March 2010 IT Business Consulting Newsletter

Protect Your Company from Viruses and Malware

with Enterprise Anti Virus Systems

By Tom K

As mentioned in the introductory article "Introducing Computing Resource Maintenance, Management, and Monitoring", providing complete and comprehensive Anti Virus and Anti Malware protection across your Enterprise is one of the most important things you MUST do to safeguard your company’s computing resources. This article discusses the ins and outs of desktop Anti Virus & Anti Malware protection, specifically for the Enterprise environment.

Hopefully, you are all aware of the dangers presented to your computing resources by Viruses and Malware (Spyware, Adware, etc). These nasties are everywhere, and can infect your resources through email, web sites, CDs, thumb drives (memory sticks), and network file transfers. Some infect immediately, some require the user to perform an action. All create inconvenience at best, and often more daunting financial or reputation loss.

Most of you employ Anti Virus and Anti Malware solutions to some extent, BUT... Are you sure ALL of your PCs and Servers are properly protected and definitions are completely up to date? Do you know when a definition update fails, a PC or Server misses a scheduled scan, or a virus sneaks through? Do you NOT have to rely on your users to keep your computer definitions up to date, scan your computers, or monitor viral activity? If you answered “No” or “I’m not sure” to any of these, your Company is at risk!

The above scenarios are all easily mitigated using Enterprise Anti Virus (AV) systems that have been properly installed and configured, and are being properly monitored.

The actual AV client that runs on each computer is relatively the same between any given provider’s consumer product & Enterprise product. They typically use the same AV engine & the same virus definition files. The difference lies in the Enterprise Management Console, which provides easy deployment of pre-configured clients across your whole environment (even multiple sites), allows you to edit client configurations en masse, to monitor all AV clients to ensure they are doing their jobs properly, to effect immediate Enterprise action to kill a company-wide infection, and to remove the users’ ability to modify the AV clients’ configuration, or worse, to disable the AV client.

While the Enterprise AV Console provides tools to deploy and manage all of your AV clients, it also provides an easy to read, real-time display of the status of all of your AV clients. The status includes AV Engine version, status of the AV Engine, virus definition file ID, last scan time and date, any nasties that were found, and the status of the nasties. In one quick daily glance, you’ll immediately see if ANY device in your environment has an AV issue, what it is, and what you might need to do to correct it. The better products can also send immediate email alerts whenever an AV client reports an issue… Sweet!

Enterprise AV Consoles also provide reporting capabilities, which vary in functionality and value from provider to provider. In general, the reports can be used to track trends across your environment, highlight users who seem to get more than the usual amount of viral activity, which viruses are most often trying to break through, and where the viruses are originating. The better products have customizable reports, and will run scheduled reports and email them to one or more staff.

All the major players in the Anti Virus space have Enterprise solutions. These solutions all include Anti Malware components in varying degrees. The Enterprise products generally cost about the same as their stand-alone consumer products, although a few of the newer Enterprise offerings actually cost much less per seat than their equivalent consumer products.

So how do you select your Enterprise Anti Virus solution? We recommend you not focus on big name recognition or previous reputation, as the technology has evolved and bigger doesn’t necessarily mean better (when’s the last time you flew TWA?)

  • All Enterprise solutions work reasonably well in recognizing and removing Viruses, but they vary considerably when it comes to protecting against Malware. Investigate whether Malware protection is core to the product, or just plugged in as an after product.
  • Check the computing resources used by the product. If an Anti Virus product uses enough internal resources to slow down your computers, your users will rebel or figure a way to circumvent the protection.
  • Evaluate the Enterprise Console. This is the control center so it needs to be easy to use, intuitive, very informative, and well organized.
  • Check for ease of installation and upgrades.
  • Evaluate ease of management & monitoring, the types of alerts the system generates (email?), and usability of the internal reports.
  • What is the support policy, how good is their support, is it free, and is their call center in the USA?
  • What is the cost, not only for the initial purchase but for annual renewals?

Our philosophy has always been to NEVER rely on a user to secure his PC. That’s not his job! Deploy an Enterprise solution that makes it easy to provide security across your whole environment. The right product may cost considerably less than the equivalent consumer product, and may even pay for itself (ROI) in reduced costs vs. deploying and managing your current solution.

If you have questions or comments concerning this article, I’d be happy to discuss them with you at your convenience. Feel free to contact me at, or via my cell 443.310.5110.

Note that this article focuses on general protection for your PCs and Servers. It is important to “layer” your defenses and provide additional specific protection to scan email and erradicate Spam. We discuss Email Anti-Virus and Spam Filtering in our April article, "Got Spam? Eradicate Spam and Email Viruses BEFORE they get to Your Environment!".