Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint anti-malware his company has been using is doing what it should.
Malware prevention and detection at the endpoint is a best practice every company should (and probably already does) follow. There are three main reasons to use endpoint agents:
The disadvantages of an anti-malware agent on the endpoint include:
In addition, most businesses use multiple platforms (different OSs, legacy solutions, services, appliances) that aren't supported by most anti-malware vendors.
The biggest advantage of network-based anti-malware is that it inspects the traffic while it is in motion, before it hits the endpoint that is the actual target - an in-depth best practice for defense.
Network anti-malware is always connected and usually gets automatic signatures updates, which makes it more reliable and secure. In addition, they are platform agnostic, as they see all traffic, so any platform on the network is protected.
The downsides of network-based anti-malware are that endpoints are only protected when connected to the network, and that it’s blind to peripheral devices.
When using on-premise network anti-malware solutions, it usually runs on an appliance that already inspects the business traffic (next generation firewall, UTM, secure web gateway).
Enabling the anti-malware capabilities on that box introduces two challenges:
Cloud-based anti-malware overcomes appliance limitations, as all business traffic is inspected via a managed service in the cloud, regardless of location. This eliminates the need to deploy and configure appliances at each location. A cloud-based service is elastic, and the vendor is responsible to scale it to address customer traffic needs. It is also the vendor’s responsibility to make sure the service is always up and running and has the latest updates, so the customers no longer need to maintain the solution for optimal performance and effectiveness. Also, mobile users can dynamically connect to the service on the go, so they are always protected even when they are away from corporate locations.