I work for a large company and I am currently evaluating endpoint security products for our Windows workstations to replace what we currently have. I would also like to incorporate least-privileged access as part of the recommendation to management. We've got several thousand computers and a lot of remote sites connected via WAN back to our main headquarters. The bulk of the computers are at the remote sites, and each site has a server which among other things is the local AV slave server.
On the endpoint security side of things, I've narrowed the list to several vendors: Cisco (CSA), CA eTrust, F-Secure, Kaspersky, McAfee, Symantec and Trend Micro. My question on this front is what successes or failures have you had implementing endpoint security in a large organization? Specifically, has anyone replaced AV suites with a product like CSA? (Budget is a concern, there may be room for only one or the other, obviously having both would be best.) On the least privileged access front, has anyone had any success with running as non-admin? We run some critical legacy applications as well as some Citrix stuff and a lot of our programs won't run as admin in their current state. I've started doing a little research on the LUA front and I'm going to try out LUABuglight to see how extensive the issues are. Basically I would like to know if there any manageable programs out there that either (a) invisibly force admin users to run certain programs as a low-privilege user (like DropMyRights for the enterprise) or (b) provide a RunAs solution that actually works while maintaining user account information for auditing purposes. We've had some problems trying to implement LUA in the past so this situation is particularly touchy. It has to work well, and it has to work the first time. I've been testing DropMyRights with IE, Firefox and Outlook and I think I can get management to replace some shortcuts (our remote sites have mandatory desktops) but I'm looking for something a little more robust. Thanks for any help you can provide.
