Realtime would venture to guess that virtually every computer network has had to deal with the downtime and expense of recovering from some type of malware infection. Naturally, prevention is less costly than recovery—but how do you choose from the myriad of antivirus or anti-malware solutions on the market? Let’s look at some things you should consider when choosing an enterprise antivirus product, and then you can check out the product comparison table to find the best one for your organization. Viruses, worms, and Trojans... Simply detecting and blocking a virus in an email is no longer sufficient. An antivirus program should detect viruses, worms, Trojan horses, Web threats, rootkits, and other forms of malware that threaten your network security. Solution should also give you the ability to block certain file types such as .exe, .bat, or .asp files.
Realtime can build comprehensive top-to-bottom antivirus and antispam solution on any platform you require.
* Choices, Choices
Today’s antivirus market includes products that protect file servers, email gateways, Web browsers, and desktops. They may be standalone products or part of an integrated security suite that might include a firewall, intrusion detection system (IDS), intrusion prevention system (IPS), Network Access Control (NAC), and spam filtering. You can choose from desktop solutions or server-side solutions that offer centralized control for deploying, configuring, and updating the software and that eradicate malware threats before they infiltrate your network. Security appliances as well as hosted and managed security solutions that outsource the management details of your security strategy are also gaining in popularity. Because of the wide array of solution types, we’ve limited the scope of this Buyer’s Guide to server-side enterprise antivirus products.
* Features and Functionality
At a minimum, your antivirus solution needs to be compatible with your enterprise OSs and be able to scale and grow with your organization’s needs. It should provide frequent automatic signature updates and alert generation when an event is detected. In addition to detection, your solution should provide quarantine or removal functionality and perhaps healing capabilities for suspicious content. Antivirus technology is continuously evolving, so here are some additional features and functionality you should keep in mind.
* Engines
Scanning engines—the more the merrier. Many antivirus solutions use more than one engine to scan for security threats. No antivirus scanning engine catches 100 percent of viruses. Therefore, using a product with multiple scanning engines can usually pick up the occasional virus or worm that might sneak by a single-engine product.
* Detection
Detection types—keeping up with new viruses and variants. Most antivirus products detect viruses by using signature-matching technology, which identifies a virus by a specific code sequence. But in today’s fast-evolving security environment, when new virus variants crop up by the minute, signature matching isn’t enough. Many products now use heuristic scanning and behavior monitoring to identify typical infection methods and suspicious behavior that might indicate virus variants before a signature is available. Unfortunately, these methods can also provide a high number of false positives.
* Scanning
Scanning options—what, where, when. Antivirus products should scan memory, all drives, and the registry. Many now offer scanning of removable devices such as USB drives. They should offer scheduled scans and on-demand scans, and many offer continuous background scanning. Another useful feature is the ability to whitelist items to be ignored or excluded during scans. Reports of the scan log files should be available or portable to your desired format. Reports are important tools for letting you see how many and which viruses have been blocked and where the most popular sources of infection are.
|
