It all depends on the environment

Solution recommendations

 I was reading a technical discussion board this past week and saw an interesting Discussion Item title. “What is the most effective Antivirus solution for the corporate sector?” – Unfortunately the response isn’t as simple as – Trend Micro, Symantec or McAfee. It depends upon the environment. It depends upon the business requirements. Antivirus software is just one component in a larger strategic risk response that needs to partner seamlessly in order to be truly effective.

Questions to ask/answer:

·         How big is the environment?

·         Are you in a regulated industry?

·         Are there multiple geographical locations? Multiple logical environments separated by firewalls?

·         What type of desktops? What type of servers? What OS?

·         Is the intention to use the same product across desktops and servers?

·         Is antivirus the only product in scope?  Is Malware protection also a requirement?

·         Are there mobile users?

·         Is there a need to provide remote live update functionality?

·         Is there a requirement for self-discovery of machines on the physical LAN that do not have antivirus installed on them?

·         What report types are expected and /or required? Should they be automated? Scheduled?

·         Will training be provided to the IT staff?

·         Are there other solutions, such as Intrusion Detection Systems in play?

·         Do you need to have a multi-tier notification tree configuration?

·         How will you manage licensing?

·         If a machine does not report in for “x” amount of time, what happens?

Where technology protection is concerned, there are few simple questions and even fewer simple solutions. Do your homework before making an information security-related product decision. It hurts your credibility to make a wrong decision, but it hurts your credibility even more if you’ve asked for the monies to buy an expensive, complicated system, only to find you don’t have the right resources to support the product. Don’t buy a Porsche if your environment only needs a Toyota. The same is true in reverse. There is no one-size-fits-all scenario.

                Once you’ve made a purchase decision, there are configuration decisions that need to be made, tested and documented. Winging it with anti-virus protection, in a corporate environment, could be compared to releasing killer bees in a planetarium filled with preschoolers. Somebody’s gonna get hurt.

                While a large part of your environment should be cookie-cutter, there is the 80/20 rule that says there will be exceptions to the standard configuration. Different types of servers will need specific rules set up to avoid degrading performance. Different environments (firewalled environments) may require additional servers to support them. OR you may wish to punch holes in your firewalls to allow the update server and the individual systems to communicate.

                These are the types of decisions that should not be made in a vacuum. Talk to your frontline engineers who will be supporting the product. Talk to your Information security group. Talk to your Internal Audit team. Talk to other organizations, your size, in your industry, to see how they handle antivirus in their environments.

                Last, but not least, are there written policies and procedures that have to be met or updated? Don’t let this part of your implementation go to the byway. If audited, these are the basis for the audit so make sure you cover this area. Not only will it protect your environment, it could well protect your job as well.