Amos is enjoying cost savings of $35,000 per year by using Forefront, mainly because of a change in Microsoft's licensing policy. His company had been using Forefront to protect SharePoint and Exchange, but he didn't even consider this software when he was researching new antivirus software for the PC environment. This was mainly because the PC and server environments were administered through separate infrastructures. His top reason for seeking a new antivirus vendor was to reduce the cost per machine. Any new product, however, would have required a complete redesign of how the current infrastructure collected signatures and did reporting, mainly because the company has a very distributed environment-100 locations outside of corporate headquarters.
It happened to come up in conversation that as part of its enterprise licensing agreement, the company could use Forefront for its workstations, with no additional charge. Now, Amos uses one standardized tool to protect, monitor and report across all systems. "We have a small staff, with one person wearing multiple hats, so the more there is in one single application for them to become familiar with, the better use of that resource," he says. Forefront is also integrated with Active Directory, which enables easy distribution to new machines, he says.
Burton Group's Enterprise Antivirus Selection Criteria
Enterprise AV selection considerations, according to Burton Group analyst Dan Blum:
- Price. Inquire about annual subscription costs and additional charges for antispyware, cleaning, host intrusion protection system capabilities, etc. Ask whether suite pricing is flexible if you don't require every module.
- Scanning engine. Are there multiple agents for antivirus, antispyware, application control, etc.? If so, do they cause management or performance inefficiencies?
- Behavior-blocking functionality. Does the system monitor system calls to prevent vulnerability exploitation attempts?
- System firewall. Does it provide blacklists and whitelists for addresses and domains?
- Application control (whitelisting). Does it provide up-to-date and customizable whitelists and blacklists? A learning engine?
- Cleaning/remediation. Does it provide virus, spyware and difficult rootkit cleaning?
- Client updates. How large and frequent are signature and other updates? This can range from one per day to multiple updates per day.