No, this is not an article about weird marketing practices or \u201cponzi\u201d schemes within the A\/V industry. It IS an article about how you can better protect yourself against viruses and malware. I decided to write this after one of our customers had the willies scared out of them by one of their other vendor\u2019s \u201csecurity alert\u201d circular.<\/p>\n
We (itgroove) have always worked from the assumption that no single a\/v product provides 100% protection against all virus and malware threats. The A\/V vendors may take issue with that stance but it\u2019s what we believe and it sets the tone for how we architect customer\u2019s infrastructures. We always \u201clayer\u201d A\/V protection so that there are at least two layers of scanning using multiple vendors technologies. Our preferred architecture relies on Sonicwall firewalls with Sonicwall\u2019s McAfee-based technology scanning at the gateway (firewall) and Trend Micro\u2019s A\/V installed on all machines on the inside LAN (usually WFBS). If the customer utilizes Office365 that adds another layer as Forefront is scanning at the Exchange level (on premise Exchange is covered by the aforementioned Trend A\/V).<\/p>\n
The reason we layer is simple: chances are if one vendor\u2019s technology misses or does not identify and eliminate a virus or malware the other vendor\u2019s will. It is a simple numbers game where you have better protection if your \u201clayer number\u201d is 2 or greater. Single vendor solutions such as Sonicwall\u2019s Gateway A\/V and Enforced Client A\/V (to name but one) can leave you vulnerable as the same technology is in place at the gateway and on the LAN; if the technology does not identify a virus or malware then it misses it entirely throughout your infrastructure. (To be fair to Sonicwall, they do offer Kaspersky as an optional layer.)<\/p>\n
I want to circle back to my point about our customer and the security circular they received. The circular highlighted the existence of a nasty virus that targets POS systems running on Windows boxes and was also a pitch for a \u201cmanaged\u201d single-vendor a\/v service. The interesting thing is the vendor provided stats from Virustotal which listed 40 different a\/v vendors and whether or not their product identified and removes this particular virus. Roughly half of the vendors missed identifying the virus. Using our two preferred vendors as a measuring stick, Sonicwall (McAfee) missed and TrendMicro identified\/removed. If our customer\u2019s network had ONLY been protected by McAfee they could have been at risk but they have the second layer in place. Of course, the possibility exists that BOTH layers could miss something but the odds are much more in your favour with two layers than with a single layer.<\/p>\n
If your network is only covered by a single layer of a\/v then I urge you to look into how you can add a second layer from another vendor. There are many, many options available and you don\u2019t have to use our particular model. But you should<\/em> do something. You should<\/em> scan at the gateway as the best defence is to keep the garbage out of your network, period; specially so in this age of BYOD on your network. You should <\/em>ensure your various devices on the LAN are covered with a\/v. You should <\/em>ensure your mobile users have a\/v that ramps things up when they are NOT behind your corporate firewalls. And you should <\/em>pay attention to what your various a\/v dashboards tell you.<\/p>\n We have a lot of customers set up with the multi-layer approach and it works extremely well. It can work well for you, too.<\/p>\n","protected":false},"excerpt":{"rendered":"