I work for a large company and I am currently evaluating endpoint
security products for our Windows workstations to replace what we
currently have. I would also like to incorporate least-privileged
access as part of the recommendation to management. We've got several
thousand computers and a lot of remote sites connected via WAN back to
our main headquarters. The bulk of the computers are at the remote
sites, and each site has a server which among other things is the
local AV slave server.
On the endpoint security side of things, I've narrowed the list to
several vendors: Cisco (CSA), CA eTrust, F-Secure, Kaspersky, McAfee,
Symantec and Trend Micro. My question on this front is what successes
or failures have you had implementing endpoint security in a large
organization? Specifically, has anyone replaced AV suites with a
product like CSA? (Budget is a concern, there may be room for only one
or the other, obviously having both would be best.)
On the least privileged access front, has anyone had any success with
running as non-admin? We run some critical legacy applications as well
as some Citrix stuff and a lot of our programs won't run as admin in
their current state. I've started doing a little research on the LUA
front and I'm going to try out LUABuglight to see how extensive the
issues are. Basically I would like to know if there any manageable
programs out there that either (a) invisibly force admin users to run
certain programs as a low-privilege user (like DropMyRights for the
enterprise) or (b) provide a RunAs solution that actually works while
maintaining user account information for auditing purposes.
We've had some problems trying to implement LUA in the past so this
situation is particularly touchy. It has to work well, and it has to
work the first time. I've been testing DropMyRights with IE, Firefox
and Outlook and I think I can get management to replace some shortcuts
(our remote sites have mandatory desktops) but I'm looking for
something a little more robust.
Thanks for any help you can provide.
