Centralized Anti-Virus Management is Becoming Critical

ATLANTA -- Centralized management of the desktops and servers scattered throughout an enterprise is growing in importance, but when it comes to anti-virus software the practice is critical.

Posting corporate policies or sending out blast e-mails won’t do the trick, there is always that one employee who never pays attention to the warnings and probably doesn't understand the importance of updating anti-virus software. This one clueless user, or just the fear that one may exist in the enterprise, can cost IT departments thousands of dollars. The situation forces IT managers to have their people go to every machine and update anti-virus software themselves.

Anti-virus vendors are trying to help by strengthening central management in their tools. These tools push software to the desktop to install automatically. The tools can also monitor the software on each user’s machine and determine who has the latest update and who doesn't.

In addition, managers can schedule enterprisewide sweeps for viruses or target a specific machine, and they can even take out icons from desktops so users don't know the anti-virus software is there.

Symantec Corp.’s (www.symantec.com) Norton AntiVirus (NAV) Corporate Edition 7.0 and Symantec System Center were unveiled at Networld+Interop last month. Combined, these solutions offer centralized management. Network Associates Inc. (www.nai.com) and Trend Micro Inc. (www.trendmicro.com) have similar solutions on the market.

"Policy violations are a big reason for spreading viruses," says Gary Ulaner, senior product manager for Symantec System Center. "System Center allows managers to lockdown configurations and scheduled scans." System Center fits as a snap-in to the Microsoft Management Console (MMC) and Tivoli Enterprise Console.

Centralized management of anti-virus protection has been evolving over the past few years. Trend Micro released its Trend Virus Control System in April 1998 and Network Associates was on the map with its Management Console in February 1997, granted neither had all the bells and whistles that are available today. Dan Schrader, vice president of new technology at Trend Micro, says anti-virus products started out as single DOS-based software so they weren’t able to fit the enterprise architecture until recently. Schrader says the industry still needs to grow up.

"You should be able to effect changes on the machine you're configuring and lock them down so people can't change them," Schrader explains. "You should be able to do it in real time so people can't see what you're changing. Anti-virus should be directory-enabled products."

Most importantly, Schrader says, anti-virus software should integrate with other security products, such as firewalls and intrusion detection. For instance, if anti-virus software detects that a user accidentally downloaded Back Orifice, the intrusion detection software should be notified because hackers may soon be scanning the network for that machine.

Schrader says most of his customers didn’t know the ability to centrally manage anti-virus software existed and were blown away by their introduction to it, immediately accepting it as a mission critical function of the network.

"Right now, the biggest thing we see is manageability because the networks are getting bigger," says Martin Skov, product marketing manager at Network Associates. "So many new viruses are coming in every month, so the centralized management piece is very critical."

Another useful aspect of centralized management is reporting. To be able to know exactly what, how many and where viruses are attacking is crucial to proving to management that the expense is worthwhile.

The next step for anti-virus vendors is to work with service providers to integrate security before communication even gets to the corporate network, possibly becoming service providers themselves. "I fully expect that over time anti-virus vendors will be giving away the client software and focus more on the server and services," says Chris Christiansen, analyst with International Data Corp. (IDC, www.idc.com). "All long-term anti-virus business will morph into a services business. Even today, an anti-virus product is only as good as its last update."