Many of our clients ask me frequently which antivirus product is the best. They often assume that the product that we are running on our machines must the best one. If one of the vendors out there was clearly the best, there would probably be only one choice in the market.
We believe it’s really about what’s best for the specific environment. Much of the decision is based on fact, but plenty of it is based on emotion. It’s important to get a product that works (duh), but your ability to work with it is equally important.
The decision process for AV should start with what features on your checklist are requirements. This may narrow the field dramatically especially if you are in a compliance related industry or are a highly valuable target.
Next you should figure out what you would like the product to do in your environment. Are you trying to monitor and block USB and Bluetooth? Are you thinking about application control or encryption? Lots of fun things to consider here.
However, looking at the solution and requirements is only half of the story. It is surprising how may organizations we talk to that have a great solution that is actually creating as many problems as it’s solving. Often we will find that even though the product has most or all of the checklist items, some key features are configured incorrectly or simply shut off.
Often times features get turned off in order to solve slowness or access issues with the intent to solve the underlying issue when there is more time to troubleshoot. Ironically, we all know there never is enough time. Nobody is complaining about being bored or overstaffed. This is an area where you should be utilizing your security partner. A quick note or phone call can lead to a quick fix.
We were having some active directory issues in our environment and while we weren’t down we knew the problem could be severe. We engaged our networking experts after spending a few weeks on the issue and our partner had us rolling in under two hours. It was well worth the spend.
Compared to the cost of an actual breach caused by misconfiguration, hiring an expert to guide you through configuration and education is a better use of time and money. It can also help you regain sanity by getting errors and issues cleared up so you can be focused on the core functions of your role.