mailing list archives
Re: looking for enterprise AV solution
From: Jamie Riden <jamie.riden () gmail com>
Date: Wed, 27 Oct 2010 11:32:31 +0100
On 26 October 2010 19:26, bk <chort0 () gmail com> wrote:
(resending from correct account)
On Oct 26, 2010, at 6:55 AM, Mikhail A. Utin wrote:
We are looking an enterprise level AV-software <snip>. Any advising?
Signature-based AV is a dead technology. Updates don't get released until hours after you're already infected, so
all it really ends up doing is being a resource-suck on your CPUs and hard-disk access.
My recommendation: Buy whatever has the highest composite score for ease of management, limited resource
consumption, and affordability.
Anyone who says "get Vendor X" or "get Brand Y" without telling you what selection criteria they used is a tool. How
do you know if what is important to you was also important to them in making the selection?
If you've got a decent perimeter, it should keep the threats out for
some time, but I tend to agree. AV these days is starting to be more
about detection than prevention - it will at least highlight that you
have a problem so you can deal with it. Think of it as part of your
intrusion detection if it helps.
Oh, and somewhere I used to work ran two separate AV products on the
mail gateway, and then a third on desktops on servers. I suspect this
was more about licensing models (couldn't do per-seat for email as we
had >100k email addresses) than paranoia, but it did help out
considerably to have independent engines.
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/