Originally published on May 31, 2011 in our free BigLaw newsletter. Instead of reading BigLaw here after the fact, sign up now to receive future issues in realtime.
I wish it were otherwise, but malware isn't going away. If your midsize or large law firm doesn't have a comprehensive and layered defense in place to prevent infections, you run the risk of your firm's data being exposed, the personal (and too often financial) information of your employees being compromised, your billers losing valuable time from the infection itself or its remediation, and the malware "cleanup crew" in your IT Department developing nervous twitches.
This issue of BigLaw first lays out the basics for those of you in management (you can stop there), and then delves into some of the nitty gritty details for those of you in the IT Department.
The Basics: What You Need to Keep Your Firm Secure
A sound defensive strategy for your firm should include all six of the following protections at an absolute minimum.
1. Hardware firewall protecting your LAN.
2. Web-filtering server/proxy/appliance for all internal Web browsing. For example, Websense or Microsoft Forefront.
3. Anti-spam (and anti-malware) hosted email services (which can also queue your mail in the event you have an ISP or mail server outage). For example, Postini or Barracuda Networks.
4. Anti-malware client on all of your PCs. For example, Microsoft Forefront Endpoint Protection (FEP), Symantec, Kaspersky, ESET, or Sunbelt.
5. A software firewall on all of your PCs. For example, Windows Firewall or ZoneAlarm.
6. User Access Control (or UAC) on Windows Vista and Windows 7 PCs. Learn it. It's your friend. Don't disable it.
Servers: 64-Bit Can Prevent a Performance Hit
Admittedly, some folks turn off UAC and the Windows Firewall because they "get in the way." I would humbly suggest that you can't afford to permit that. But what can get even stickier is whether you take it any further than these core defenses. The following four options are often skipped because of the CPU and I/O overhead they can introduce in the server and client environment respectively.
1. Anti-malware on Exchange.
2. Anti-malware on SharePoint (because of the high volume of user-originated content).
3. Anti-malware on other Windows Servers in your environment — especially file and Web servers.
4. An endpoint Web filtering/protection product on all of your PCs for safe-browsing off-LAN. For example, ZoneAlarm, or Websense's Data Security products.
I am not here to preach. Okay, well, I guess I am. As such, I strongly recommend reconsidering your decision not to have antivirus solutions in place on your most vulnerable server environments.
Once you make the jump to Exchange 2010, your 64-bit hardware should have more than enough juice to fulfill its own mission as well as carry a slight added burden of providing anti-virus scanning. If you absolutely refuse to install antivirus on your mailbox server(s), you can always install it on your edge transport server(s). Read some of Microsoft's own thoughts on the matter.
Clients: Microsoft's "Free" FEP v. The Competition
No matter the complexity or simplicity of your solutions and policies, the most critical (and vulnerable) component of your layered defense is ultimately where the rubber actually meets the road (or more accurately: the user meets the Internet) — the anti-malware client installed on your user PCs.
Why is the word "free" in quotes above? Well, if you want antivirus on your home PC, or if you have a home-based business, then Microsoft Security Essentials (same product as FEP minus the ability to centrally administer it via System Center Configuration Manager (SCCM) is a truly free anti-malware product. If you fall into either of those two "home" classifications, go for it.
But importantly for this newsletter's audience, FEP is included under the Core CAL license (I assume that, as a medium to large firm, you have a volume licensing agreement including at least the Microsoft Core CAL license). If you are an Enterprise License customer, you are licensed for nearly the entire Forefront Architecture (Exchange, SharePoint, Lync Server, Unified Access Gateway, Exchange Online, etc.) minus only the Threat Management Gateway, which you must license separately.
But does FEP work as well as Symantec, Kaspersky, ESET, or any of the other products out there? From our firm's anecdotal experience, yes!
We have not discerned any observable drop in our protection since shifting to FEP from Sunbelt's Vipre. And even if we (hypothetically — which is not a foregone conclusion) lost a tick in performance, we would have made up for it in the improved manageability of having the updates all feed through our Windows Server Updates Services (WSUS) server and all administration and reporting effected through SCCM. (If you are already using SCCM then you could have FEP deployed today, by the way. The SCCM deployment packages for FEP are included on the install media you can download from the Microsoft Volume Licensing Service Center.)
Anecdotally, we have encountered situations in which FEP found something that Vipre didn't, just as there were situations in which Vipre found something that Symantec didn't (back when we switched to Vipre) — and vice versa. But if you'd like more than anecdotal support for justifying the switch, I think you'll find that, performance-wise, while there are a handful of products out there with a better track record, FEP is better than most, and within easy striking distance of even the best.
All large firms today have volume license agreements in place with Microsoft. To do otherwise would be financially irresponsible when you consider the per-seat cost savings alone — never mind the additional training and support benefits that come with a volume licensing agreement.
So why not take advantage of what your firm already owns? Historically, the answer you might have given is "Because I can get a better product from …" (Symantec, Kaspersky, etc.). But Microsoft's new anti-malware product is, if not at the very top of the standings, at least a solid and legitimate player in the field. And the advantages of its tight integration with SCCM, WSUS, and your Windows-based PC's native Windows Update infrastructure, give it a true edge over the competition.
Written by Matthew Berg, Director of IT at Wolf, Greenfield & Sacks, P.C..
How to Receive BigLaw
Many large firms have good reputations for their work and bad reputations as places to work. Why? Answering this question requires digging up some dirt, but we do with the best of intentions. Published first via email newsletter and later here on our blog, BigLaw analyzes the business practices, marketing strategies, and technologies used by the country's biggest law firms in an effort to unearth best and worst practices. The BigLaw newsletter is free so don't miss the next issue. Please subscribe now.
