Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: looking for enterprise AV solution
From: "Elazar Broad" <elazar () hushmail com>
Date: Wed, 27 Oct 2010 13:09:39 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+1 for Vipre, its cheap(about $10 or less per seat, per year),
generally resource conscious and pretty granular centralized policy

management and last but not least, its detection and fp to fn ratio
is pretty solid. Aside from a recent issues with its Outlook
plugin(which have been fixed) and some engine update deployment
issues on a handful of machines(there is a workaround), my overall
experience has been quite good.

On Wed, 27 Oct 2010 06:36:24 -0400 James Rankin
<kz20fl () googlemail com> wrote:
Ditto on the belt and braces approach.

I've had a lot of good experiences with Sunbelt's Vipre product.
It is
extremely easy to deploy and manage in the enterprise.

On 27 October 2010 11:32, Jamie Riden <jamie.riden () gmail com>
wrote:

On 26 October 2010 19:26, bk <chort0 () gmail com> wrote:
(resending from correct account)
On Oct 26, 2010, at 6:55 AM, Mikhail A. Utin wrote:

Folks,
We are looking an enterprise level AV-software <snip>. Any
advising?

Signature-based AV is a dead technology.  Updates don't get
released
until hours after you're already infected, so all it really ends
up doing is
being a resource-suck on your CPUs and hard-disk access.

My recommendation:  Buy whatever has the highest composite
score for ease
of management, limited resource consumption, and affordability.

Anyone who says "get Vendor X" or "get Brand Y" without
telling you what
selection criteria they used is a tool.  How do you know if what
is
important to you was also important to them in making the
selection?

If you've got a decent perimeter, it should keep the threats out
for
some time, but I tend to agree. AV these days is starting to be
more
about detection than prevention - it will at least highlight
that you
have a problem so you can deal with it. Think of it as part of
your
intrusion detection if it helps.

Oh, and somewhere I used to work ran two separate AV products on
the
mail gateway, and then a third on desktops on servers. I suspect
this
was more about licensing models (couldn't do per-seat for email
as we
had >100k email addresses) than paranoia, but it did help out
considerably to have independent engines.

cheers,
 Jamie
--
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you
put into
the machine wrong figures, will the right answers come out?' I am
not able
rightly to apprehend the kind of confusion of ideas that could
provoke such
a question."
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAkzIXNQACgkQi04xwClgpZh7/AP9FmLXwe93hL0OnOMMhiJ8K5oU7Ato
VjUiFNaj/Ycs4COh8LUrKJ0rTCseX5ye0AThaXJpiXgLs0kxxkrFbQQBF0zhCsTyWivL
E+vGcId/B8D2C46NfEvPgNsLtd96sRYY6e0qoV42+vEX08aiV/3rlRM9xKnXsk9i91Kt
JURFGks=
=/He8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault