Team work The holy grail for the anti-spyware industry is actually a tight integration between desktop and perimeter-based defenses: An anti-spyware appliance detects phone-home behavior on a particular client and notifies the central management engine, which automatically engages the desktop component to clean that particular threat. This scenario is ideal, as less administrative time is lost identifying and cleaning threats, and fewer system resources are consumed networkwide as scheduled daily scans make way for targeted as-needed activity.The trade-off with such a solution is coverage. With almost every anti-spyware product eWEEK Labs has tested, there are significant holes in spyware definition libraries. No product can catch and clean every spyware strain in existence, and some miss many strains. Enterprises will run a risk, therefore, when relying on a single vendor for tiered spyware protection: If a vendors gateway component misses a strain, it is fairly certain that its client component will, too. On the other hand, when using different vendors for perimeter and desktop defenses, the problem becomes one of management and resource utilization. There are no standards that dictate anti-virus/ anti-spyware management, so administrators will likely have to maintain separate management consoles, logs and reports for each product used. While management platforms such as McAfees ePolicy Orchestrator can be used to manage a few vendors products, the majority of software and devices will not be manageable in this fashion. Correlating information imported from any two systems will require significant manual effort or custom-designed tools for in-depth analysis. Likewise, without tightly integrated and automatically correlated data, demands on system resources will remain high, as regularly scheduled scans of all desktops will remain necessary. Technical Analyst Andrew Garcia can be reached at email@example.com. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
At this time, however, few vendors have the necessary gateway, client and management pieces in place to pull off this complete architecture. FaceTime Communications aims to be the first vendor to provide this level of integrationthe forthcoming Enterprise Spyware Prevention Suite is slated to include Real-Time Guardian 3.1, along with FaceTimes Greynet Enterprise Manager, which provides centralized management and control over both gateway and client component activity. The suite is also expected to include a headless desktop component that can be pushed down to user machines on demand.