To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Standalone/Air-Gap Usage

mtoecker
mtoecker Posts: 2 Security Scout
in Business Suite

Hi Folks,

 

I'm looking over various anti-virus solutions right now for potential use, but I have a unique wrinkle.  I work in an air-gapped environment, where the systems do not have access to the internet for signature and product updates.  

 

My question is: Does F-Secure have a method of using their endpoint protection products on standalone networks and to update those products via offline methods?  If so, is there a paper, or instruction, I can look at?

 

Next wrinkle, I need to install the same products on some standalone systems, which literally have no network connection as you may understand it (stuff like MODBUS).  Any support here?


Thanks!

Mike

Comments

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    Hi mToecker, 

     

    You can use the fsdbupdates tools to update isolated environments
    https://www.f-secure.com/en/web/labs_global/database-updates

     

    Our end-point clients don't all support officially standalone installation.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    Some remarks:

     

    - F-Secure's corporate market, workstation protection suite (called FSAV Client Security 12) doesn't have .EXE or .MSI installation package any more. It comes as a .JAR file that can only be made into an .MSI using the "F-Secure Policy Manager" centralized control system.

     

    ( If you can demonstrate the need to F-Secure support, "Policy Manager" centralized control system can be licensed with an off-line token file. Tthe normal method uses recurring online licenc checks. )

     

    - Even if you could operate AV protection in totally off-line mode, the protection level will be about 33% less, compared to the networked (access to public net) mode, because instant online reputation lookups (the Cloud) is now a very important aspect of antivirus technology. That's true of almost all AV vendors, not just F-Secure.

     

    - The "offline" virus recognition database updating method provided by F-Secure is somewhat unefficient, as it means downloading a ~270MB sized file again and again (preferrably once every day for optimal protection) and transferring the file to the isolated machines using a USB stick, for example.

     

    Best regards: Tamas Feher, Hungary.

  • mtoecker
    mtoecker Posts: 2 Security Scout

    Thank you everyone for your replies, I'll be taking a look at the solutions provided.  Unfortunately, I don't have a choice in going for the offline version, regulations regarding cyber security in the industry I work in are very specific on what interactions are allowed to the outside internet: none.

     

    Mike

This discussion has been closed.

Categories