Enterprise Antispyware:
Eliminate spyware challenges with these 10 tips
Spyware continues to plague the IT landscape, and will continue to do so for the foreseeable future. While Congress has attempted to begin tackling these kinds of problems, laws just won't be enough to eradicate this menace. Further, in days of old, spyware solutions were decentralized and not always appropriate for reasonable enterprise use. Today, the landscape has changed, and here are some tips for you to consider while you tackle the challenge of instituting a spyware solution in your organization.
1
Centralized management
Until somewhat recently, spyware eradication at the individual desktop was something of a hit and miss scenario. While there are many products that address the spyware issue, ranging in price from free up to tens of thousands of dollars for site licenses, many of these products lacked a critical component to managing the spyware mess: central management. Without centralized management, the IT staff is left to deal with a critical service on each individual machine; lack of a centralized management console results in an inability for a CIO to gain critical metrics via reporting that he or she can use to help reinforce staffing and budget requests. Further, lack of central management means that software or definitions on a client workstation could be woefully out-of-date, leaving said workstation wide open. Fortunately, the usual antivirus players, and some newer, spyware-focused players, have hit the market with enterprise-grade antispyware solutions that include central management, helping keep the job of protecting the corporate network wieldy.
If you scan a spyware-infested computer using the client that was bundled with the expensive antispyware solution you just implemented, the software will probably report back that the computer was successfully cleaned, and show you a report proving the point. And, when you manually check one of the data points, you'll be able to verify that the software did exactly what it said it would do. Now, scan the system with a different antispyware product. The chances are fairly decent that this second product will clean spyware that the first one did not catch. Spyware is notoriously difficult to eradicate and one solution often isn't enough. Obviously, you don't want to deploy two corporate antispyware products to every desktop. Instead, consider a layered approach. Through the installation of an inline network gateway device that runs a different spyware-scanning engine from the one you use on the desktop, you can begin to eliminate spyware at the entry point to the network… before it even hits the user's desktop. The multilayered approach to the spyware dilemma helps to further protect your PC. Besides, it's easier to handle spyware if it never even gets to a PC.
2
Protect with a layered approach
3
When possible, use an active agent solution
There are some different ways that a scanner—whether it is a virus scanner or a spyware scanner—can look for problems. First, it can simply make use of a definition file and look for things on a client that match items in the definition file. When this happens, the matching item is handled in whatever way you specify. Or, you can have a solution that actively monitors and watches all activity to and from a computer. Often, an active solution will be able to learn about normal behaviors and take action even when it notices something out of the ordinary. A definition file is out-of-date as soon as you download it, and there is always a delta between what it can look for, and what kind of spyware has been released since the last update.
4
Reduce the success rate of phishing expenditions
You've gotten the email: "Click here, and repair your damaged eBay account now! If you don't, we'll close your account and take away your children. Oh… by the way, to repair your account, we need your name, address, social security number, all of your previous addresses and a few of your credit card numbers… just to verify who you are, of course." Unfortunately, phishing sites have evolved from poorly designed and written pages into impressively complete mimics of web pages of well-known companies. Why do these scam emails keep coming into your inbox? Answer: Because they work. When you choose your next enterprise-grade antispyware solution, look for one that can help you protect your employees and your company from these kinds of phishing trips.
Page 1
Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free 7-day trial to TechProGuild, please visit http://www.techproguild.com
�Enterprise Antispyware: Eliminate the challenges with 10 tips
5
Plan for growth
When you're considering and evaluating the various antispyware solutions available on the market, look down the line. Many of the solutions either on, or hitting, the market today are scalable up to tens, and even hundreds, or thousands of machines. Of course, you won't be using a single server to manage spyware for a 100,000 machine network, but you should still be able to manage their entire antispyware service from a single location which, in turn, controls the various down-level distribution servers.
6
Antivirus and antispyware go hand-in-hand
Some people see spyware and viruses as different problems that need to be combated in different ways. Some see them as the same kind of problem: an unwanted items on a client workstation that can damage files, leak proprietary information, and sap productivity. When you're looking for a solution to solve your spyware problem, consider rolling your solution in with your antivirus solution. After all, a single-agent solution is easier to manage, and may end up costing less than deploying parallel infrastructures to deal with vermin.
7
Participate in vendor information-gathering
Many vendors build into their products the capability to report back to central command with information regarding new potential threats. Some see this kind of communication as a security breach. However, if it fits in with your organization's privacy policy, and you can work with the vendor to make sure such a transmission is secure, try to make an effort to participate in this kind of "community service". You'll be helping your vendor to more quickly identify new spyware, allowing them to release an update more quickly. Of course, this won't work for every organization, but the more that take part, the better the updates will be.
8
Consider URL controls
Most spyware is acquired through visits to malicious web sites and downloads from said sites. If you could block access to sites through which spyware is known to be distributed, you could help to prevent some spyware infections from taking hold in your environment. Whether you use a gateway device and/or a desktop client, look for a product that can help you block, or filter, access to these sites, or that integrates into Internet Explorer to help users avoid these kinds of sites.
9
Consider differing scenarios
Even within the same organization, you can't always expect every desktop and user usage pattern to be the same 100% of the time. So, why should you roll out an antispyware solution that locks you into a single policy, or that makes it difficult to change a policy—for example: changing the time of day that a full scan is run? If you have shift workers, or mobile users, you need to take into account their usage needs and plan accordingly. Many enterprise-grade solutions today allow you to place computers into specific management groups, allowing you to enforce different requirements on different users.
10 Get antispyware software
This seems simplistic, but many organizations have been slow to respond to the burgeoning spyware threat, ranked by some to be the number one security problem affecting companies today. It's time now to do an analysis to see how much productivity and how many bottom line dollars you're losing because of this threat. With the right information and justification, including protecting key corporate information, senior management may start to see the value in acquiring such a service, if they haven't already.
Page 2
Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free 7-day trial to TechProGuild, please visit http://www.techproguild.com
�