, forwarding, printing or copying of this email is strictly prohibited.  If you received this 
email in error, please delete it from your system without copying it, and notify the sender by reply email so that 
our address record can be corrected.  Thank you. Symbion, Inc.


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the 
individual or entity to whom they are addressed.  If you are not the original recipient or the person responsible for 
the delivering the email to the intended recipient, be advised that you have received this email in error, and that any 
use, dissemination, forwarding, printing or copying of this email is strictly prohibited.  If you received this email 
in error, please delete it from your system without copying it, and notify the sender by reply email so that our 
address record can be corrected.  Thank you. Symbion, Inc.

Current thread:

Corporate AV suggestions xgermx (May 11)
- Corporate AV suggestions Pommerening, Jeremy (May 11)
  - Corporate AV suggestions Josh Little (May 11)
    - Corporate AV suggestions Pommerening, Jeremy (May 11)
    - Corporate AV suggestions xgermx (May 11)
    - Corporate AV suggestions leslie l (May 11)
    - Corporate AV suggestions Matthew Perry (May 11)
    - Corporate AV suggestions Francois Lachance (May 11)
    - Corporate AV suggestions Aaron Moss (May 11)
    - Corporate AV suggestions Raffi Jamgotchian (May 12)
  - Corporate AV suggestions Kim White (May 11)
- Corporate AV suggestions infogeek2u at gmail.com (May 11)
  - Corporate AV suggestions Butturini, Russell (May 11)
- Corporate AV suggestions James Costello (May 11)

(Thread continues...)