On October 5, 2006 a company in the UK, GFI, issued a press release titled "GFI warns one anti-virus engine is not enough to protect your business". They have recently published a report saying that one antivurs software is no longer sufficent for an enterprise. The report quotes "According to the 2006 FBI Crime and Security Survey, 97% of organizations have anti-virus software installed, yet 65% have been affected by a virus attack at least once during the previous 12 months. Network World cited studies that placed the cost of fighting Blaster, SoBig.F, Sober and other email viruses at $3.5 billion for US companies alone. Similarly a 2006 study by the British government found that 43% of companies in the United Kingdom were infected by viruses during 2005."
Their solution is of course their own product which can manage several different anti-virus vendors. Their thinking is that more is better.
While there may be some merit to this idea that the anti-virus software from one vendor might not catch all malware, there is no way that even with the best, most up to date, antivrius system in the world, that this will be enough.
A janitor who installs a hardware keyboard logger on your key users' computers at night, completely files underneath all the enterprise radar. A criminal with a sound dish can now record your office keystrokes and quickly depcipher your id and password.
The answer is to have a layered identity defence. "Battling Botnets and Rootkits - A Layered Identity Defense" describes the overall architecture required.
Beware vendors who claim their one product will solve the problem. It is likely to be breached.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us