How to Evaluate, Compare and Implement Enterprise Antivirus

Performance counts, but CISOs and analysts say it's not by any means the only point for comparison

Antivirus software has been around-well, nearly as long as viruses. But thanks to the ever-growing variety of threats to the PC environment, this is a fast-changing market that is undergoing two major trends:

1. Movement beyond signature-based protection. Malware is constantly growing and mutating, making it impossible for vendors to identify and protect against individual threats using signatures. Consider that in the spring, Symantec announced it had detected nearly 1.7 million malicious code threats since it began tracking them in 2007, representing a 265 percent growth in malicious code signatures.

In addition to signatures, vendors now use additional techniques, such as application control (also called whitelisting), which allows only approved code to run; and host intrusion protection systems (HIPS), also called heuristics, which monitors code behavior. If behavior deviates from "normal," HIPS deems it suspicious or malicious and prevents it from running. HIPS works in preexecution mode, runtime mode or both.

2. Expanded functionality. Many of the large antivirus software vendors have expanded their stand-alone tools into suites that not only guard against malware but protect against hackers and data loss.

"The general trend is that security software on the endpoint is getting fatter and more fully functional," says John Oltsik, an analyst with Enterprise Strategy Group (ESG). Specifically, antivirus, antispyware and firewall software is merging with endpoint operations, data loss prevention and full-disk encryption, he says. Another capability that is commonly offered is network access control, adds Natalie Lambert, an analyst at Forrester Research. These tools control client access to networks based on their compliance with policy, she says.

In some cases, vendors are also merging security with operational functionality, such as patch and configuration management, endpoint provisioning and backup. "The larger vendors will sell security alone, but they're convincing customers that they ought to manage it all as one thing," Oltsik says. It will be a slow uptake, he says. "Right now, the products and technology are two years ahead of where IT organizations are," he says.

Enterprise Antivirus DOs and DON'Ts

DO consider the suite advantage. According to Lambert, the prime AV differentiation is what vendors are bundling into their client security suites. Increasingly, as users face challenges ranging from malicious code to data loss and insecure machines connecting to the corporate network, they want to solve them in a single sweep, not with point products. "Every product you put on the machine will slow it down more, add another console to manage and add another license and something you have to buy," Lambert says. "Why take the hit several times when you can get a less expensive product with more capabilities from one vendor?"

Join the CSO newsletter!

Error: Please check your email address.

Tags anti virus

More about Burton GroupCMSetworkForrester ResearchIPSMcAfee AustraliaMicrosoftSophosSymantecTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mary Brandel

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts