As administrators deal with conditions of worsening desktop security, lost user productivity and reduced system performance, anti-spyware defenses have emerged as a necessary layer of protection for enterprise desktops.
Anti-spyware solutions come in many forms, however, including stand-alone desktop-based protection, protections integrated with desktop anti-virus solutions and systems delivered via network-based gateway protections. This sample document is designed to help IT administrators develop an RFP for an enterprise-grade, stand-alone desktop anti-spyware solution.
To identify the right solution when creating an RFP, administrators should have a good understanding of what the real problem is that needs to be solved, what the scope and size of the deployment will be, and what potential obstacles may currently exist.
Protection and Research
An anti-spyware solution is only as good as its research team and the signatures it generates—most anti-spyware products detect and clean only about 80 percent of malware. Customers should know ahead of time what types of threats are most critical to address and whether spyware or adware is of concern as a security, performance or productivity issue.
What types of threats does your solution detect?
• Spyware
• Rootkits
• Adware
• Dialers
• Trojans
• Cookies
• System monitors
• Other (list)
Does the solution provide cleaning and blocking services?
Describe how blocking works.
Blocking often relies on heuristic detection in addition to signature databases. Since false-positive rates can increase with heuristic detections, its worth getting to know how the software does it.
* How are new malware samples identified?
* How often are new signatures delivered?
* Describe your research team.
* How many members? Locations?
Do you partner with any other research teams for additional signatures?
Please list the teams notable awards or achievements.
* How does your organization deal with requests to remove Web sites or applications from the detection list? Describe the submission and review processes.
* What actions are taken if a status change is warranted? Are sites removed from the database, or is there a change of default recommended action?
* How are customers notified of changes?
Servers and Infrastructures
Describe the various components of the solution infrastructure, including:
• Policy server
• Distribution server
• Reporting server
• Management console
What are the minimum and recommended requirements for server components, including:
• Supported operating systems
• CPU
• Memory
• Disk space
Please provide a scaling guide, describing maximum clients supported versus server specifications.
Can server components be installed on separate machines, or must they all be installed together? Please list what communication ports are used between components.
Database
Describe the database included with the server installation package.
Does the application work with existing enterprise databases? If so, list which databases are supported.
Clients
Which client operating systems are supported?
• Windows Server 2003
• Windows XP
• Windows 2000
• Windows 95/98/ME
• Other (list)
How much disk space is required?
How much memory is consumed?
• Under normal conditions?
• During scans?
What is the CPU usage during scans?
Can administrators adjust via policy or manually?
Does the client operate as an application or a service?
At what point in the boot process does the anti-spyware product start?
Does the service/process require local administrative rights to perform scans or cleans?
Describe modes of operation:
• User interactive
• User alerting only
• Silent (no user interaction or alerting possible)
• Other (describe)
Are there any known conflicts with other applications and services?
As spyware threats have become more complex, anti-spyware programs have needed to reach deeper into the operating system to find and detect the threats, as well as to avoid tampering from outside sources. Administrators should take care to list in an RFP existing security or management applications to ensure that the anti-spyware program does not have known incompatibilities with any of them.
Describe how agents communicate with server components. Please list any relevant TCP/UDP (User Datagram Protocol) ports.
Describe any special concerns for clients traveling out of network.
Does the client receive updates from the vendor?
Does the client process shut down after a predetermined amount of time?
Can the client report back to the server through an alternative method?
Next Page: Client distribution, Updates, Directory integration, Policy control, Reporting.
TKTK
Client Distribution
Does the solution include client distribution tools? Describe how they work.
Can you create .exe or .msi files for deployment using existing software deployment tools?
Is the server contact information hard-coded into the agent package, or can server assignments be changed from the console?
Updates
Does your product schedule definition updates for the primary servers and when clients check in for new definitions?
What is the typical definition size?
Describe administrative rights controls.
Large enterprises often will have multiple administrators looking after an anti-spyware solution. An RFP should gauge the granularity of access controls to ensure IT managers have only the rights necessary to administer their corner of the solution.
Can read access be set for some administrators and read/write access for others?
Can administrator access be granted to only one particular group?
Directory Integration
Does the software tie in with Microsoft Active Directory to identify existing computers, groups and organizational units?
Does the software integrate with directories other than Active Directory?
Can additional groups be created and managed outside the Active Directory structure?
Policy Control
Can client scans be scheduled for individual computers or groups of computers?
Can scans looking for subsets of threats (such as system monitors only) be run?
Can threats be automatically quarantined with the option to restore, if necessary?
Can exemptions for certain Web sites, applications or proc-esses be configured?
Can Web site blacklists be configured?
Reporting
How many reports do you offer?
Describe some unique reports.
What formats can reports be exported to?
What types of alerts are available?
• In-console
• SNMP
• Syslog
• Pager
• Other (list)
Licensing and Maintenance
What is the licensing cost per user per year?
Volume pricing is likely available, so you will want to have the number of seats needed in mind when developing an RFP.
Are there additional costs for server or reporting components?
Describe the standard support agreement. Is it included in the license fee?
What are the support operation hours?
Describe any premium or advanced support contract options, including pricing.
Technical Analyst Andrew Garcia can be reached at [email protected].
Source: eWEEK Labs
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.