Re: Enterprise AV

[Robert Mezzone <Robert.Mezzone () PJSolomon Com>]

I have to agree with everything Greg said. Over the years I've used all the
products mentioned and really like InoculateIT. I use it on the servers and
workstations. I use Trend on the mail server. I've never had an infection,
admin console is simple, yet does everything you need and it has two
different scan engines, which are independently developed. I use one engine
on the server and a second on the workstations. I learned a long time ago
there supports leaves a lot to be desired, but once you get ahold of a
knowledgable person. I've never had to call support for InoculateIT, and I
never worry about infections. I've never understood why their products get
such a bad rap, except for some licensing issues with Arcserve, I've never
had any problems with there products. Good luck.

Robert


-----Original Message-----
From: Gregory M. Brown <gbrown () alvalearning com>
To: security-basics () securityfocus com <security-basics () securityfocus com>
Sent: Fri Sep 12 12:08:36 2003
Subject: RE: Enterprise AV

Greetings.
The AV front is very competitive indeed.  On my network, I evaluated 6
different companies.  Since there are so many "options", I took about a
month to do my evaluating.  E-mail security, ease of definition updates,
competitor removal capabilities and an enterprise console were all
relevant to my situation.  Trend Micro has to get kudos for best attempt
at my business.  Cool t-shirts and an expensive lunch...  Their product
is extremely reliable and well respected.  However, it is horrifically
expensive.  Norton was not so expensive, but it is not my preferred AV
solution because of its history.  McAffee just simply is not for me.
CA won the day.  It's amazingly simple.  I paid $8.75/ node!  This
includes plug-ins for Exchange, perimeter and gateway devices (important
to a MS VPN as users can configure "split-tunneling"), as well as PDA's.
I got a 2 year maintenance agreement for "free"!  The only drawback is
support.  Their call center is in India, so language is kind of an
issue.  Their documentation rocks- very little support has been needed
so far.  Not one virus/worm has made it into my network.  It's funny, a
Canon rep was onsite pitching me this 12 billion dollar copier, fax,
tanning bed, coffee maker etc. during the height of msblaster.  I asked
him how his network was in the face of this worm.  He said, "... we're
offline from NY to LA."  Makes ya wonder why I was turned down a job at
Canon USA, considering security specialists there make in excess of
$200,000!  Don't do what Canon did.  They had McAffee and it failed
them.  I also heard Norton could isolate the worm, but was unable to
remove it.  I don't work for CA, nor am I a paid endorser.  I'm just a
minimum wage IT director who likes spending weekends rollerblading and
skiing here in Colorado, not battling stubborn worms and inefficient AV
software.
gb


-----Original Message-----
From: Tim Syratt [mailto:tims () syratt com] 
Sent: Thursday, September 11, 2003 3:42 PM
To: jburzenski () americanhm com
Cc: security-basics () securityfocus com
Subject: Re: Enterprise AV

Hi jason,

I asked this question to a few people only recently..

An organisation I work for uses Sophos, its a great product and very
reliable. (although msblaster did catch us out, but they had a virus
definition 1 hr after I alerted them)

The trouble with SOphos is that its VERY expensive if you want the
enterprise solution which will update your virus def's for you, without
having to download and roll them out.

The last network I built will be going with Norton Antivirus, because I
can just subscribe to the auto updates and have it update for me, for
about $300.00AUD (5 users).  One person I spoke to said that it activly
stopped a few scripts running (IE exploits), which Sophos doesn't appear
to do.

HTH!

Regs,
Tim

On Thu, 11 Sep 2003 jburzenski () americanhm com wrote:

> Does anyone have any recent experience deploying one of the major AV
tools
> (McAfee ePO, Symatec Enterprise Manager, SOPHOS SAV, or other?) to an
> enterprise?  I am currently evaluating several of these products and
would
> like to hear how others are managing.
>
> In particular I am concerned with, ease of deployment, usefulness of
'out of
> box' reporting, multi-platform support (winA-winZ only), unexpected
> problems, and of course costs.  Any experience or words of advice
would be
> appreciated.
>
> Thanks,
>
> Jason Burzenski
------------------------------------------------------------------------
---
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----
>


------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------