On 26 October 2010 19:26, bk <[email protected]> wrote: > (resending from correct account) > On Oct 26, 2010, at 6:55 AM, Mikhail A. Utin wrote: > >> Folks, >> We are looking an enterprise level AV-software <snip>. Any advising? > > Signature-based AV is a dead technology. Updates don't get released until > hours after you're already infected, so all it really ends up doing is being > a resource-suck on your CPUs and hard-disk access. > > My recommendation: Buy whatever has the highest composite score for ease of > management, limited resource consumption, and affordability. > > Anyone who says "get Vendor X" or "get Brand Y" without telling you what > selection criteria they used is a tool. How do you know if what is important > to you was also important to them in making the selection?
If you've got a decent perimeter, it should keep the threats out for some time, but I tend to agree. AV these days is starting to be more about detection than prevention - it will at least highlight that you have a problem so you can deal with it. Think of it as part of your intrusion detection if it helps. Oh, and somewhere I used to work ran two separate AV products on the mail gateway, and then a third on desktops on servers. I suspect this was more about licensing models (couldn't do per-seat for email as we had >100k email addresses) than paranoia, but it did help out considerably to have independent engines. cheers, Jamie -- Jamie Riden / [email protected] / [email protected] http://uk.linkedin.com/in/jamieriden _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
