Security Manager's Journal: Can an enterprise run its security with Microsoft's tools?
The desktop group is pushing to abandon enterprise-class tools for built-in antivirus, firewall and encryption software from Microsoft. Is that any way to run a business?
Computerworld - Windows security tools may be good enough for home users, but can they meet the needs of the enterprise? Recently, my company's desktop team has been looking at Microsoft's built-in security software, with the idea that we should consider using those alternatives instead of commercial security software.
The desktop group is (finally) getting around to building a Windows 7 image for my company's desktop and laptop computers (yes, I know; it's about time). As part of this, the team is suggesting that we consider using Forefront, Windows Firewall and Bitlocker for antivirus, firewalling and encryption capabilities instead of the commercial products we now use with Windows XP. Why? Mainly because these tools are free and can be built into the image without as much work and testing as would be required with third-party software. The question is, are these tools as good as the commercial ones?
First, there's Forefront. This is antivirus software that is classically signature-based, like others. Is there really much differentiation among signature-based antivirus products? In my mind, the two key factors are effectiveness (how extensive is the malware signature database?), responsiveness (how quickly does the vendor turn around signature files for newly released, zero-day malware?) and manageability (how efficiently can administrators remotely install and manage clients and cleanup activities?). We currently have a top-tier antivirus product that works well and has had a good track record in my company's environment. That includes a typical less-than-24-hour response to zero-day malware, of which we do see a lot -- my company has an extensive presence in Asia, where much of the malware that gets onto our systems originates. I'm not particularly excited about giving up a perfectly good experience for an unknown quantity just because it's free.
My company's desktop security software suite includes active firewalling capability as well, which is able to whitelist applications based on administrator approval. This works very well, and I'm not at all convinced that Windows Firewall is going to give us a better experience. It seems like a perfectly good product for home users who want to manage their own applications, but that's a long way from what goes in on an IT shop of our size. We need administrators to configure and approve software communications, and as far as I know, Windows Firewall can't be centrally managed in a way that allows easy approval that can be quickly propagated throughout the organization. Yes, there's Group Policy, but is that really the ideal management tool?
Furthermore, I'm looking into a new software tool that performs behavioral profiling and adaptive blocking of application execution on end-user workstations. This commercial software runs on the computer for a while, building a database of behaviors that are then "locked in" as known-good. Any subsequent execution attempt must be approved before it is allowed. That seems to me to be much better than a classic network-port-control firewall.
More by J.F. Rice
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
- Security Manager's Journal: Thinking about passwords
- Security Manager's Journal: Android panic
- Security Manager's Journal: Auto-forwarded emails could be a huge problem
- Security Manager's Journal: Our network infrastructure has fallen far out of date
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts