by Neil MacDonald | March 4, 2011 | Comments Off
I’ve had several calls recently where clients are looking to switch their endpoint protection platform vendor from one provider to another because they’ve gotten infected and they believe that switching vendors will provide them better protection. The scenario is usually goes something like this: they are using vendor X, got infected, scanned the machine with a solution from vendor Y that detected and removed the issue. So, they want to switch to vendor Y.
Before getting into the pros and cons of switching vendors in my discussion with clients, I always check to make sure they are doing the basics right:
- Are the systems kept up to date with patches?
- Are we patching further up the application stack to include things like Adobe and other common desktop elements?
- Are users configured with standard user rights?
- Is traffic being filtered for malware at the edge between the user and the Internet – specifically email and web security gateways?
It’s a lot like having a problem with muddy carpets and wanting to switch vacuum cleaners to one that removes more of the mud. If you don’t start with the basics, you’ll still have a problem with muddy floors even after you switch vacuum cleaner providers.
Our focus should be on eliminating the root causes. How is the mud getting into the house to begin with? Why aren’t we removing the mud at the door? Do the users (kids) know to avoid playing in the mud? Even if mud gets in, why aren’t the carpets coated with Teflon?
The vacuum cleaner (and signature-based antimalware protection) only treats the symptoms, not the root cause. Switching vendors may make us feel better, but until we start tackling the root causes, we’ll still be getting infected… and mud on the carpets.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.