We use it to patch information systems.
It helps us put antivirus solutions in place and prevent malware from getting to our machines. It's a pretty clear-cut solution.
Semantic is out there doing the work, identifying viruses and malware that come out weekly. That's the real-world landscape and they're pushing that stuff out as quickly as they can. But I can only patch monthly. I don't know what the solution is there, besides being vulnerable for three weeks out of four. But there's got to be an option somehow.
The stability is 100 percent. We've never had a problem with downloading it or accessing it. It works as advertised. It's an extremely good product.
I can put it on anything I want. It's 100 percent scalable.
I've never had to use technical support.
The government requirement was to be using McAfee, and we're using Semantic and we just pushed back on it. I told them I have a solution, it's deployed, it's working. It's 100 percent. Why is the government specifying a solution for one particular vendor in an environment where there are many solutions out there? It actually got quite heated and they backed off on the requirement. I was really surprised at that. It's an argument I went into expecting to lose and they came back and said, "Okay, maybe you have a point." But it is a DoD requirement to use McAfee as the antivirus solution.
The initial setup was straightforward. We downloaded the software, put it on a disk, sneakernetted it over to an isolated network, dropped it in the drive, initialized it, and enabled it. It was pretty easy.
It's satisfying our requirements at a very high level. That's a return on investment. I don't have a metric, but the results are very good.
This solution was chosen for me. I didn't make the decision.
Last year at RSA, Malwarebytes had a booth. I was talking to the vendor and he had some very interesting research. I won't go into too much here, but he had a graph on how many threats McAfee misses, how many Symantec misses, and how good Malwarebytes is, of course. He was trying to sell their software. He said Malwarebytes is a stopgap between the two. We could use it as he suggested. The problem with that is that when you have multiple antivirus engines installed on a machine, they identify each other's threats and cancel out each other's work. It doesn't really work that way.
But I have to look at the results. We haven't had a malware incident as a result of the Semantic solution that we have on 95 percent of our machines. We actually have McAfee on two machines because they are for a different customer and it was easier to do that.
If you make the investment in tech, in updated hardware and software, there are other tools - here we are at RSA 2019, those tools are all over the place. There are other tools that are not single-point solutions. You can solve a whole lot of problems for a lot less money if you're using updated hardware and software rather than old stuff, end-of-life, where you just have one other thing that you have to take care of it. You can put an umbrella over everything with a bigger, newer, better product. But you have to have your hardware and software up to date, rather than the situation that my organization is in.
Semantic an excellent product. It's really just the timing that I mentioned earlier that doesn't work well for us.
On the other hand, we haven't had a breach. We haven't had any issues. We haven't had any incidences of malware popping up. But that's more due to the isolated aspect of our networks. We're not touching the outside, so it's really hard for anything to get in. But disks can be sneakernetted in, hard drives can be brought in, USBs can be brought in, mistakes can be made. Not everything is malicious. Sometimes there is just incompetence involved where somebody hooks up something that they're not supposed to and you have exposure. But we haven't seen any threats related to any of that kind of behavior. I can't really say that we have had a case where anything has gone bad.
In terms of security maturity, we're "mature" in the sense that we're ancient, using old equipment that has reached end-of-life. It's really from the old-age home, it's so mature. We're in dire need of tech refresh and I don't have the budget to support that. But if you unwrap that and look at it from the other side, what would we do without it?
But the real mitigator, the thing that's actually protecting us, is our isolation. We have isolated systems so nothing can get at us. If I get audited, I'd better have antivirus definitions loaded up, current ones. But it really has not affected our security maturity.
If it wasn't for the exception that I mentioned, Symantec Endpoint Encryption, would have been 100 percent successful and I would have to have given it a ten out of ten. With that exception, I have to knock it back to 90 percent, a nine out of ten because, as I said, we're exposed.