Antimalware: TCO vs. Risk Reduction for an Organisation

[Ink]

Read Full Article: http://searchsecurity.techtarget.co...ion-Assessing-the-best-antimalware-protection

In conducting this evaluation, it is important to cover all the costs. "I think a tragic mistake we make in IT is that we forget the tremendous burden antimalware sometimes puts on a system," says Stu Berman, security architect for Steelcase. "It is a cost we ignore at our peril because the user feels it in longer boot times, slower processing, weird messages and other ways."

An advanced malware-protection product sells itself if it can show how it accomplishes the following:

1. Prevents infections by blocking the infection process. Some products aim to detect malware prior to it becoming resident on a system. Yet contemporary advanced antimalware products look to augment traditional signature-based technology with advanced heuristic and reputation-based techniques. Sometimes, it means allowing an initial infection but blocking ones downstream -- a small price to pay if it identifies truly dangerous malware.
2. Prevents damage by restricting access to sensitive resources. Some products contain an infection in a way that requires further exploitation to get at sensitive data or otherwise affect an environment. Ultimately, simply closing the container may eliminate these infections.
3. Increases speed of response. Some antimalware offerings employ a "fast-follower" approach by simultaneously evaluating binaries and alerting responders of an infection so they may take further action. Others may be able to quickly issue an alert and also provide forensic information for real-time response.
4. Increases speed of recovery for malware incidents. Even post-infection, products that capture more information about state (e.g., registry settings) and activity history (e.g., executables launched and/or network connections made) reduce the amount of time required to completely recover from an incident.

Read more using link posted above.