This month we look at malware, but we do not look as much at various anti-malware programs as we do at the best ways to manage various forms of viruses, worms, and more. Specific anti-malware programs are well covered in technical reports by our sister organization West Coast Labs. Such issues as catch rates are their province and they do a fine job of them. What we want to discuss this month are the tools that you can use to bring those individual programs to the enterprise.
In past years, the idea of anti-malware management was a bit narrowly focused. This year, we see that there are several approaches to coping with malware of various types on the enterprise. We look at two specific categories of those tools: management systems and gateways.
Mike Lipinski looks at management systems and he tells us that malware management systems take a couple of approaches. One is the more traditional approach of the anti-virus products: scan and identify. The other is a more sophisticated strategy: keep the bugs off the endpoints. In either case, Mike tells us, the goal was to identify products that do a good job of managing the malware threat from a central point on the enterprise.
Mike Stephenson tackled the gateways. These are a bit more traditional in their approaches, but they still must focus on keeping malware out of the enterprise, and they still must be able to be managed centrally. The big difference is that gateways are not supposed to allow malware to pass, thus the malware cannot enter the enterprise. The interesting thing that we noted this month was that there are some points where the two product groups – management and gateways – acted pretty similar. It’s that old theme of convergence rearing its head again.
These two groups, of course, raise the question of which product type you should want. The answer is not a simple one, nor is it one without some controversy attached. Taking a diplomatic approach, one might posit that both are good, so use both. Actually, that is not quite as silly as one might, initially, think. We have, since the dawn of information assurance as a discipline, insisted that the best protection strategy is defense-in-depth. Using both types of products certainly meets that criterion.
In fact, many organizations actually do take that approach and it serves them quite well. I always have been a proponent of using multiple anti-malware products under the theory that no one product catches everything and no two products catch exactly the same things. That is absolutely true here. It is quite plausible that malware will enter the enterprise without going through the gateway. An example is malware brought in on a USB drive or thumb drive.
So, how does one make the decision? First, look at your enterprise. Assess the risks you face. How do your colleagues use the enterprise? If you have a widely disbursed enterprise, combinations of gateways and endpoint protection probably are for you. If you have lots of road warriors, the same certainly is true. If you have a very small, centralized operation, you may be able to get away with protecting the endpoints only.
In either case, you will be well-served by this month’s crop of products of both types. It is just about a certainty that somewhere in these pages you’ll find your anti-malware strategy just waiting for you to discover it.