Print This Post Print This Post

New Section – Share Your Opinion #1 – Antivirus and Endpoint Protection

Hi there,
I believe most of you security professionals face the same challenge as I do: an increasing number of problems to solve, and with it an increasing number of solutions. But how to choose? The idea of this new section is to provide all of you with a space to share your experience with fellow peers across the globe, either good or bad.

This section intends to go beyond the technology, and really evaluate the service as a whole (support, usage,  problems, etc.). How was it when you needed support during the night? What sort of issues did you encounter during implementation? Did it create problems you didn’t have before? Those are some questions to pose that only the collection of our experiences can provide us with a veredict.

Another factor worth mentioning is that no single security professional will have exposure to all the solutions in the market, so feel free to comment about other vendors and your experience as well!

Well, with enough said about the objective of this section, let me start with one of the first solutions a security professional will have to deal with: Malware/Endpoint protection. Since I have worked with this vendor across the globe, Symantec was the chosen one to debut this article with its endpoint Protection product.

Here we go!

The problem:

Viruses, malware and worms.


My company needs to install and endpoint solution across the environment, but with so many choices out there, which one should I proceed with?

The product:

Symantec Endpoint Solution

The pros:

Among all of the products I had a chance to work with, I can attest that Symantec is a very robust and reliable tool. For most of the time, their malware detection engine is efficient and the signatures are released on on a reasonable timeframe, which reduces the exposure of the environment.

As for unidentified threats, an environment I once managed got infected with a zero-day vulnerability and the whole network went haywire. Upon isolating the malware and submitting it to Symantec, it took around 6h from when I submitted the sample to receiving a signature that effectively cleaned the environment. A bit long when systems are shutting down left and right, but given the amount of reports they might receive and the coding/QA of the vaccine/hotfix, I would say it was a reasonable response. From a customer service perspective I found it very responsive, and we were kept well informed about the progress.
As for the rolling out of the product, despite minor glitches with machines traversing dial up links, we successfully migrated thousands of hosts from its previous versions, as well as machines using another vendor’s product due to a recent merge the company had gone through.

No related content found.

Pages: 1 2

5 comments to New Section – Share Your Opinion #1 – Antivirus and Endpoint Protection

  • James R. Marcus

    Lots of interesting opinions here. I’m pretty shocked at how many people are still using Symantec. For the years I used Symantec I was surprised how much got through,and I felt their support sucked. I have also used TrendMicro. But my favorite is McAfee EPO/AV. It didn’t kill performance on my machines, and although it was definitely an enterprise product I didn’t feel that it was over-bloated. Definitely takes some effort to learn. I use it in a PCI-DSS Level 1 Service Provider environment.

  • Fernando Bacchin

    My company uses Symantec AV solution since version 7. I’m in charge of it’s operation since version 10 , have done the rollout to SEP11 and now preparing to 12.

    I’ve worked with CA and McAfee software before and would say that their security level (in terms of signature-based protection) are pretty much the same. Symantec support seems to be better and buying their premium or BCS support doesn’t change too much.
    I agreed with you regarding version-changing, Symantec does it with such a frequency that I hate it !

    Symantec software is also a memory/cpu eater, but that’s something your end-user will get used to after a while.

    In general, I believe there’s a reason for a company to be #1 and when you have to decide which way to go for a huge environment you cannot assume the risk of choosing such a beginner company as Sunbelt .

    They may be the best on performance but they do not have (yet) a structure to support a global company with thousand endpoints. And this is something you must consider when making a decision for your business.

    My opinion.

  • Fernando Bacchin

    My company uses Symantec AV solution since version 7. I’m in charge of it’s operation since version 10 , have done the rollout to SEP11 and now preparing to 12.

    I’ve worked with CA and MacAfee software before and would say that their security level (in terms of signature-based protection) are pretty much the same. Symantec support seems to be better and buying their premium or BCS support doesn’t change too much.

    I agreed with you regarding version-changing, Symantec does it with such a frequency that I hate it !

    Symantec software is also a memory/cpu eater, but that’s something your end-user will get used to after a while.

    In general, I believe there’s a reason for a company to be #1 and when you have to decide a solution for huge environments you cannot assume the risk to choice such a beginner company as Sunbelt .

    They may be the best on performance but they do not have (yet) a structure to support a global company with thousand endpoints. And this is something you must consider when making a decision for your business.

    My opinion.

  • Naveen Sharma

    Hi,

    I have never come across VIPRE in the enterprise environments but will be interesting to see the managemet support tools and vendor support.

    Sopos is yet another promising product. Irrepective you the product, Software whitelisting is another tools avilable which has management capability via group policies.

    Regards

    Naveen

  • I have used all kinds of AV solutions over the decades of experience that I have — and over the last several years, I have firmly dispensed with both symantec and McAfee for similar reasons. These programs are HUGE, over-bloated resource hogs and absolutely kill performance on the systems they reside upon.

    About 2 years ago, I ran tests personally on about 10-12 different AV packages to test them for performance, ability to eliminate threats, etc. While many were good, the one that came out on the top for me is VIPRE — it is an amazing product and does an exceptional job of keeping your resources available for the USER instead of hogging it all for itself to run.

    I have deployed VIPRE to my clients and they have been SO happy to get rid of McAfee and Symantec (both of which I used to resell) and the performance impovement they had was so significant that they felt they had new servers and workstations.

    Anyway, that’s my 2 cents…for what it’s worth…

    Gregory Powell
    CISSP, MCSE, MCP+I,
    CompTIA A+, Security+, Network+

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>