Mediaboss Marketing

Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: "Commercial host-based security software (i.e. AV) is more or less the same as free security software."

It turns out that 36% of security professionals either "strongly agree" or "agree with this statement, while another 25% are sitting on the fence (i.e. they neither agree nor disagree with the statement).

This is especially interesting as it relates to additional data from the project. Just over half (51%) of organizations plan to add new layers of endpoint security software as part of their cybersecurity strategy moving forward, in order to better protect themselves against modern malware.

Unfortunately, this will mean allocating more money for endpoint protection, right? Maybe not. Inquisitive information security executives wonder if they can alleviate this budget increase by simply substituting commercial AV with freeware options from companies like AVAST, AVG, and even Microsoft. By doing so, large organizations can shift existing budget dollars away from commercial AV to advanced anti-malware solutions from vendors like Bit9, Bromium, Cisco/Sourcefire, Cylance, Malwarebytes, and Triumfant.

Beyond money, this model may have some additional benefits, as it:

1. Supports BYOD. As organizations embrace BYOD, they can simply transfer AV acquisition and management to end users as part of the process. In this case, employees buy their own PCs but are required to download and install free AV before gaining access to the network. This policy could also be applied to mobile devices like tablets and smart phones.

2. Aligns with Endpoint Visibility, Access, and Security (EVAS) initiatives. Driven by mobile computing, many organizations are using EVAS tools for access policy creation, endpoint status monitoring, and granular policy enforcement (think Bradford Networks, ForeScout, Great Bay Software, Juniper Networks, and the TCG). As intelligent EVAS tools are added to the network, free and up-to-date AV software can become a "checkbox" requirement for network access.

3. Offloads and automate IT operations tasks. Aside from the capital cost of commercial AV software, IT security and operations folks are responsible for operating costs associated with software installation, configuration management, signature distribution, etc. Free AV policies and processes could alleviate these IT operations burdens, replacing IT tasks with freeware, vendor update services, and automation.

As attractive as these benefits seem, there are still risks associated with a free AV strategy. CISOs must also consider:

Read the original post:
Are Enterprise Organizations Ready to Use Free AV Software?