Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Thursday, September 17, 2009

Choosing the Right Anti-Malware/Anti-Virus for Your Proxy

I've talked a lot about having an scanning engine on your enterprise proxy implementation. You need this to make sure you're scanning any webpages your end-user visits for malware or viruses.

This of course begs the question which anti-malware or anti-virus software should you be using with your proxy. It's a tough question if the proxy is new to your network, or if you haven't run an anti-malware package with your proxy before.

Almost every organization out there is already running anti-virus and anti-malware for email and desktops. Deciding which package to run for web, depends on what you're trying to accomplish. If you need an extra layer of protection, and the desktop package already scans web pages, you probably want to run a different vendor on the proxy so that you get an added layer of defense.

The other thing you should look into, is how much CPU each vendor uses, and how easy it is to write policy to determine what gets scanned, so that not everything is scanned (e.g. radio streams, video streams should probably not be scanned). In addition cost, reputation, and actual catch rates will be factors in your decision. There's one site out there, avtest.org that rates the catch rates for the various anti-virus and anti-malware vendors and may be a good starting point for research. Of course not all vendors will agree with the results from this site, and it's also important to research false positive rates as well. The right answer for anti-malware and anti-virus packages will be different for each organization, so be sure to do your research when you select the package to work with your proxy.

No comments: