Security Basics mailing list archives
RE: recommendations for centrally managed corporate antivirus solution
From: "Mark Brunner" <mark_brunner () hotmail com>
Date: Fri, 15 Feb 2008 18:44:18 -0500
Missed the original post, but here is my 2¢ on the subject. Any centrally managed A/V solution is better than none at all, or an unmanaged solution, by a country mile. Trend Micro is in use at one of the places that I work, and it is a good, robust product if configured correctly and properly maintained. Trend is adding some great things in the malicious site detection arena as well, in their home user A/V space and these changes are moving into their corporate solution. TMCM is a system that requires a little more attention to administration than some others, but it is in my experience a decent and effective part of an overall A/V solution. Trend releases more updates more often than others that I have used. Several in any given day, they are very responsive to variant submission, and more thorough in their analysis. They will issue a "bandage" patch very quickly to help you in incident response efforts, usually within the hour. Symantec's offering is probably the most mature, requiring less management attention, but it too suffers from the occasional glitches regarding child server and client update issues as Randy describes. They are finally moving into the behavioral analysis realm, and it is about time. I used to work for them, and remain proud of their products and efforts. Their tech-support is, well, somewhat slow, and they issue incident response signatures somewhat slower than Trend. My experience with McAfee is limited, but I found their products to be VERY admin intensive, and unreliable. I had many signature updates from them cause server crashes and outages. Your mileage may vary, and it has been a few years since I looked at them. This perception may be outdated... BitDefender and Sophos should also get honorable mention, as they are both very good and capable products. The best solution IMHO is a layered defense when dealing with A/V. I believe in mix and match. Check any submission at VirusTotal and you will see that no one product catches them all. There are appliances around now that work as gateways that can provide multiple A/V products in a single device, if you add a mail scanning application, a browser aware, centrally managed endpoint solution coupled with a desktop firewall, you have a solid control mechanism for malware and other ingress points. This may sound like an extreme solution, multiple A/V at the gateway, mail server A/V, and endpoint product, but you have to consider all of the attack surfaces available and the fact that these evil little bunnies are always adapting their attacks and delivery systems. There are people at the other end that want to get their warez onto your systems. I can recommend Trend Micro and Symantec, but would also suggest looking at GFI and others. Check the Gartner "Quadrant" reports and Secure Computing for direct comparison and roadmap projections. Somewhere out there is a solution that closely matches your needs. Hope this blind response is in order with the original question. If not, heck it was only 2¢... Cheers, Mark -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Randy Wyatt Sent: Friday, February 15, 2008 10:38 AM To: security-basics () securityfocus com Subject: Re: recommendations for centrally managed corporate antivirus solution At the moment, I can not recommend TrendMicro, I have seen more than 15 virii escape detection and essentially shut down an office network with around 100 users. It really did not seem that the clients would stay in sync with the servers for the anti-virus signatures. The company I work for switched to avast anti-virus and it is much better at keeping current, but the scans seem to take forever especially on large files. Best Regards, Randy
Current thread:
- RE: recommendations for centrally managed corporate antivirus solution, (continued)
- RE: recommendations for centrally managed corporate antivirus solution Mason, Samuel (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution Steve Anderson (Feb 15)
- Re: recommendations for centrally managed corporate antivirus solution Josh Haft (Feb 14)
- Re: recommendations for centrally managed corporate antivirus solution Patrick Hendrick (Feb 14)
- Re: recommendations for centrally managed corporate antivirus solution Jason P. Rusch (Feb 15)
- Re: recommendations for centrally managed corporate antivirus solution Allan Wind (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution Dan Lynch (Feb 15)
- Re: recommendations for centrally managed corporate antivirus solution Randy Wyatt (Feb 15)
- Re: recommendations for centrally managed corporate antivirus solution J-Michael Roberts (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution Mark Brunner (Feb 18)
- Re: recommendations for centrally managed corporate antivirus solution Randy Wyatt (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution Murda Mcloud (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution David Harley (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution Petter Bruland (Feb 15)
- Re: recommendations for centrally managed corporate antivirus solution Secure This (Feb 15)
- Re: recommendations for centrally managed corporate antivirus solution Jon R. Kibler (Feb 19)
- Re: Re: recommendations for centrally managed corporate antivirus solution jayvanguy (Feb 15)
- RE: recommendations for centrally managed corporate antivirus solution Albert Gonzalez (Feb 18)