All reasons to choose Dr.Web Enterprise Security Suite

• As practice shows, workstations and servers are the most vulnerable points of a LAN. They are often used to propagate viruses and spam. Viruses can penetrate computers in different ways: from user flash-drives, from password-protected archives attached to email messages that go unscanned on the server, and from compromised websites that users access by following links from incoming messages (for more information, see the section Points of intrusion into a corporate network).
• Not only do computers under Windows OS require protection but also those under the Linux and Unix, as well as macOS OSs. Even if malware cannot compromise these OSs and the applications running on them, once it penetrates unprotected computers, it can use these systems as a source of infection (for example, through shared network resources).

Employing an anti-virus as the sole means of protecting workstations is a common error. An anti-virus removes harmful files, but it can only eliminate virus threats known to its database or threats that can be detected with a heuristic analyser. The anti-virus won't be able to detect or remove an unknown threat until its database receives the appropriate update.

According to existing standards, each workstation should be protected by:

• An efficient anti-spam - To filter spam, the main source of malware;
• HTTP-traffic filtering - To protect against malicious code from web pages;
• A system for restricting access to removable media and local network resources (Office Control) - To prevent infections from flash drives and other removable devices;
• A personal firewall - To protect against unauthorized access through the network;
• Control Center - The system should not let employees change the settings under the pretext that "everything is slowing down."

Today a large portion of computers found on company premises do not belong to the company. These are employee laptops and smart phones. People who are dedicated to their jobs work not only in the office but also during their commute and when at home. They often sacrifice hours of rest while staying connected. Such an approach suits many businesses. Many companies use outsourced employees to save money.

But a coin has two sides. In other words, everything comes with a price. In the past, such an approach guaranteed the desired level of security since system administrators controlled every single device at the company's disposal. But now that’s impossible.

Threats

• Almost two-thirds of employees (63.3%) remotely access a corporate network from personal devices, including mobile phones.
• Up to 70% of infections get into a corporate environment from personal laptops, netbooks and ultrabooks, mobile devices, and removable media (flash drives) that are often brought from home.
• Around 60% of home computers are unprotected! So outside their offices, people work with devices that are prone to being compromised by hackers. The applications people use may have vulnerabilities, and their computers can be infected with viruses and Trojans. And yet these people regularly access company networks.
• This greatly increases the risk of data leaks and the unauthorized modification of company data.

Facts

Employees may be good at their professions, but they are not experts in anti-virus protection and often operate under certain illusions.

It is in a company’s best interests to ensure the security of all the devices used by its staff, regardless of where they are used and who owns them.

To do this, companies need to ensure:

• That any information on employee devices is protected;
• That viruses and Trojans cannot be propagated from employee devices;
• That all devices, including mobile phones, are protected; just one device left unprotected can serve as a backdoor for criminals.

But employees also use their personal devices for personal reasons!

And they can allow their children to use their laptops, spend an evening in a social network infested with viruses, and download and install a music file from a suspicious site. In such cases, how can one speak of a company’s data being secure?!

When using Dr.Web Desktop Security Suite with the Control Center, you can do the virtually impossible - you can protect any device so that both the company and its employees will come out ahead.

Benefits for the company

• Employee loyalty. A free anti-virus makes a great gift
• Establishing protection is made less expensive.
• It's possible to control any protected computer from one location.
• Employees can work all over the world and still enjoy equal protection.
• Data security guarantee.
• Reduction of downtimes due to infection.

Employees are no longer within the perimeter of the company's protection, and it's impossible to move them back into it. And it's not necessary it’s reasonable to expand an office perimeter and the employee spaces within it.

Threats

• The number of threats to mobile OS is growing at a catastrophic rate with the increasing number of devices in use.
• So-called banking Trojans already exist for mobile devices.
• Mobile devices can be lost/stolen. Your information (passwords and logins for accessing corporate resources) can be stolen by hackers.

Solution

When purchasing Dr.Web Desktop Security Suite, you can use Dr.Web Mobile Security Suite for free to protect your mobile devices running Android. For example, Dr.Web for Android includes the following components:

• Anti-virus - To deflect malicious files that are designed to monitor your movements, contacts, and communications.
• Anti-theft - To protect against the loss of the mobile device. If the device is stolen or lost, you can remotely remove all data.
• Anti-spam - To protect against unwanted messages and calls, and devastating SMS Trojans.

Threat

Normally, companies only protect employee computers, leaving servers, mobile devices, and employee home computers unprotected. Once it has penetrated workstations, a virus breaks loose and can easily access servers containing critical information.

Why is it important to protect servers?

• A user can infect a server with an unknown virus (while bringing it to or having run it from storage). An anti-virus will detect it right away using heuristic mechanisms. Or it will at least cure the virus during the next update.
• A server can be hacked. An anti-virus will prevent this: it will detect and destroy malicious programs. If a server is running under a centralized control system, the administrator will be notified as soon as a workstation’s status has been changed (for example, during an attempt to stop the protection system).
• Digital technologies are widespread in the modern world. Users can work not only in an office but also at home; they can store data on a company’s file servers and on Internet file servers. Use their flash drives, including those received from their friends and colleagues at work. These removable media devices can carry viruses.
• Modern cell phones already have the same features and vulnerabilities that PCs have. They run OSs and use applications that may also be compromised. From these devices, viruses can penetrate a corporate network and access the server.

Solution

The Dr.Web Control Center allows an anti-virus protection system containing any quantity of file servers running Windows, macOS, Unix (Samba), Novell NetWare, and Novell Storage Services, to be managed centrally.

1. The Dr.Web Control Center significantly reduces costs and improves the security of company business processes:
   • Due to the stable and secure operation of the corporate network (one that is free of viruses and spam);
   • Restricted personnel access to the software settings ensures full compliance with security policies for all protected computers (for example, employees cannot disable virus database updates or visit websites for personal reasons during business hours);
   • Due to spam-free employee mailboxes which can take a lot of time to clean up. The effectiveness of rejecting spam reaches 97%-99%.
   • Dr.Web Office Control tools, which are intended to control employee access to web pages, will prevent them from spend time on their personal affairs during business hours;
   • Dr.Web Desktop Security Suite Comprehensive Protection includes an effective anti-spam. Unlike anti-spam solutions that require daily training, the intelligent Dr.Web anti-spam starts working without any training or configuration. This will give the system administrator time to handle other pressing problems.
2. Companies that employ the Dr.Web anti-virus protection reduce their Internet expenditures and control the actions of their employees.

Solution

With Dr.Web centralized control, you can:

• Create Internet access policies for single users and user groups;
• Stop attempts to visit unwanted pages such as social networks, online shops, and gaming sites.

Reducing the risk of discrediting the company

• Office Control (available when a license to Dr.Web Desktop Security Suite Comprehensive Protection has been purchased) can be used to prevent personnel from using removable data storage devices (e.g., flash drives, USB devices), network devices, and individual files and directories; this keeps corporate data and important information safe from deletion or theft by intruders.
• Employee ‘ingenuity’ is often the reason company computers become part of botnets and a source of spam themselves, which harms the company's image among its partners. The anti-spam included in a Dr.Web Desktop Security Suite Comprehensive Protection license significantly reduces the risk of the company being discredited by being placed on blacklists and disconnected from the Internet for sending out spam.

The most common cause of all kinds of computer incidents is a lack of knowledge about computer security. Only a knowledge and understanding of computer security can reduce the number of incidents and guarantee the effectiveness of an anti-virus protection system.

To ensure information security systems built on the basis of Dr.Web products operate most efficiently, programs have been developed to train and certify company computer network security specialists (system administrators and users). Doctor Web developers are involved in creating the training courses. During these independent, distance-learning courses, company employees can learn the fundamentals of computer security and the principles of how Dr.Web anti-virus software functions. The training course, exam, and course certificate (issued after the exam is passed) are free.

Centralized management of the Dr.Web anti-virus protection system makes it possible to:

• Quickly manage the network security system at any time, from anywhere in the world, just from the browser of a computer regardless of its operating system, and with no need to install additional software;
• Implement a company-specific security policy without having to configure each workstation’s protection components;
• Ensure that employees cannot disable the anti-virus or its separate components, which would inevitably reduce the level of protection;
• Ensure that the anti-virus operates with the settings specified by the network administrator;
• Assign tasks to workstations;
• Install updates and configure an anti-virus protection system;
• Schedule and remotely run regular scans, both on administrator demand and according to a schedule;
• Monitor the regularity of updates and ensure that they cannot be disabled;
• Collect and analyse information on anti-virus protection system health, and generate reports for a specific period of time;
• Notify administrators and users about the health of the protection system;
• Respond in a timely way to emerging virus problems, which in turn reduces the risk of network infection and company financial losses caused by personnel downtimes, data losses, Internet connection breakdowns, and business partner computers being impacted;

Dr.Web Enterprise Security Suite can be used even in networks with a complex topology; for example, if anti-virus agents do not have direct access to the ESS server and there is no packet routing between them (the internal LAN is logically isolated from the Internet).

A proxy server ensures direct access. A proxy server can also be used to significantly reduce network traffic (traffic optimization) and make updates of anti-virus agents faster because the proxy server supports the caching of updates and the components of the anti-virus agents.

Using traffic compression technology (optional on the service server) is not an obstacle to using a proxy server. Information transferred is processed regardless of whether the traffic is compressed.

Threats

1. Mail traffic is the main transporter of viruses and spam. If malware infects a computer, it can access an employee's address book which, along with contacts of other employees, may contain addresses of customers and partners; in other words, the infection won't be confined to the corporate network but will spread beyond its borders.
2. Carelessness, negligence and ignorance of the simple basics of computer security are often the reasons why computers become a part of botnets and a source of spam, a situation that damages a company's image, can get it on black lists, and possibly force the provider to disconnect the company from the Internet for sending out spam.

Risks

Using an anti-virus that has no anti-spam:

• Increases the risk of the corporate network getting infected by viruses that have penetrated through the spam;
• Reduces the performance of all employees who receive mail and must spend time clearing their mailboxes of spam.
• Leads to losses in worker productivity, disruptions in staff duty fulfilment, and delays in the company fulfilling its obligations towards its customers and partners;
• Makes employees less attentive and more tired because of distractions;
• Evokes irritation on the part of company personnel who are displeased with the system administrator's inability to cope with the problem.

Solution

Dr.Web anti-spam, included in the SpIDer Mail monitor that comes with a Comprehensive Protection license, scans messages before they are downloaded by a mail client and prevents malware from exploiting software vulnerabilities. Its operation does not affect overall system performance. The effectiveness of rejecting spam reaches 97%-99%.

Dr.Web Anti-spam has a number of indisputable advantages:

• The anti-spam doesn’t require training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as it is installed;
• It detects spam messages regardless of their language;
• Actions can be customized for different categories of spam;
• It uses its own white and black lists, which makes it impossible to discredit companies by deliberately adding them to lists of unwanted addresses;
• Low number of false positives;
• Requires updating only once a day, thus saving bandwidth. Unique spam detection technologies based on several thousand rules eliminate the need for downloads of frequent and bulky updates.

Read more about Dr.Web anti-spam.

Solution

Centralized anti-spam configuration is performed in the Dr.Web Control Center.

The mail flows passing through a workstation and a server are not the same.

• Users (or the programs they agreed to install without knowing their functionality) can send and receive messages:
  • Directly to Internet mail servers (via SMTP), if port 25 is open in the network;
  • To mail services like mail.ru/gmail.com — via POP3/IMAP4 protocols.
• Users (or the programs they agreed to install without knowing their functionality) can send messages over secure channels, and the server will not be able to check them.
• A server (or the programs installed on it) can create its own mailing lists and notify senders and recipients of various events independently.

Therefore, it is necessary to filter spam at both the mail server and the workstation level.

Centralized control over regular scans of workstations

Solution

The Dr.Web Control Center makes it possible to centrally enforce a security policy for conducting regular scans:

• Run/stop unattended scans of a workstation;
• Specify scan paths;
• Specify any necessary group and individual scan schedules, i.e. scan the system at a time convenient for employees.

Additionally, the Control Center allows the user to start/stop any agent components (except SpIDer Guard).

Threat

• With a huge number of new viruses appearing daily, there is no way that an anti-virus can recognize all of them — the risk of infection with an unknown virus is always present.
• Email is no longer the main source of infection even in highly protected environments. It has been superseded by removable media, particularly by flash drives.

  Important!

  Removable media includes not only flash drives but also any USB device. A virus can be transmitted from one PC to another even using a camera or a portable media player.

• Trojans are today’s most common threats. Unlike viruses, Trojans cannot replicate themselves without user intervention. People spread Trojan horses from one PC to another via flash drives.
• The constant threat of viruses penetrating the corporate network diverts system administrators from performing other tasks necessary for the development of the company.

Dr.Web Office Control access restriction system:

• Defines the files and folders on the local network to which an employee may have access, and prohibits access to those that are off-limits, i.e., this prevents data and sensitive information from being deliberately or intentionally damaged, deleted, or stolen by attackers or insiders (i.e., employees seeking access to confidential information);
• Restricts or completely prohibits access to Internet resources and removable devices, and therefore, excludes the possibility of a virus invading via those sources.

The above steps are effective but still not sufficient, as an employee can find and disable these settings.

Solution

The restriction of access to removable devices is centrally configured in the Dr.Web Control Center.

Threat

To do their jobs, people need to be able to read news and stay informed. The danger is that most employees:

• Access the Internet from office computers;
• Perform their tasks under an administrator account in Windows;
• Use weak passwords that can be easily cracked
• Do not install security updates for programs they use.

Uncontrolled Web surfing increases the risk of data leakage and unauthorized modification of sensitive data.

Which websites are more likely to be sources of malware and phishing attacks (in descending order of incidence)?

• Sites related to technologies and telecommunications
• Business sites: business outlets, business news portals, accounting-related sites and forums, online courses/lectures, services to improve business efficiency
• Adult-content sites

Solution

Composite Dr.Web protection is recommended to protect your system against infection when visiting a malicious website.

Viruses and spam are the main threats to a company’s security, regardless of its size. Analysing corporate network security, taking preventive measures and overcoming the consequences of virus attacks are daily responsibilities for IT personnel. Reducing downtimes caused by malware is a key task for system administrators. The efficiency of an entire company’s business routines and its positive image as a reliable partner depend on the successful accomplishment of this task.

Threat

• Downtimes per user average two hours per month.
• The higher an employee’s position — the more costly the downtime.

Time spent waiting for a problem to be resolved, resolving the issue, and searching on one’s own for a solution may have unpredictable consequences including data losses.

Solution

If you use Dr.Web, downtimes caused by viral incidents are reduced to a minimum. This frees the system administrator to address other pressing issues.