Looking for enterprise antivirus advice 1

[kmcferrin]

Hello all, I didn't see a general AV forum so I thought I'd ask this here. What do you guys recommend for an enterprise antivirus solution and why? Currently we have McAfee Enterprise 7.0 with EPO and Groupshield for Exchange. It seems to work well, but we're at the point where we need to renew our current agreement and I'm interested in the other alternatives. I will say that I was a little put off with an issue that McAfee had this past year that caused STORE.EXE to go to 100% utilization on my Exchange boxes.

I haven't used Norton's corporate edition for 5 or 6 years, but I have used it at home for several years and generally like it. They also have some nice extras in their Enterprise edition that I am interested in (like their web proxy, Brightmail plugins, etc).

I haven't used Trend before and don't know what they have to offer.

Features that I am looking for:

1. Something that offers a high level of AV protection, i.e., a high detection rate.

2. Something that has centralized management and deployment capability for both program and definition updates, but requires minimal managment.

3. Something that is updated regularly, at least once a week.

4. Something that offers email protection on Exchange 2000.

5. Any extra included features that sweeten the deal.

I generally know what's out there, but what I'm looking for is opinions on what you think works best and why. Anyone?

 

[aquias]

Well, my main choice for antivirus is Symantec. I've toyed with many on a home user level but this is my enterprise solution of choice...

1. I don't believe I need to tout that they are a reliably detection tool.

2. Symantecs System control Console is...well, nice. From one location you can control when updates are done, apply rules to machines (creating groups to apply different rules to), create and push custom installs of the program, and a variety of other tools.

3. Live Update is updated weekly, unless there's a severe outbreak then an emergency update is released.

4. I don't use Exchange here, but there are plugins and customize to monitor Exchange servers, and using Outlook 2002 it catches attachments/E-Mails on the local machine with virus'.

5. It's easy...this is, one of the easiest deployments I've done. In addition to moving from one server to another, without having to touch any of the machines.

I know some people don't like Symantec, but I stand by this AV program. So long as it is configured right and you monitor what is attacking the web (as you should anyways) it gives me all the bang for my buck I could ask for.

 

[2ffat]

Not wanting to start an AV war . . . but since you asked, here goes.

We've been using Sophos for several years and have been very pleased with their products. Very reliable, auto-updates, excellent support, several options (Small business edition, email protection, spam protection [I've never used this so I can't comments]), works on Windows, Netware, *nix, Apple, etc.



James P. Cottingham
-----------------------------------------
^{To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.}

 

[aquias]

That's it!!!! Where's my gun!!!!!

2ffat, part of the fun on these forums is starting a "war", debating a topic is part of us getting a better handle on things...and as a blonde, I need all the help I can get.

 

[2ffat]

Aguias,



James P. Cottingham
-----------------------------------------
^{To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.}

 

[devastator]

We use Symantec Corp Version 9 and we have had success with it. I also use McAfee's Command Line scanner for emails coming into our SPAM filtering software. I like everything it can do and i like the fact that it works on our MAC stations with a separate piece of software that allows you to push updates to them (MAC'S) as well, from a MAC OS X Server of course. Not so much for viruses aimed at the MAC's but with email and something that might get through to the MAC's I didn't want them to infect the rest of the network with a windows virus so that was part of evaluation.

$.02

~|~




I don’t know half of you half as well as I should like, and I like less than half of you half as well as you deserve. ~ Baggins

 

[Kesser]

I have recently been trialing Bit Defender and have so far been very impressed - it picks up a lot of stuff that all other products don't ....

http://www.bitdefender.com

Kes

 

[kmcferrin]

Strange. I hadn't heard of BitDefender before, but it looks oddly familiar. When I saw their website I first thought that I was at the site for Trend Micro's antivirus products. I started looking through some of the BitDefender documentation and the interface is almost the spitting image of Symantec's antivirus software. Even their automatic update service is called "Live! Update" (very similar to Symantec's). I know that they say that "good writers borrow and great writers steal outright," but the whole thing looks very peculiar to me.

 

[aquias]

good writers borrow and great writers steal outright

I've never heard that one before but I like it!

 

[2ffat]

BitDefender made headlines recently when a famous anti-virus company accidently placed an ad on their web site saying they could stop the "BitDefender virus." Opps!!!


James P. Cottingham
-----------------------------------------
^{To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.}

 

[kmcferrin]

I've been reading some reviews of them from a couple magazines, and it doesn't look good. PC Mag says that that BitDefender is ICSA certified for detecting viruses, but not removing them. Apparently the bundled apps that come in their package (anti-spam, spyware, firewall) are sub-par as well.

Trend didn't look so good either.

 

[Mike2287]

I'd say Symantec Corp. Like Aquias said the Management console is great. I use the inteligent updater that get updated definitions daily. I update my main server and the servers at 4 other site I have pull the update from it and pass it on to the workstations.

 

[Kesser]

I take it back about Bit Defender, though it does pick up a lot of stuff, it is very buggy and was stopping email coming in and generally making machines flakey.

Kes

 

[de1458]

we use symantec ent. ed., server, desktop, exchnage, smtp(gateway), and web security. are all included, just like Mike and Aquias, very easy to do thing around with the console, and we are looking forward to March to see if their new v10 with spyware scanning ability will be easy to manage as it AV console, but that has to wait and see.
if you are looking forward to get an security appliance though, there is another story. vendors like sonicwall and some cisco gateway products are integrated(loosely) AV with trend micro AV server in LAN or DMZ. So if you plan to stop virus, spyware from the gateway, which is a preferable way to do, trend micro might save little bit money.
I would say, upgrade the gateway is more important and have a sense of active defense, since most firewall and router will not able to scan http traffic so virus and spyware can take the advantage and enter the network, if a security appliance is there, block them in the gateway so more time for party.
there are many security appliances from, netscreen, sonicwall, symantec, fortinet, and so on, will do AV, anti-spyware, anti-spam, IDS/IPS on http, smtp, and vpn traffic, so even spyware can be detected even they are piggy back on http traffic.

 

[de1458]

hitting the submit button too soon,

some security appliances can set in a transparent mode so that almost no change to the network topology, just add it between you firewall/router and LAN/dmz. but most vendor offers only gateway products. we use fortinet and tried both gateway and transparent mode it works equally great.

 

[lgarner]

I've had great results from Trend Micro. Previously used CA, then Symantec, then McAfee.

 

[kmcferrin]

de1458,

We actually use Fortinet products for our firewalls/gateway scanning. They're not too bad, but I still see a fair number of viruses that make it to my Exchange server, even though the NIDS are up to date, etc. I really hate using them for dialup VPN access though, so I was looking at something from Cisco to replace them. I had completely forgotten about transparent mode, but using it would still allow us to leverage our investment in the Fortigates while taking advantage of the Cisco kit.

I'm leaning pretty heavily towards Symantec now. They seem to offer quite a bit in their Enterprise package, and I know that they are part of Cisco's NACS initiative (which my director is absolutely drooling over).

Thanks for all of your suggestions!

 

[de1458]

km,

here is what we found and there are already some discussions on fortinet forum about using symantec at the back, when they found out it only happen with symantec AV but not from other vendors, it might be false alarm from symantec, I want to test it too if my vmware, version 5 does cloning but released yet, can clone the os.

we use fortinet but I am not recommand it, it is too buggy and wonder how it actually works. actually I would like to try either sonicwall or netscreen(juniper), we are smb can't really affort cisco, but they need a third party AV server in LAN or DMZ like the cisco and none of them likes symantect, you know how much work/$ to re-depoly or swap a whole new AV software on all computers.

 

[aquias]

No Sonicwall!!! Maybe it is just me but I'm really not a big fan of Sonicwall's interface or the support provided by them. I've never used Netscreen but I'd suggest look that way first.

 

[Mike2287]

I've got sonicwalls at 6 sites but I'm just using them as Firewalls and site to site VPN's. They were ok 3 years ago but like aquias said support is worthless. Firmware upgrades are buggy. I upgraded the firmware at my main site and it knocked out the VPNs to all sites. There answer was yea theres a problem with the new firmware you'll need to roll it back.

If it werent for the $$ involved and 3 sites in different countrys I'd be looking for new ones.