Avatar of Pau Lo
Pau Lo

asked on 

AV management / monitoring best practice and essentials

I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.
Anti-Virus AppsVulnerabilitiesSecurity* malware

Avatar of undefined
Last Comment
jimmymcp02
Avatar of ScriptAddict
ScriptAddict
Flag of United States of America image

I think the big thing is to make sure you are getting enterprise level stuff.  All vendors will have quality stuff if you get their enterprise level stuff.

We use Kaspersky Endpoint Protection, and it sends me emails about any issues, as well as having a dashboard where I can easily see all useful information at a glance.  

I normally check it on Mondays, take a few corrective actions for virus scans that failed over the weekend because people took their devices offline or something like that, check any viruses that have been detected, and take action if needed, and then forget about it until next Monday.
ASKER CERTIFIED SOLUTION
Avatar of Member_2_3586344
Member_2_3586344

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of jimmymcp02
jimmymcp02
Flag of United States of America image

Symantec Endpoint Protection manager can do that for you. They have a cloud solution now so you dont have to have a server running the manager in premises.

You can build and schedule custom reports like the ones you are looking.
There are tons of options available in the manager i have been using them for many years and i like the reporting for PCI DDS compliance.
Security
Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo