We currently use one the consistently top-ranking antivirus vendors across our site (Avira). It works well (to the best of our knowledge) but the central management is not great when you have hundreds of machines, and it's ultimately still "traditional" antivirus in that it's primarily pattern based but with a "cloud" component to do lookups on unknown executables. I'm starting to look at what else is out there and that horrid phrase "Next Generation" is the best way I can describe it, essentially they seem to focus on preventing malware and exploits by looking at behaviour. Names that I've heard of are those such as: Cylance Palo Alto TRAPS MalwareBytes Anti-Exploit Who else should be on the list? Respectfully, please keep in mind that with several hundred endpoints central management and reporting has to be there so please don't recommend anything that is entirely standalone and aimed at domestic use as however good it may be, it won't be an option.
Please be aware of the fact that only a part of malware infections is caused by exploits (drive-by download, etc), so MalwareBytes Anti-Exploit would probably not be the best solution. If you want to be able to prevent more malware you will have to employ endpoint protection software that works with whitelisting and blocks all executables not defined in a policy. As a side note: I don't think that many users on Wilders have experience with many types of endpoint protection suites.
Comodo Endpoint or Symantec Endpoint. They both require heavy initial configuration, but will do a good job. End Point solutions really require a dedicated IT pro to administer them... There is also Emsisoft Anti-Malware for Server. It sounds as if that would be a good choice if you do not have dedicated IT Admin on staff. There's a lot of End Point solutions out there... all with varying degrees of complexity - and costs. You have to submit requests for bids to the various security soft vendors. Selection can be a long, and tedious, affair... but will pay off in the end. Ask for demos. Ask, ask, ask... and always ask "What are things I should be aware of... ?"
Yes I'd certainly be looking at something like that as another layer rather than a complete solution. Whitelisting would be nice but the software environment is huge - thousands of apps in use (literally) so it would never end - we are looking at addressing monitoring of what is being used and added to the environment.
I would look closely at Appguard Enterprise, as well as other BlueRidgenetworks products. Good products and good people.
For anti-exploit, you can't beat Microsoft EMET deployed/configured through GPO. What OS are all your machines?
Why not Webroot for business, great central management? I guess they have all the "Next generation" you will need. Edit: Take a look at the video here, and see if that could fit your needs? hxxp://www.webroot.com/za/en/business/products/endpoint/ /E
what is your present security concept? what standard methods of windows are already used? LUA? GPO? DEP? any other OS present? A security web-server as proxy is recommended, 3rd party software and also sticks and other removable media is prohibited. a managed switch with extension cards will do same (eg Zyxel or Cisco - those are scalable - not cheap but the better solution before paying nuts for useless antivirus) IMO MBAE has no GPO settings sorry, but i wont do your job about thinking of security - either you are able to do it alone or you cant. HTH
Also what typically happens with this type of question. You get dozens of suggestions so you still have to do your own research and testing.
Of course, but you can only test that which you know exists. For example this morning I'd never heard of SentinalOne, I have now so it's on the list to investigate.
Eset NOD32 or Smart Security. Its exploit protection scored effectively 100% in this recent AV lab test: https://www.nsslabs.com/reports/con...tion-test-report-eset-smart-security-exploits . Eset's commercial endpoint products use the same technology.
corporate/enterprise solutions = Hardware antimalware solutions ( redsocks, sophos UTM, symantec , etc...) + virtualization of sensitive servers + smart use of honeypots on key networks areas. Those are must have. Software-based endpoint solutions (SEP and co) are complements, mostly used to secure employees machines and restrict them to access critical areas of the network.
Enterprise Consultant here I have deployed ESET Endpoint Protection and Webroot SecureAnywhere Business, along with the old creekers like Symantec and McAfee. Webroot's management cannot be beaten for ease of use. You will not need to manage anything until an infection is detected. Endpoint agent software updates are automatic, depending on your preference for auto-updates (obviously not ideal in many situations, but depending on your IT department resources, the trade off for time and effort saved may negate the risk of a problem update). Detection is also very good, so is their support. ESET made quite a shift last year in the architecture of their Endpoint offering. It broke a lot of deployments, and lost the faith of some customers (me included). Detection and resource usage of the endpoints is fantastic, and administration is on par with the other big boys (Sophos, Symantec, etc.). It's old-style, update server inside the firewall, with the clunk that comes with that. I highly recommend a UTM appliance (Watchguard or Sophos are both great choices), alongside something like Webroot for Endpoint protection. UTM devices are fantastic, but can't protect against all the entry points for malware. UTMs also provide protection (or at least some notification) of other types of attacks, too. Avoid (however compelling the offer) anything that, like you say, is primarily for home users. The difference in risk is massive when you have hundreds/thousands of end users with varying abilities to operate systems safely. AVG, Avira (sorry!), Avast... are not appropriate for an Enterprise, however effective they may be at home. One last point would be to have a license for a competing AV (just one or two endpoints) that you can run on your sysadmin machines, to go someway to overlap signatures/detection abilities, and provide a second opinion. As with every choice in IT Security, it's a question of trade offs and compromises. What's the budget? How does Endpoint AV fit in to your overall security plan? What are the big threats, and what is an extremely unlikely attack? Please feel free to PM me if I can help any further!