By Andrew Garcia  |  Posted 2006-02-06 Print this article Print

Team work

The holy grail for the anti-spyware industry is actually a tight integration between desktop and perimeter-based defenses: An anti-spyware appliance detects phone-home behavior on a particular client and notifies the central management engine, which automatically engages the desktop component to clean that particular threat. This scenario is ideal, as less administrative time is lost identifying and cleaning threats, and fewer system resources are consumed networkwide as scheduled daily scans make way for targeted as-needed activity.

At this time, however, few vendors have the necessary gateway, client and management pieces in place to pull off this complete architecture. FaceTime Communications aims to be the first vendor to provide this level of integration—the forthcoming Enterprise Spyware Prevention Suite is slated to include Real-Time Guardian 3.1, along with FaceTimes Greynet Enterprise Manager, which provides centralized management and control over both gateway and client component activity. The suite is also expected to include a headless desktop component that can be pushed down to user machines on demand.

The trade-off with such a solution is coverage. With almost every anti-spyware product eWEEK Labs has tested, there are significant holes in spyware definition libraries. No product can catch and clean every spyware strain in existence, and some miss many strains. Enterprises will run a risk, therefore, when relying on a single vendor for tiered spyware protection: If a vendors gateway component misses a strain, it is fairly certain that its client component will, too.

On the other hand, when using different vendors for perimeter and desktop defenses, the problem becomes one of management and resource utilization. There are no standards that dictate anti-virus/ anti-spyware management, so administrators will likely have to maintain separate management consoles, logs and reports for each product used.

While management platforms such as McAfees ePolicy Orchestrator can be used to manage a few vendors products, the majority of software and devices will not be manageable in this fashion. Correlating information imported from any two systems will require significant manual effort or custom-designed tools for in-depth analysis.

Likewise, without tightly integrated and automatically correlated data, demands on system resources will remain high, as regularly scheduled scans of all desktops will remain necessary.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel