Discussion:
looking for enterprise AV solution
(too old to reply)
Mikhail A. Utin
2010-10-26 13:55:46 UTC
Permalink
Folks,
We are looking an enterprise level AV-software to replace our current AVG having in our eyes poor detection and removal capability. Reviews bring really mixed results as "nothin's perfect". Access to logs and relible management control features are important as well. Any advising?
Thank you

***@commonwealthcare.org

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
Jason Nada
2010-10-26 16:04:07 UTC
Permalink
We have been using Sophos Enterprise Console.

From: ***@commonwealthcare.org
To: full-***@lists.grok.org.uk
Date: Tue, 26 Oct 2010 09:55:46 -0400
Subject: [Full-disclosure] looking for enterprise AV solution
















Folks,

We
are looking an enterprise level AV-software to replace our current AVG having
in our eyes poor detection and removal capability. Reviews bring really mixed
results as “nothin’s perfect”. Access to logs and relible management
control features are important as well. Any advising?

Thank
you



***@commonwealthcare.org







CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
opticfiber
2010-10-26 16:19:47 UTC
Permalink
Nothing's perfect.

Symantec Endpoint protection, Trend Micro Worry-Free Business
Security, and Kaspersky all offer decent protection, but nothing will
detect everything. I would decide what's most important for your
business and start comparing the features and detection rates of the
above. You may also want to take into account manageability, system
resources required, and error rates.
Post by Jason Nada
We have been using Sophos Enterprise Console.
________________________________
Date: Tue, 26 Oct 2010 09:55:46 -0400
Subject: [Full-disclosure] looking for enterprise AV solution
Folks,
We are looking an enterprise level AV-software to replace our current AVG
having in our eyes poor detection and removal capability. Reviews bring
really mixed results as “nothin’s perfect”. Access to logs and relible
management control features are important as well. Any advising?
Thank you
CONFIDENTIALITY NOTICE: This email communication and any attachments may
contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received
this communication
in error and that any review, disclosure, dissemination, distribution or
copying of it or its
contents is prohibited. If you have received this communication in error,
please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies
of this communication
and any attachments. For further information regarding Commonwealth Care
Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Genius is one percent inspiration and ninety-nine percent perspiration.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
R0me0 ***
2010-10-26 16:26:14 UTC
Permalink
Kaspersky
Post by opticfiber
Nothing's perfect.
Symantec Endpoint protection, Trend Micro Worry-Free Business
Security, and Kaspersky all offer decent protection, but nothing will
detect everything. I would decide what's most important for your
business and start comparing the features and detection rates of the
above. You may also want to take into account manageability, system
resources required, and error rates.
Post by Jason Nada
We have been using Sophos Enterprise Console.
________________________________
Date: Tue, 26 Oct 2010 09:55:46 -0400
Subject: [Full-disclosure] looking for enterprise AV solution
Folks,
We are looking an enterprise level AV-software to replace our current AVG
having in our eyes poor detection and removal capability. Reviews bring
really mixed results as “nothin’s perfect”. Access to logs and relible
management control features are important as well. Any advising?
Thank you
CONFIDENTIALITY NOTICE: This email communication and any attachments may
contain confidential
and privileged information for the use of the designated recipients named
above. If you are
not the intended recipient, you are hereby notified that you have
received
Post by Jason Nada
this communication
in error and that any review, disclosure, dissemination, distribution or
copying of it or its
contents is prohibited. If you have received this communication in error,
please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all
copies
Post by Jason Nada
of this communication
and any attachments. For further information regarding Commonwealth Care
Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Genius is one percent inspiration and ninety-nine percent perspiration.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
bk
2010-10-26 18:26:11 UTC
Permalink
(resending from correct account)
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software <snip>. Any advising?
Signature-based AV is a dead technology. Updates don't get released until hours after you're already infected, so all it really ends up doing is being a resource-suck on your CPUs and hard-disk access.

My recommendation: Buy whatever has the highest composite score for ease of management, limited resource consumption, and affordability.

Anyone who says "get Vendor X" or "get Brand Y" without telling you what selection criteria they used is a tool. How do you know if what is important to you was also important to them in making the selection?

Run zero-hour threat detection on your e-mail gateway, and force your users through a proxy that does content scanning for web threats. Make sure you don't get duped by vendors who sell "network virus detection" in their products that is actually just a tiny sub-set of some vendor's signatures that are rarely updated (a lot of firewalls do this). You want something that is based on anomaly detection and has the ability to detect emerging threats.

Getting an update 9 hours after the virus is released isn't any better than not having AV at all, and I'd argue that due to license costs and performance impact, it's actually worse. You're better off just setting aside budget for virus clean-up and employee education... Too bad auditors don't see it that way.

--
bk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Jamie Riden
2010-10-27 10:32:31 UTC
Permalink
Post by bk
(resending from correct account)
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software <snip>. Any advising?
Signature-based AV is a dead technology.  Updates don't get released until hours after you're already infected, so all it really ends up doing is being a resource-suck on your CPUs and hard-disk access.
My recommendation:  Buy whatever has the highest composite score for ease of management, limited resource consumption, and affordability.
Anyone who says "get Vendor X" or "get Brand Y" without telling you what selection criteria they used is a tool.  How do you know if what is important to you was also important to them in making the selection?
If you've got a decent perimeter, it should keep the threats out for
some time, but I tend to agree. AV these days is starting to be more
about detection than prevention - it will at least highlight that you
have a problem so you can deal with it. Think of it as part of your
intrusion detection if it helps.

Oh, and somewhere I used to work ran two separate AV products on the
mail gateway, and then a third on desktops on servers. I suspect this
was more about licensing models (couldn't do per-seat for email as we
had >100k email addresses) than paranoia, but it did help out
considerably to have independent engines.

cheers,
Jamie
--
Jamie Riden / ***@honeynet.org / ***@gmail.com
http://uk.linkedin.com/in/jamieriden

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
James Rankin
2010-10-27 10:36:24 UTC
Permalink
Ditto on the belt and braces approach.

I've had a lot of good experiences with Sunbelt's Vipre product. It is
extremely easy to deploy and manage in the enterprise.
Post by bk
Post by bk
(resending from correct account)
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software <snip>. Any advising?
Signature-based AV is a dead technology. Updates don't get released
until hours after you're already infected, so all it really ends up doing is
being a resource-suck on your CPUs and hard-disk access.
Post by bk
My recommendation: Buy whatever has the highest composite score for ease
of management, limited resource consumption, and affordability.
Post by bk
Anyone who says "get Vendor X" or "get Brand Y" without telling you what
selection criteria they used is a tool. How do you know if what is
important to you was also important to them in making the selection?
If you've got a decent perimeter, it should keep the threats out for
some time, but I tend to agree. AV these days is starting to be more
about detection than prevention - it will at least highlight that you
have a problem so you can deal with it. Think of it as part of your
intrusion detection if it helps.
Oh, and somewhere I used to work ran two separate AV products on the
mail gateway, and then a third on desktops on servers. I suspect this
was more about licensing models (couldn't do per-seat for email as we
had >100k email addresses) than paranoia, but it did help out
considerably to have independent engines.
cheers,
Jamie
--
http://uk.linkedin.com/in/jamieriden
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."
Brian Keefer
2010-10-26 17:39:43 UTC
Permalink
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software <snip>. Any advising?
Signature-based AV is a dead technology. Updates don't get released until hours after you're already infected, so all it really ends up doing is being a resource-suck on your CPUs and hard-disk access.

My recommendation: Buy whatever has the highest composite score for ease of management, limited resource consumption, and affordability.

Anyone who says "get Vendor X" or "get Brand Y" without telling you what selection criteria they used is a tool. How do you know if what is important to you was also important to them in making the selection?

Run zero-hour threat detection on your e-mail gateway, and force your users through a proxy that does content scanning for web threats. Make sure you don't get duped by vendors who sell "network virus detection" in their products that is actually just a tiny sub-set of some vendor's signatures that are rarely updated (a lot of firewalls do this). You want something that is based on anomaly detection and has the ability to detect emerging threats.

Getting an update 9 hours after the virus is released isn't any better than not having AV at all, and I'd argue that due to license costs and performance impact, it's actually worse. You're better off just setting aside budget for virus clean-up and employee education... Too bad auditors don't see it that way.

--
bk
p***@bailey.st
2010-10-26 14:53:26 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software to replace our current AVG having in our eyes poor detection and removal capability. Reviews bring really mixed results as "nothin's perfect". Access to logs and relible management control features are important as well. Any advising?
Thank you
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
Hello,

I had good experiences with Nod32, fast and with a centralized update
and management consolle. http://www.eset.com/business

Best,

Phillip


- --
(Spsa) Snorby Preconfigured Security Application:
http://bailey.st/blog/snorby-spsa/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJMxutgAAoJENNBJKHbaDgT2vgIALgYHRLwJpResZ3fXsyB9Tv3
PrgpiwIoLcjm2sw7xt/rGopHj7uKO8DcnqzxwpSe3NmICOR7Gw+KH/qtDjGEUw66
WM5kC7+EWwdFchPiU/nIB4ISEJadR/K6flQpoGC9tFO+oiMlOkjQ+XUpAo3/KWWz
T8tBq00uAnApb72o2JCWkCAlry/2AsSiNk3WXN6qODydVxWIW+3kqI/bdFrksEtI
sPk7YuLMXRVND0B3RRFGC+BO2oT2rFkDsDfNxY59Dju7fkJNjtPIyc/pneSM/3dD
Qy10plcUHnIgvyXnEhQOk1t/xn4ehlWeejKJkNkbY+kfOQeJ9j6t4NNurkHp5/E=
=jlat
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Michal
2010-10-27 07:44:55 UTC
Permalink
Post by p***@bailey.st
Hello,
I had good experiences with Nod32, fast and with a centralized update
and management consolle. http://www.eset.com/business
Best,
Phillip
I can vouch for that

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Josh Browning
2010-10-26 16:22:44 UTC
Permalink
We use Symantec Endpoint protection. Have had a few minor issues with it,
over all ok.
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software to replace our current AVG
having in our eyes poor detection and removal capability. Reviews bring
really mixed results as “nothin’s perfect”. Access to logs and relible
management control features are important as well. Any advising?
Thank you
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Elazar Broad
2010-10-27 17:09:39 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+1 for Vipre, its cheap(about $10 or less per seat, per year),
generally resource conscious and pretty granular centralized policy

management and last but not least, its detection and fp to fn ratio
is pretty solid. Aside from a recent issues with its Outlook
plugin(which have been fixed) and some engine update deployment
issues on a handful of machines(there is a workaround), my overall
experience has been quite good.

On Wed, 27 Oct 2010 06:36:24 -0400 James Rankin
Post by James Rankin
Ditto on the belt and braces approach.
I've had a lot of good experiences with Sunbelt's Vipre product.
It is
extremely easy to deploy and manage in the enterprise.
Post by bk
Post by bk
(resending from correct account)
Post by Mikhail A. Utin
Folks,
We are looking an enterprise level AV-software <snip>. Any
advising?
Post by bk
Post by bk
Signature-based AV is a dead technology. Updates don't get
released
Post by bk
until hours after you're already infected, so all it really ends
up doing is
Post by bk
being a resource-suck on your CPUs and hard-disk access.
Post by bk
My recommendation: Buy whatever has the highest composite
score for ease
Post by bk
of management, limited resource consumption, and affordability.
Post by bk
Anyone who says "get Vendor X" or "get Brand Y" without
telling you what
Post by bk
selection criteria they used is a tool. How do you know if what
is
Post by bk
important to you was also important to them in making the
selection?
Post by bk
If you've got a decent perimeter, it should keep the threats out
for
Post by bk
some time, but I tend to agree. AV these days is starting to be
more
Post by bk
about detection than prevention - it will at least highlight
that you
Post by bk
have a problem so you can deal with it. Think of it as part of
your
Post by bk
intrusion detection if it helps.
Oh, and somewhere I used to work ran two separate AV products on
the
Post by bk
mail gateway, and then a third on desktops on servers. I suspect
this
Post by bk
was more about licensing models (couldn't do per-seat for email
as we
Post by bk
had >100k email addresses) than paranoia, but it did help out
considerably to have independent engines.
cheers,
Jamie
--
http://uk.linkedin.com/in/jamieriden
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you
put into
the machine wrong figures, will the right answers come out?' I am
not able
rightly to apprehend the kind of confusion of ideas that could
provoke such
a question."
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAkzIXNQACgkQi04xwClgpZh7/AP9FmLXwe93hL0OnOMMhiJ8K5oU7Ato
VjUiFNaj/Ycs4COh8LUrKJ0rTCseX5ye0AThaXJpiXgLs0kxxkrFbQQBF0zhCsTyWivL
E+vGcId/B8D2C46NfEvPgNsLtd96sRYY6e0qoV42+vEX08aiV/3rlRM9xKnXsk9i91Kt
JURFGks=
=/He8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Loading...