Choosing The Right Enterprise Antispyware Solution

TeleconferenceChoosing The Right Enterprise Antispyware SolutionNatalie Lambert

Analyst

Forrester Research

January 31, 2006. Call in at 10:55 pm Eastern Time

3Entire contents © 2006 Forrester Research, Inc. All rights reserved.

Theme

Enterprises need specific antispyware tools

customized to their needs — consumer tools will not cut it


Agenda

• Spyware climbs the IT security threat ladder

• Standalone antispyware versus an integrated suite approach

• What are the criteria for evaluating enterprise antispyware solutions?

• How do the vendors stack up?


Definition: Spyware

► Software that monitors a user's actions without his explicit consent


Spyware climbs the IT security threat ladder


Recent spyware incidents

• Industrial espionage in Israel

» Vector: Trojan horse delivered through external device and email

• Bank account fraud in Japan

» Vector: Spyware-infected email

• Customer information abuse in the United States

» Vector: Keylogger


Spyware remains No. 4 on the list of IT security threats

73%

66%

57%

55%

46%

41%

39%

28%

55%

Viruses and worms

Employees acting in unauthorized ways

Failure to comply with regulations

Spyware

Outside hackers

Internal hackers

Identity theft

Spam

Poor operational efficiency

Base: 149 technology decision-makers at North American SMBs and Enterprises(multiple response accepted)

Percentage of firms that rated the following as one of the top threats to their organizations

Note: Preliminary data


Antispyware tools will be purchased by more than 50% of companies this year

45%

46%

49%

53%

55%

53%

Personal firewall

Strong authentication systems

Email security gateway

Client antivirus

Antispyware tools

Network firewall

Base: 149 technology decision-makers at North American SMBs and Enterprises(multiple response accepted)

Of the following list of security technologies, please check those that your company is likely to purchase or implement this year (include upgrades to existing implementations)?

Note: Only the top six are listedNote: Preliminary data


Standalone antispyware versus an integrated suite

approach


Increase in adoption of client security suites

8%

3%

24%

65%

4%

9%

30%

57%

Don't know

Don't use clientsecurity

Client securitysuite

Best-of-breed

20062005

For client security, does your organization use a client security suite (for example a single product that includes antivirus, antispyware, and personal firewall all in one) or best-of-breed products (for

example CA's antivirus, Webroot's antispyware, and Check Point's personal firewall)?

Base: 94 technology decision-makers at North American SMBs and Enterprises

Note: Preliminary data


Standalone antispyware

• Benefits: More customizable products and more granular control over scanning

• Best for: Companies that have AV protection from a vendor that does not provide antispyware

• Vendors: Aluria Software, CA, Micro, Sunbelt Software, Tenebril, Trend, and Webroot Software


Client security suite antispyware

• Benefits: An integrated tool set, less administrative overhead cost compared with multiple point products

• Best for: Companies that have AV protection from a vendor that provides antispyware

• Vendors: CA, Check Point, McAfee, Panda Software, Sophos, Symantec, and Trend Micro


What are the criteria for evaluating enterprise

antispyware solutions?


Current offering and strategy

Current offering

Strategy


Market presence

Market Presence


How do the vendors stack up?


Forrester Wave™: Enterprise Antispyware, Q1 '06


Scorecard highlights


McAfee Anti-Spyware Enterprise

• General

» Offered as both part of a suite and a standalone product

• Strengths

» Managed using McAfee's ePolicy Orchestrator

» Highly scalable (250,000 nodes per management console)

» Signature and behavioral detection — protection against unknown spyware

• Weaknesses

» No remote administration


Trend Micro Anti-Spyware Enterprise Edition

• General

» This product is currently offered as a point product, but it will be integrated into OfficeScan in 2006

• Strengths

» Highly scalable (using Trend Micro Control Manager the product supports an unlimited number of nodes)

» Supports remote administration through a Web-based management console

• Weaknesses

» Does not offer protection against unknown spyware


Symantec AntiVirus Corporate Edition 10.0

• General

» Only available to Symantec AV customers

• Strengths

» Fully integrated antivirus and antispyware solution — can easily upgrade to a Symantec Client Security (a full security suite)

» Highly scalable (176,000 nodes per management server)

» Detailed reporting functionality

• Weaknesses


» Management and reporting require two different consoles


Webroot’s Spy Sweeper Enterprise

• General

» Standalone product

• Strengths


» Phileas — an automated spyware crawler that proactively searches the Web for new spyware

» Advanced client functionality with ability to blacklistcustom-defined spyware and Web sites

• Weaknesses


» Does not support role-based administration


Tenebril’s SpyCatcher Enterprise

• General


• Strengths


» Integration with Active Directory and LDAP

» Signature and behavioral detection — protection against unknown spyware

• Weaknesses

» Inability to update remote systems

» Lack of long term viability due to small revenue and customer base


Sunbelt Software’s CounterSpy Enterprise

• General


• Strengths

» Full range of reporting capabilities

» Integrated with Active Directory and Network Neighborhood

» Highly scalable (each server supports 1,500 nodes — the management console supports an unlimited number of servers)

• Weaknesses

» Inability to update remote systems



Aluria Software’s Paladin

• General


• Strengths

» Kernel-level protection that blocks spyware before installation

» Supports Web site blacklists

• Weaknesses


» Limited scalability (roughly 2,000 nodes per management console)

» Basic reporting — no custom or graphical reports


CA’s eTrust PestPatrol Anti-Spyware Corporate Edition r8

• General

» Offered as both part of a suite and a standalone product

• Strengths

» Highly scalable

» Strong management feature with full role-based access

» Remote administration through its Web-based console

» Supports multiple server platforms

• Weaknesses


» Does not support report customization


Where does Microsoft fit in?

• Entered consumer market with GIANT acquisition in December 2004 — Windows AntiSpyware/Defender

• Will enter enterprise market in mid-2006 with Microsoft Client Protection — an integrated antivirus and antispyware solution

• Customers without antispyware cannot wait for Microsoft Client Protection

• Customer looking to replace their current solution will benefit from waiting a year to see what Microsoft can deliver


Recommendations

• Adopt enterprise-scalable antispyware technologies now – don't wait!

• Look at your current infrastructure to determine which type of antispyware tool is best for you

• Put in place additional technologies and processes — antimalware tools alone will not stop the malicious code threat


Selected bibliography

• January 6, 2006, Tech Choices “The Forrester Wave™: Enterprise Antispyware, Q1 2006”

» All accompanying Vendor Summaries

• June 22, 2005, Tech Choices “The Forrester Wave™: Client Security Suites, Q2 2005”

» All accompanying Scorecard Summaries

• February 10, 2005, Trends “Antispyware Adoption In 2005”


Natalie Lambert

[email protected]

www.forrester.com

Thank you

Choosing The Right Enterprise Antispyware Solution

Technology

Transcript of Choosing The Right Enterprise Antispyware Solution