Product Details

Product Rating

Antigen for Exchange

F-Secure Policy Manager

Gordano Messaging Suite

LANDesk Management Suite

McAfee ePolicy Orchestrator

Sophos Enterprise Manager and Sophos Anti-Virus

Trend Micro Enterprise Manager

ViRobot Management Server

clear float

• Products Homepage
• Browse Group Tests

AV management (2003)

An anti-virus solution may be highly effective, but unless it can be properly managed, it will not be possible to protect an enterprise completely. By Jon Tullett

Modern anti-virus is very good at identifying known threats. It is uncommon for us to test an AV solution which fails to identify over 99 percent of signatures we throw at it. But that is not enough for enterprise deployment, where responsiveness and reaction time are far more important.

With most engines doing their job well, the differentiator comes in management. How easy is it to deploy the scanning engine onto remote systems? Can you get detailed reports on systems which are behind on their signature updates? Are you able to effectively manage a virus outbreak in any part of your organization?

These questions are indicative of what we demanded of the products submitted for this Group Test, looking for those able to fit into a large, distributed environment with a particular need to efficiently manage every component.

Beyond the basics

There were a number of key areas we expected all solutions to handle, such as effectively managing the process of deploying signature updates to clients, reporting incidents and generating audits of where software was installed. With varying degrees of fluency, all the products handled the basics well.

We also looked for security-specific features, such as authenticated access to admin tools and secure communication between agents and servers. Efficiency and scalability are also important.

Although most of the products we received are anti-virus solutions, or components of such solutions, we were not testing their ability to detect and block viruses, except to check that policies had been correctly applied.

The most obvious area of differentiation came in interfaces. The Microsoft Management Console (MMC) provides a consistent framework for independent software vendors, and it was not surprising that many of these vendors had provided management agents which made use of it. This also provides a way to consolidate more than one management interface.

Managing to manage

Any large company (and many a small one) needs remote management too, and that typically has two solutions outside the MMC framework: a custom admin tool which runs on remote systems and connects back to an upstream management server, or a web-based interface which simply displays resources that are running elsewhere.

In a day when platform independence is becoming more important, remote management becomes more significant. Porting a proprietary management tool is much more difficult than providing a run-anywhere web interface. Many of the vendors offering browser-based consoles are still tightly tied to their Windows roots, with products requiring Internet Explorer or custom ActiveX controls. F-Secure's Java client and Gordano's web interface were the only truly platform-independent consoles here.

Virus protection has long since ceased to be about desktop agents. Anti-virus solutions today consist of multiple agents offering protection at the many points of ingress into the corporate network, and at every location where data may be at risk. This includes mail servers, internet gateways, file servers and desktop PCs.

Very few vendors offer agents designed for all of these environments. Realistically, enterprise-wide anti-virus means managing multiple products, probably on multiple platforms.

That is not a bad thing: the coverage you get from using different scanning engines at various stages can be more effective than trusting a single vendor's AV to catch every incident. Some of the larger players offer the ability to include third-party engines within their product, or to manage other vendor's software on client systems.

In large enterprises, Unix is still strong, and in every size company, Linux is increasingly common in many roles. Today's viruses are typically written to target the dominant Windows platforms, but although Linux systems are normally not affected, gateway protection to detect viruses in transit is essential. It was good to see several of the vendors offering solutions for Linux and Unix systems, though in general the management interfaces still require Windows systems.

Some assembly needed

Ultimately, enterprise anti-virus management is a fine-tuned subset of network and software management. Deployment, reporting, auditing, policy enforcement - all the basics are there. The parameters are different but the best practices still apply, so what we are seeing in effect is the anti-virus vendors moving into a much bigger market.

Gobal HAURI's ViRobot showed what some of the potential is here, offering definite network management systems features that are useful even without its anti-virus engine. Most performed well, either as umbrella systems or in specific niches, but the occasional rough edge served as a reminder this is still a competitive market.