How to choose the best antimalware products: Questions to ask vendors

To choose one out of many antimalware products can be difficult and confusing. The following list of critical questions to ask your potential vendor should be considered

    Requires Free Membership to View

before making the final choice of the best antimalware product for your environment:

1. Why should antimalware products even be considered? What attacks does your antimalware product protect against? How does it detect these attacks? It seems that most antimalware technology misses a large number of today's attacks.

2. Does your organization have an in-house research team? How does their work make your antimalware product better than other antimalware products?

3. How does your product rank relative to competitors in third-party evaluations, such as NSS Labs, VirusTotal and others? Do these evaluations reflect real-world situations? Why should we pay for it when so many alternatives are free?

4. How does your product leverage cloud-based services to improve the detection rate? If so, how does that work?

5. What is included in your antimalware suite? Does it include adjacent technologies such as personal firewall, host intrusion prevention and/or full disk encryption?

6. Do you offer non-Windows agents for your antimalware product? If so, why? What are the main threats against a Mac or Linux device? Isn't that just a waste of money?

7. What about application whitelisting (AWL)? How does that technology compare with your antimalware detection and blocking capabilities? Do you offer that as an option? Or can your product interoperate with AWL products?

8. Is your antimalware offering deployed anywhere besides an endpoint? How does your technology work with other network security control points, such as an email or Web security gateway or a firewall?

9. What is the management infrastructure to manage the agents that run on each endpoint device? Does it require a dedicated server to run? How does it scale to 1,000 devices? Ten thousand? One hundred thousand? Does your management console integrate into other security management technologies, such as network access control, configuration and vulnerability management, SIEM/log management, and so on?

10. There has been a lot of noise regarding malware attacks against mobile devices. Does your product have a mobile agent? If so, how does it work with the rest of your product offering? If not, do you plan to offer one? When?

Editor's Note: This article was originally published as premium content in 2012.

About the author
Mike Rothman is an analyst with and president of Securosis, an independent security research and advisory firm in Phoenix. Mike is also the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Reach Mike via email at mrothman@securosis.com or follow him on Twitter @securityincite.

This was first published in May 2013

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.