FAQ | AhnLabs V3 Internet Security
How are the AhnLab products better than the McAfee, Norton and Trend products?
Labor costs are a major concern. How does the AhnLab product address those concerns?
Answers
Q: How are the AhnLab products better than the McAfee, Norton and Trend products?
A: Features: V3 Internet Security 8.0 offers not only anti-malware and anti-spyware functions but also various other functions such as network, web, mail security and PC management. V3 Internet Security 8.0 can respond to various security threats including the latest and most sophisticated ones.
When you see the table below, you can see the various features of V3 IS compared to other venders.
Performance: V3 Internet Security 8.0 provides an integrated security function that is lightweight. The detailed information is as below.
(1) Memory Usage in Idle Mode
The graph indicates the memory usage measured in idle mode after installing and applying the engine/patches of products.
(2) Memory Usage for Manual Scan of General Files
The graph indicates the memory usage measured at manual scan after installing the products (Memory usage measured in clean OS state). This indicates the additional memory usage induced by manual scan.
Q: Labor costs are a major concern. How does the AhnLab product address the requirements for:
A: a. Central deployment and management.
AhnLab can provide central policy management solution that manages the V3 Internet Security series. This solution is called AhnLab Policy Center.
AhnLab Policy Center is a central management solution developed by AhnLab.
It is a security management program that provides central management for various kinds of products installed on a number of computers within the company under a comprehensive and consistent security policy. AhnLab Policy Center centrally controls various security products installed on corporate computers in an effective and efficient manner.
AhnLab Policy Center consists of the following:
- Policy Agent installed on the managed system
- Policy Server and Database Server installed on the server
- Policy Center Admin installed on the administrator’s computer
- Relay Server that handles file distribution of the Policy Server
b. Can the central management system deploy all updates and upgrades?
AhnLab Policy Center can be an update server for all client systems.
All client systems that is installed with V3 Internet Security can get the update files (latest engine/patch files) from AhnLab Policy Center.
Also, you can assign a Policy Server called Secondary Update Server that transmits engine updates for the primary Policy Server in case there are communication difficulties between the Policy Server and the agent computers. Secondary Update Server helps increase the update success rate since the agent computers can access and download the engine updates from the secondary update server even during a communication breakdown.
To minimize any increases in the network load due to the engine updates, AhnLab Policy Center offers the delta update feature that updates only the changed portion of the updates.
c. We need a set and forget system where we know that it is doing it’s job and does not need to be watched unless it notifies us that it needs assistance. How does your product accomplish this goal?
As much as the solution itself, the management of it is equally important. Therefore, the main focus is minimizing the managing resources and points. When APC is installed and the agents are set up and installed in the client system, the agents automatically install the security products (V3 IS). So, the administrator doesn’t have to install the products one by one into the client system. Also, through the Asset Management feature, it is possible to monitor the status of the client system real-time and check whether the security product is installed or not. Moreover, in the following cases, an alert notification is sent to the administrator via email.
- When the APC Server CPU/memory threshold is exceeded
- When there is not enough hard disk free space in the APC Server
- When specific Virus infection is detected
Likewise, after initial installation and policies settings, basic managements do not require much human resource. The administrator can simply conduct reports and real-time monitoring through APC Admin console, and change the policies when necessary.
d. We need metrics and reports for use by the security officer, systems managers and the CTO. What kind of reports can your product generate for these management roles? Please provide samples.
AhnLab Policy Center supports a reporting feature which prepares reports of recorded information based on the various recorded information registered in the database of Policy Server.
Policy Center Admin provides various report views. Through Report View, you can view reports in various formats using Detailed Data View, Summarized Data View, Chart View, HTML View, and Filtering Data View.
Statistics HTML Report provides the administrator with a wide variety of log data stored in the Policy Server – such as the policies delivered to the agents, network status and virus infections data. Graphs and statistics are viewable as an HTML file, enabling the administrator to identify the policy and security trends and save the data.
Click here to download a sample.
Besides APC, all AhnLab products for businesses provide report/statistic features. Even in the case of AhnLab TrusGuard, the network security appliance, the LogServer and LogReport solutions provide various reports and statistical data.
TrusGuard does not have HDD because HDD I/O failure can be a critical issue of hardware malfunction. Therefore, TrusGuard provides an extra software that can save logs and monitor detections/preventions, and analyze security events including firewall, IPS, anti-virus, and anti-spam, all through a “Single Interface.”
Log collection/storage/report
Security threat analysis
Graphical display
50 types of security reports
User-defined integration
report configuration
Moreover, AhnLab has a specialized research center called ASEC (AhnLab Security E-response Center). ASEC is an emergency response organization composed of malicious code analysts and security experts. It monitors and responds to malicious codes and security threats from all over the world 24/7. We provide monthly reports made by ASEC which contains the latest security trends.
e. How is the initial software installed? Initial installation may be between 20,000 and 25,000 desktops. It will take many man months to have someone walk around to all of the systems and install. At the same time we do not have much in the way of ldap or other features that could make this easy to do because different groups owned these systems in the past.
Generally, there are two ways to distribute the installation program to the client system. Please refer to the following:
Distribution through the Web
The agent installation program is distributed through a Web server supported by AhnLab Policy Center. When the agent installation program is created, the users access to the default location where the Policy Server is located. (For example, address like http://172.16.112.1:8080 is the IP address where the APC Server is installed and port number using HTTP service.)
Direct Distribution of Installation Program
The Policy Server administrator distributes the agent installation program by posting it on the company groupware. The users can copy this and be provided the agent installation program.
At the installation stage, we provide technical support together with our local partner. After installation, we check the software distribution rate, test whether the features run normally and conduct monitoring. We make a final report and submit it when the establishment is completed, Based on AhnLab’s sufficient human resources and the local partner’s support, our clients do not have to consider their man months regarding product installation.
Database used in AhnLab Policy Server
The APC server doesn’t use LDAP, but is optimized for SQL2005, so the server where the APC server is to be installed should have MS SQL 2005. Information like each client’s virus infection status, installed software, monthly statistics and other information are saved in the database. The reports are processed based on the saved information in the database. In case the scale is big, a hierarchical domain architect in the form of Master and Slave server is possible, which provides higher managing availability and efficiency.
Another feature is flexible grouping according to the user system’s inner organization. If the branch offices are far away, an APC Server with the Sub Domain (Slave) concept is installed so that the central Parent (Master) APC Server manages the sub (Slave) APC.
f. Can we setup some kind of feature that does not allow a system to join the network unless it has the AhnLab antivirus installed?
We call this feature ‘Endpoint Control’, and this feature is available by using one of our solutions, AhnLab TrusGuard (Unified Threat Management).
Endpoint Control manages the access to the Internet depending on whether the APC agent is installed or not. AhnLab TrusGuard checks the network packet (UDP packet) from the APC agent and, if the APC agent is not installed on PCs, AhnLab TrusGuard does not allow the access to the Internet. Instead, it redirects the system (the system without APC Agent & V3 installed) to the specific URL for the installation page.
Endpoint Control cannot be integrated with other companies’ products, but only with AhnLab TrusGuard. It is not possible to implement Endpoint Control with just one solution individually, so in this case, AhnLab TrusGuard need to be purchased.
For your information, AhnLab TrusGuard is a network appliance based on firewall. It is an integrated network security solution, in which IPS/ContentsFilter(Anti-Virus/Anti-Spam)/VPN features are all provided as modules in one appliance.
g. How much staff will we need to manage the AhnLab product? The less the better!
In order to manage the entire headquarter and branch offices, we recommend that there are two engineers who take control at the central data department, and place one administrator at each branch office. This is a general example since the number of staffs may differ depending on the exact structure and system of the organization. Generally, we recommend that assign two staffs for managing AhnLab product. They can work both in pairs and individually, so that in case one staff is not available, the other can follow up on the management.
h. What is the labor profile for installation of product?
In case of basic product installation, the requirements are as below:
People who have knowledge and experience in:
- Computer Systems & Electronics Engineering Technologies
- Network Systems & Data Communications
- Computer Support
- Computer & Information System Managing
- Basic MS SQL Database
- More than 2 years of experience in IT Projects
i. What is the labor profile for upgrade of the product?
In case of maintenance and operations after installation, the requirements are as below:
People who have knowledge and experience in:
- Computer Systems & Electronics Engineering Technologies
- Network Systems & Data Communications
- Computer Support
- Computer & Information System Managing
- Basic MS SQL Database
- More than 3 years of managing work experience in IT departments
Q: We do not have time to do a pilot project. Are there any definitive 3rd party reports on the AhnLab product that we can read? We generally like Gartner Reports.
A: In case of Gartner, we are currently in the process of preparing the registration. In the second quarter of 2010, we are planning to open a field in Gartner Taxonomy and post a Magic Quadrant Report. We would like to introduce the implementation we conducted for Kyonggi University, in which the case was to integrate APC and TrusGuard. Please refer to the following interview:
Mr. Park Jong-o, section chief of IT team, Kyonggi Univ.
What is the reason behind the implementation of the integrated security system in every building classroom?
Even though there was a main firewall, malicious codes that bypass the firewall frequently infected the internal network. Indeed, the situation got worse as the use of mobile storage devices such as USB memory sticks became increasingly common. To prevent this, a separate security system per building classroom was thought to be necessary. And in terms of cost-efficiency regarding building up security, an integrated security system like TrusGuard that provides various functions was the optimal solution.
Why did you choose AhnLab TrusGuard?
We carefully reviewed about 10 solutions, and TrusGuard was the most appropriate solution for our situation. Other solutions required the replacement of the switch and that meant additional costs. Moreover, TrusGuard received the highest rating due to its capability to perform necessary functions such as port control through synching with V3, without requiring the replacement of the switch. Also, AhnLab’s Absolute Firewall, which we have been using since 2007, was working rather well, and that was a plus for TrusGuard.”
Tell us about the benefits you experience after implementing TrusGuard.
TrusGuard can be synched with V3 and APC for centralized management, and that dramatically reduced the time required to manage endpoint devices. Besides, thanks to the NAC function of TrusGuard, which automatically quarantines and repairs vulnerable devices, now we can manage security more efficiently. Overall, the result is very satisfactory because now we can effectively prevent network threats such as worms and viruses without putting in additional time and effort.
It seems that your university is investing heavily in security technology.
I believe that information security is a prerequisite for today’s IT boom in education. I am very confident that the security level of Kyonggi University is among the highest in the field, thanks to our heavy investment in educational IT, and moreover, in IT security. I think that we are the first university that implemented a separate security system in every building classroom. Although the limited budget does not allow for a large-sized investment, we have been gradually building up the security by continuously assigning the budget for security investment since 2000’s.
Tell us about your future IT system implementation plan.
Above all, we will focus on strengthening our security management capability. Through coalition with Education Cyber Security Center by Ministry of Education, Science and Technology, and by setting up an in-house security management center, we will try to maximize the effectiveness of security solutions we have implemented so far. For our long-term plan, we are considering the implementation of a next-generation total information system, because in current education market, information technology is becoming a base of competitiveness. Therefore, though cutting-edge information infrastructure, we plan to provide an advanced educational environment.
Q: In what way can you explain how the AhnLab product interoperates with our legacy of equipment? We have many different versions of Windows including 95, Me, XT, XP and Windows 7. We also use Nortel, Cisco and other routers and firewalls and have had problems getting updates installed with some products in the past.
A: Due to the service termination of MS, we do not support Windows 9X/ME, which is the policy of many vendors including AhnLab. Nonetheless, its operation is possible because Windows 9X/ME is a specification we have previously supported. It’s just that we no longer conduct QA tests on the Windows 9X/ME OS, and there are no more additional developments.
Basically, AhnLab conducts a full QA test before launching a product, and we make the official release only when the entire verification is completed. In this process, we do the tests under all possible circumstances – such as Unit Testing / Integration Testing / Acceptance Testing
Especially, AhnLab has proper QA facilities for not only software, but also network appliances. Another strong point is that AhnLab provide stable services because we conduct customized tests that fit our clients’ operation environments.
[QA Test Process of AhnLab before release]
For example, APC also goes through AhnLab’s QA test process. APC is tested on all types of OS, and after the final verification it is officially released. In actual management of APC, there is no problem interoperating with different versions, as long as you OPEN the information (at the F/W policy) of the port that APC Server and Agent/APC Admin Console use to communicate. One point is that in case of Endpoint Control like IAC(Internet Access Control), it can be integrated only with AhnLab TrusGuard, as we have mentioned earlier.
Q: We are planning on rebuilding everything in the electronic infrastructure of the city. How can the AhnLab products fit into this need? At what cost? We expect this to take us 36 months. Can you help us in any way to shorten this while saving money? What will be the labor profile?
A: We have had various experiences in performing e-government projects domestically, so based on this we are fully capable of providing you with appropriate proposals. Thus, if you let us know of the specific requirements or specifications regarding your electronic infrastructure plans, we will propose relevant solutions. (If there is any kind of project documents, a much more detailed proposal will be available.)
AhnLab is a technology-based total security provider, with more than 50% of the entire employees consisted of R&D Staff. This is why we are capable of developing customized solutions that meet our customers’ needs. Also, AhnLab has a fully furnished process of planning, consulting, development, QA (Test), management and more. By combining this know-how with AhnLab’s professional human resources, it is possible to effectively manage/maintain projects and gain high quality, cost-effective results.
Moreover, after the entire infrastructure is established, we can provide training programs to the clients’ local staffs by stationing our AhnLab staff for a certain period a time until the system is stabilized. Since you are planning a project of a considerable scale, another option can be AhnLab’s consulting service that covers a wide range of fields.
In addition, MSS (Managed Security Service) can be used to efficiently protect the infrastructure. MSS provides central control service that responds to network intrusions or attacks on different branches/offices throughout the city. Accordingly, an advanced monitoring/management/protection on the electronic infrastructure would be possible. Regarding this service, the labor profile is as follows:
People who have knowledge and experience in:
- Computer Systems & Electronics Engineering Technologies
- Network Systems & Data Communications
- Computer Support
- Computer & Information System Managing
- Basic MS SQL Database
- More than 3 years of managing work experience in IT departments
Q: Currently we are able to buy many different computer products from McAfee and not just antivirus. They sell us firewalls, cryptographic software for disk drives and tunnels and many other systems. We like the one stop shopping aspect of this relationship. What can you offer us? How can you become more of a one-stop shop?
A: AhnLab, Inc. is Asia’s leading provider of integrated Internet security solutions, having nearly two-thirds of the Korean anti-virus software market share. As you can see from the diagram below, AhnLab provides all kinds of security solutions that covers the entire range from enterprises to individual users.
[AhnLab Security Map]
- Network security solution: AhnLab TrusGuard
- Contents security solution through Anti-malware product: V3 Internet
- Security Central management solution: AhnLab Policy Center
- Protection from spread of malwares through website: AhnLab SiteGuard
- Personal information protection: AhnLab Online Security
Moreover, AhnLab provides a sample (malicious code) collecting system called Honeypot system, that rapidly responds to local vulnerabilities. If you install the Honeypot system in your places, AhnLab can respond to security threats in advance. AhnLab is always monitoring and collecting hacking threats with CERT teams all around the world. In case you happen to face any unanticipated circumstances, (e.g. fraud attack spike requires sped up implementation) AhnLab provides dedicated vaccines.
Q: As we mentioned in the past we have a shortage of technical people. How does the AhnLab product affect this problem? Does it make the problem worse or better?
A: System engineers are necessary, because they can minimize the losses through rapid responses, in case any threats occur. Also, these engineers can deliver the exact wants and needs of the client to the vendor, thus enabling effective communication. These are the reasons why we recommend you to have a minimum availability of technical people.
If you are having operative troubles due to the shortage of technical people, AhnLab staff and local partner staffs can provide on-site support on maintenance and operations. Also, high-quality education programs or technical consulting services with various curriculums can be provided to resolve any inconveniences when using our products.
