I like Sophos and Panda. On May 11, 2010, at 3:14 PM, xgermx wrote:
> Thanks for all of the replies. If anyone else has info, feel free to share. > > On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy > <[email protected]> wrote: >> I was having an issue with Sophos not catching Fake-AV too until I turned on >> HIPS. I'm catching most of it now with HIPS. Environment is approx 1000 >> nodes. I will agree that the online database is slim but I'm much happier >> than when we used Symantec EP. As a bonus Sophos includes a lot of >> functionality at no extra cost with Data Control (DLP) and Device Control. >> >> >> >> >> >> Jeremy Pommerening >> MGR, Information Security >> Symbion, Inc. >> 615-234-8912 Direct >> 615-429-6883 BB >> >> GIAC - GCFA,GPEN, GAWN & GCFW, >> GIAC Advisory Board Member >> MCSE Win2K, MCSE NT4, >> CompTia SERVER+, HP APS >> >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Josh Little >> Sent: Tuesday, May 11, 2010 12:15 PM >> To: [email protected] >> Subject: Re: [Pauldotcom] Corporate AV suggestions >> >> I'm on the fence regarding our Sophos EP distribution. I have a feeling >> that it is a little less resource intensive on the clients than the >> Symantec 10 system we replaced, but not by a whole lot. Logging and >> reporting isn't that strong, especially if you are looking at offloading >> events to a SIM or centralized log collector. Their online database of >> threats is very slim on information, especially when compared with >> Symantec's offering at http://www.sarc.com . It also doesn't deal very >> well with fast morphing threats like the rash of fake security products >> that have blown up in the last year. Almost all of the incidents I >> respond to are fake AV crap. The management console is still fairly >> nice, beyond being weak with reporting. One strong point is deployment - >> it was very easy to deploy out using SMS. >> >> Hope that helps... >> >> ZT >> >> On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote: >>> I've been very pleased with Sophos Endpoint protection both from a pricing >>> perspective and support perspective. >>> >>> Jeremy Pommerening >>> MGR, Information Security >>> Symbion, Inc. >>> 615-234-8912 Direct >>> 615-429-6883 BB >>> >>> GIAC - GCFA,GPEN, GAWN & GCFW, >>> GIAC Advisory Board Member >>> MCSE Win2K, MCSE NT4, >>> CompTia SERVER+, HP APS >>> >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of xgermx >>> Sent: Tuesday, May 11, 2010 8:33 AM >>> To: PaulDotCom Security Weekly Mailing List >>> Subject: [Pauldotcom] Corporate AV suggestions >>> >>> So, it's license renewal time for our A/V and I'm open for >>> suggestions/recommendations/horror stories. (I'll be covering roughly >>> 500 Windows based machines). >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >>> >>> Disclaimer: The email and files transmitted with it are confidential and >>> are intended solely for the use of the individual or entity to whom they >>> are addressed. If you are not the original recipient or the person >>> responsible for the delivering the email to the intended recipient, be >>> advised that you have received this email in error, and that any use, >>> dissemination, forwarding, printing or copying of this email is strictly >>> prohibited. If you received this email in error, please delete it from >>> your system without copying it, and notify the sender by reply email so >>> that our address record can be corrected. Thank you. Symbion, Inc. >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> Disclaimer: The email and files transmitted with it are confidential and are >> intended solely for the use of the individual or entity to whom they are >> addressed. If you are not the original recipient or the person responsible >> for the delivering the email to the intended recipient, be advised that you >> have received this email in error, and that any use, dissemination, >> forwarding, printing or copying of this email is strictly prohibited. If >> you received this email in error, please delete it from your system without >> copying it, and notify the sender by reply email so that our address record >> can be corrected. Thank you. Symbion, Inc. >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
