DO consider software as a service. As in other product areas, many vendors are delivering some antivirus capabilities as a service, such as antimalware, reputation services, signature updating and reporting. This can be more cost-effective, and although larger enterprises may keep most capabilities in-house, according to Blum, users might adopt a hybrid model in which they use on-premises systems for the centralized workforce, but SaaS for users in outlying offices.
In some cases, vendors are using a hybrid software and services model to offer additional or beefed-up capabilities, such as multiple scanning engines or a reputation database. "It's a way to provide something much greater than what you can cram on a single CD," Blum says.
DO have a zero-day attack strategy. A major weakness with today's systems is protection against zero-day attacks. "There's a pretty high failure rate, as high as 50 percent, when a typical package is faced with a new type of malware it hasn't seen before," Blum says.
The packaged food company offsets the problem through a desktop lockdown strategy. Working on the premise that most malware operate by trying to write to the registry, the system folder or the root of the drive, the company has configured its desktops to prohibit that behavior.
DON'T forget malware removal capability. It's one thing to detect a virus and quite another to clean up the damage. A big reason Bell chose Sophos is because in the years he was using other systems, such as Trend Micro, McAfee and Symantec, he always noticed that Sophos offered removal tools before other vendors did. In fact, after being infected twice in the last couple of years by a virus that caused his company's PCs to send spam, he used tools from Sophos to remove it. "That protection became a big deciding factor for our company to switch over," he says. His current system didn't recognize the virus, he says.
Similarly, Amos says Forefront's cleanup and removal capabilities are superior to his former system's. "It would notify us but was unable to clean it because what was infected was an open file or a system file that it couldn't act on," he says. It required the desktop group to boot the machine in safe mode and manually remove entries in the registry or delete files. With Forefront, that work is unnecessary, reducing labor by one headcount in the desktop group, he says.
DO consider costs carefully. With ever-expanding security needs on the desktop, users are seeking ways to reduce costs. According to Lambert, a best-of-breed client security tool such as antimalware has an average list price per PC of $40 (and up to $80 for other tools such as full-disk encryption).
One way to keep costs down is to get as much coverage as possible with one system. The food company, for instance, has reduced its total cost of ownership by reducing the number of security consoles it needs to manage.