Attachmate teams with Trend Micro for enterprise anti-virus

Those disruptions--and their potentially high costs--have prompted organizations to move anti-virus protection beyond the desktop to include servers and Internet gateways, and to seek centralized control and management of their anti-virus efforts.

Attachmate Corp. learned the hard way. Attachmate, a worldwide supplier of enterprise information access and management software, was hit hard by the Melissa virus back in March 1999. Despite having McAfee VirusScan 4 protection on its clients, about 15 percent of the company's 700 employee desktops at the company's Bellevue, Wash., headquarters were infected with Melissa. In a recovery effort that took days, Attachmate discovered that not only did it lose data, but in many cases it had to wipe drives and reinstall operating systems and applications because recovery was impossible.

At that time, Attachmate mandated employees use desktop anti-virus software, but administrators had no control over who used it, upgraded it, or uninstalled it. Employees were taking matters into their own hands, often disabling the anti-virus software because it slowed down their systems or interfered with applications. As a result, Melissa wasn't the last of the company's virus problems.

"We realized we had a huge problem," says Attachmate senior network administrator Randy Brown. Brown and the IT team decided to add another layer of protection, one that would detect and remove viruses hidden in e-mail attachments.

Brown evaluated products from several vendors, including McAfee, Symantec Corp., and Trend Micro Inc. "We opted to go with McAfee because we had a longstanding relationship with them and they gave us a good deal on products," he says.

The company first purchased McAfee's GroupShield Exchange for Microsoft Exchange and deployed it on 20 Compaq Proliant 1600 servers worldwide. The product didn't play well in Attachmate's environment, however. According to Brown, it caused servers to slow down, users had trouble opening e-mail while the anti-virus software was scanning, and, on some occasions, things just stopped working. "The bottom line was that we ran into more problems with it than without it," he says.

Resolution from the vendor wasn't forthcoming. After getting hit again by another virus, company executives were convinced that something had to change. Attachmate, just midway through a multi-year contract, decided to cut its losses and swap out GroupShield Exchange.

From his evaluation of anti-virus products, Brown had learned that Trend Micro's products were highly regarded in the industry, while his peers had less than rave reviews for Symantec's anti-virus solutions. Brown acquired Trend Micro Inc.'s ScanMail for Microsoft Exchange. "We deployed it on our 20 Exchange servers and the product worked beautifully," he says. It took about two days to remotely load the 20 servers, including a few overseas. From that point on, Trend Micro became Attachmate's vendor of choice for its enterprise anti-virus strategy.

Content with the performance of ScanMail on the company's Exchange servers, Brown is looking forward to a planned upgrade to Exchange 2000 from the currently installed Exchange v5.5--which will also necessitate upgrading server hardware, as well.Early this year, Attachmate took a bigger step and purchased NeaTSuite, Trend Micro's comprehensive virus protection suite for Windows NT. In addition to the two components he was already running, ScanMail and Trend Virus Control (a single-point management console), the suite includes InterScan VirusWall for virus protection at the Internet gateway; ServerProtect, server virus protection; and OfficeScan Corporate Edition, for centralized, Web-based, real-time desktop virus protection. Brown added Interscan eManager, also from Trend Micro, for content scanning.

According to Brown, the company set up four OfficeScan servers on Compaq Proliant 1600 hardware: one at company headquarters in Bellevue; one at the company's European hub in Paris, France; another in Attachmate's hub for Asia-Pacific in Melbourne, Australia; and another in a remote field office in the U.S. Each server provided a Web-based installation routine accessible to users via Attachmate's corporate intranet. Users simply had to access the company's anti-virus Web site, register, click on a link for installation, and an ActiveX script would kick off installation of the new anti-virus software, which would also uninstall any previously installed anti-virus software.

Brown was able to keep track of how many clients installed the new security software remotely and, over the course of a couple of weeks, saw that the lion's share of desktops had the OfficeScan product installed.

At the same time OfficeScan was being installed, Brown began deploying ServerProtect to the company's 150 servers worldwide. The print, file, application, and terminal servers are mostly Compaq Proliant 1600s, with a few 3000s and a handful of 1850s included in the mix.

"The entire deployment was done remotely and slowly because we had problems in the past when we rolled out anti-virus software on our servers," he says. According to Brown, anti-virus software previously deployed on the servers caused them to slow down dramatically.

The first servers the company tackled were older print and file servers. The installation went smoothly and the servers worked fine. Brown continued installation of ServerProtect on about 80 servers when self-propagating worms Code Red and Nimda hit in August and September. Trend Micro's software passed the test--no incidents of infection were reported. The company did, however, have problems on some Microsoft Internet Information Servers (IIS) that didn't have the security protection software, which prompted the network team to step up its IIS maintenance with hot fixes, service packages, and upgrades.

"Having had some bad problems with server installations in the past we were very hesitant to install ServerProtect on our major production servers, and developers pushed hard [for us] not to touch the product development servers," he says. But Code Red and Nimda prompted Brown and his team to finish installing the virus protection software on the majority of servers, including those for development, an intranet, an SQL database, and other applications.

"Our enterprise anti-virus strategy is a huge success," says Brown. While he admits that his team encountered some problems along the way, they were minor issues that, with great vendor support, were easily resolved.

With an enterprise anti-virus strategy in place that protects corporate data as well as the entire network infrastructure, the company enjoys running typical corporate applications, as well as newer ones such as streaming media.

From a cost perspective, Attachmate says that enterprise anti-virus protection is a small price to pay for the security the solution provides. "In my mind, the cost of the solution covers the cost of a single virus outbreak," says Brown, which can run a few hundred thousand dollars. For example, when the company was hit by a virus in the past, 15 people wasted at least one whole day, and some worked two or three days to clean up the damage. While these network professionals were dealing with the virus, they weren't able to attend to other IT issues. Nor were employees able to work as usual because an entire Exchange server would have to be shut down. "Everyone was impacted by the virus, not just those desktops that were infected," says Brown.

With single console management of the virus protection software, Brown has gone from having zero anti-virus visibility to being able to see which machines have anti-virus software and where the protection has been disabled. He can push virus signature updates to users before a new virus hits and schedule scans centrally.

"All this capability that we have now compared to the what we didn't have before is like night and day. We've gone from being reactive to proactive," says Brown.

What antivirus solution has worked best for you? TalkBack below or e-mail us with your thoughts.