The director of information security at a large manufacturer of packaged foods agrees. He says his company has been able to reduce the number of security products his organization manages as Trend Micro has added features and capabilities, such as client firewall management and spyware removal. Whereas his organization used to have five or six consoles to manage security products, it is now down to two.
Michael Bell, senior network engineer at marketing firm CMS Direct in Minneapolis, values the fact that Sophos includes many layers of security in one package; in fact, he's looking forward to Sophos integrating a client firewall, which is currently offered as a separate module.
DON'T accept poor performance. Antivirus software is renowned for being a resource hog, but some vendors are putting a premium on being performance-oriented. For instance, according to Bell, Sophos uses techniques such as indexing to perform fewer resource-intensive scans.
Robert Amos, manager of infrastructure systems at NuStar Energy, also sees performance improvements over his former system now that he uses Microsoft Forefront. A lot of antivirus products he's used had huge performance issues, he says, but Forefront performs a scan every six hours, and Amos says he's not always aware when it's running.
DO investigate whitelisting. Whitelisting, or application control, is an emerging capability that Lambert says is superior to HIPS because it prevents malware from running on systems rather than monitoring activity. With whitelisting, administrators maintain a list of approved applications for their environment, disallowing non-approved software from running.
The problem with whitelisting, says Oltsik, is that in a Web 2.0 world, people often download new software, whether for their own productivity or their personal use. It may work well in a fixed function, such as order entry or the call center, he says, but if you have people communicating with outside partners, or marketing people doing research, "you'll be forever getting calls from people who are trying to download and can't," he says. "The question is how draconian you want to be in your enforcement," he says."
DO research other emerging client security tools. In addition to whitelisting, according to Lambert, there are four additional emerging tools that should be considered in endpoint protection, as they solve more complex threats. These include device control, which lets administrators create policy around acceptable devices that can or can't be accessed by a PC; full-disk encryption, which encrypts the hard drive when the machine is shut down; file encryption, which protects individual files when users save them to a designated location; and data leak prevention, which monitors and enforces data usage policy. Typically, less than 30 percent of organizations have invested in these tools, she says, but security managers should begin to experiment with them.