VirusScan Enterprise and version 3.5 of McAfee ePolicy Orchestrator.
Christopher Nicholson, senior systems analyst at the 5,000-person company and a frequent beta tester of McAfee products, said he was eager to get the improved features of the new packages. “”We waited about a month from the official release date and then upgraded everything,”” he said. “”We haven’t had any outbreaks at all since we’ve implemented this stuff.””
Before upgrading, he added, “”we were like any other company in Calgary … (outbreaks) would have been on a monthly basis.”” Nicholson estimated that improved protection has saved Husky about one person-month of IT staff time so far.
Detection rates are up, he said, while infection rates have been reduced in the neighbourhood of 95 per cent. And thanks to improved management, about 98 per cent of Husky’s roughly 3,500 desktops, notebooks and servers have completely up-to-date antivirus software and signatures at any given time.
Husky has been using McAfee antivirus software for about 10 years, but Nicholson said McAfee VirusScan Enterprise 8.0i adds capabilities that previous versions lacked. It includes intrusion prevention, port blocking — a capability similar to a firewall — and an unwanted program option that blocks out spyware, adware, remote administration tools and other threats.
An added benefit of the unwanted program option, Nicholson noted, is that Husky can define its own list of programs that are not welcome on its systems. So the company can create barriers against chat software, “”the file sharing junk that everybody and their kid sister has,”” and anything else the company doesn’t want on its computers, Nicholson said.
The 8.0i release is “”a revolutionary product for us,”” said Jack Sebbag, general manager of McAfee Canada. “”Antivirus has always been a reactive technology.”” By adding intrusion prevention, he said, McAfee has given the package the ability to block threats that are too new to be included in its file of virus signatures. In fact, he said, McAfee tested the capability by removing the signature files, and found the software still blocked all exploits that appeared in the past 18 months.
EPolicy Orchestrator is a management tool that includes the automatic signature-file distribution, reporting tools, and the ability to set and enforce policies governing the configuration of computers.
For instance, Nicholson said, Husky can specify that users may not delete or disable their antivirus software, or that programs can’t be launched from a Temp folder.
EPolicy Orchestrator can also spot “”rogue”” systems, such as employees’ notebooks brought in from home or visiting vendors’ machines connected to conference room network drops. The software can report to IT management within five minutes to an hour if an unauthorized system is connected, he said. While this is not a substitute for network authentication, it can be useful, said Nicholson. “”Some people don’t ask, they just plug it in and make the assumption that it’s okay, and the next thing you know, they’re on our network and they’re causing us grief.””
Husky, which has seven large offices and more than 500 smaller marketing locations across the country, has been using an earlier version of ePolicy Orchestrator since November 2003.