Problem solve Get help with specific problems with your technologies, process and projects.

How to choose the best antimalware products: Questions to ask vendors

Mike Rothman offers 10 critical questions to ask antimalware vendors when seeking out the best antimalware products for enterprise use.

To choose one out of many antimalware products can be difficult and confusing. The following list of critical questions to ask your potential vendor should be considered before making the final choice of the best antimalware product for your environment:

1. Why should antimalware products even be considered? What attacks does your antimalware product protect against? How does it detect these attacks? It seems that most antimalware technology misses a large number of today's attacks.

2. Does your organization have an in-house research team? How does their work make your antimalware product better than other antimalware products?

3. How does your product rank relative to competitors in third-party evaluations, such as NSS Labs, VirusTotal and others? Do these evaluations reflect real-world situations? Why should we pay for it when so many alternatives are free?

Antimalware vendor list

Below is a representative list of antimalware vendors compiled by SearchSecurity editors.





Central Command

Check Point Software Technologies




eEye Digital Security






Kaspersky Lab


McAfee (Intel)


Norman Data Defense Systems

Panda Security

Shavlik Technologies (VMware)

SonicWALL (Dell)



Trend Micro


4. How does your product leverage cloud-based services to improve the detection rate? If so, how does that work?

5. What is included in your antimalware suite? Does it include adjacent technologies such as personal firewall, host intrusion prevention and/or full disk encryption?

6. Do you offer non-Windows agents for your antimalware product? If so, why? What are the main threats against a Mac or Linux device? Isn't that just a waste of money?

7. What about application whitelisting (AWL)? How does that technology compare with your antimalware detection and blocking capabilities? Do you offer that as an option? Or can your product interoperate with AWL products?

8. Is your antimalware offering deployed anywhere besides an endpoint? How does your technology work with other network security control points, such as an email or Web security gateway or a firewall?

9. What is the management infrastructure to manage the agents that run on each endpoint device? Does it require a dedicated server to run? How does it scale to 1,000 devices? Ten thousand? One hundred thousand? Does your management console integrate into other security management technologies, such as network access control, configuration and vulnerability management, SIEM/log management, and so on?

10. There has been a lot of noise regarding malware attacks against mobile devices. Does your product have a mobile agent? If so, how does it work with the rest of your product offering? If not, do you plan to offer one? When?

Editor's Note: This article was originally published as premium content in 2012.

About the author
Mike Rothman is an analyst with and president of Securosis, an independent security research and advisory firm in Phoenix. Mike is also the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Reach Mike via email at or follow him on Twitter @securityincite.

This was last published in May 2013

Dig Deeper on Security vendor mergers and acquisitions

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.