"Next Generation" anti-malware/exploit products?

Discussion in 'other anti-malware software' started by hutchingsp, Oct 11, 2015.

  1. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    We currently use one the consistently top-ranking antivirus vendors across our site (Avira).

    It works well (to the best of our knowledge) but the central management is not great when you have hundreds of machines, and it's ultimately still "traditional" antivirus in that it's primarily pattern based but with a "cloud" component to do lookups on unknown executables.

    I'm starting to look at what else is out there and that horrid phrase "Next Generation" is the best way I can describe it, essentially they seem to focus on preventing malware and exploits by looking at behaviour.

    Names that I've heard of are those such as:
    • Cylance
    • Palo Alto TRAPS
    • MalwareBytes Anti-Exploit
    Who else should be on the list?

    Respectfully, please keep in mind that with several hundred endpoints central management and reporting has to be there so please don't recommend anything that is entirely standalone and aimed at domestic use as however good it may be, it won't be an option.
     
  2. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    331
    Please be aware of the fact that only a part of malware infections is caused by exploits (drive-by download, etc), so MalwareBytes Anti-Exploit would probably not be the best solution.
    If you want to be able to prevent more malware you will have to employ endpoint protection software that works with whitelisting and blocks all executables not defined in a policy.

    As a side note: I don't think that many users on Wilders have experience with many types of endpoint protection suites.
     
  3. hjlbx

    hjlbx Guest

    Comodo Endpoint or Symantec Endpoint. They both require heavy initial configuration, but will do a good job.

    End Point solutions really require a dedicated IT pro to administer them...

    There is also Emsisoft Anti-Malware for Server. It sounds as if that would be a good choice if you do not have dedicated IT Admin on staff.

    There's a lot of End Point solutions out there... all with varying degrees of complexity - and costs.

    You have to submit requests for bids to the various security soft vendors.

    Selection can be a long, and tedious, affair... but will pay off in the end. Ask for demos. Ask, ask, ask... and always ask "What are things I should be aware of... ?"
     
  4. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    Yes I'd certainly be looking at something like that as another layer rather than a complete solution.
    Whitelisting would be nice but the software environment is huge - thousands of apps in use (literally) so it would never end - we are looking at addressing monitoring of what is being used and added to the environment.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    I would look closely at Appguard Enterprise, as well as other BlueRidgenetworks products. Good products and good people.
     
  6. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    For anti-exploit, you can't beat Microsoft EMET deployed/configured through GPO.

    What OS are all your machines?
     
  7. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
    Last edited: Oct 11, 2015
  8. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    what is your present security concept?

    what standard methods of windows are already used?
    LUA? GPO? DEP?
    any other OS present?

    A security web-server as proxy is recommended, 3rd party software and also sticks and other removable media is prohibited.
    a managed switch with extension cards will do same (eg Zyxel or Cisco - those are scalable - not cheap but the better solution before paying nuts for useless antivirus)

    IMO MBAE has no GPO settings

    sorry, but i wont do your job about thinking of security - either you are able to do it alone or you cant.

    HTH
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Also what typically happens with this type of question. You get dozens of suggestions so you still have to do your own research and testing.
     
  10. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    Of course, but you can only test that which you know exists.

    For example this morning I'd never heard of SentinalOne, I have now so it's on the list to investigate.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,158
    Location:
    in a remote land :)
    corporate/enterprise solutions = Hardware antimalware solutions ( redsocks, sophos UTM, symantec , etc...) + virtualization of sensitive servers + smart use of honeypots on key networks areas. Those are must have.

    Software-based endpoint solutions (SEP and co) are complements, mostly used to secure employees machines and restrict them to access critical areas of the network.
     
  13. mattfrog

    mattfrog Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    85
    Location:
    United Kingdom
    Enterprise Consultant here :)

    I have deployed ESET Endpoint Protection and Webroot SecureAnywhere Business, along with the old creekers like Symantec and McAfee.

    Webroot's management cannot be beaten for ease of use. You will not need to manage anything until an infection is detected. Endpoint agent software updates are automatic, depending on your preference for auto-updates (obviously not ideal in many situations, but depending on your IT department resources, the trade off for time and effort saved may negate the risk of a problem update). Detection is also very good, so is their support.

    ESET made quite a shift last year in the architecture of their Endpoint offering. It broke a lot of deployments, and lost the faith of some customers (me included). Detection and resource usage of the endpoints is fantastic, and administration is on par with the other big boys (Sophos, Symantec, etc.). It's old-style, update server inside the firewall, with the clunk that comes with that.

    I highly recommend a UTM appliance (Watchguard or Sophos are both great choices), alongside something like Webroot for Endpoint protection. UTM devices are fantastic, but can't protect against all the entry points for malware. UTMs also provide protection (or at least some notification) of other types of attacks, too.

    Avoid (however compelling the offer) anything that, like you say, is primarily for home users. The difference in risk is massive when you have hundreds/thousands of end users with varying abilities to operate systems safely. AVG, Avira (sorry!), Avast... are not appropriate for an Enterprise, however effective they may be at home.

    One last point would be to have a license for a competing AV (just one or two endpoints) that you can run on your sysadmin machines, to go someway to overlap signatures/detection abilities, and provide a second opinion.

    As with every choice in IT Security, it's a question of trade offs and compromises. What's the budget? How does Endpoint AV fit in to your overall security plan? What are the big threats, and what is an extremely unlikely attack?

    Please feel free to PM me if I can help any further!
     
Loading...