TechTip: Protecting Your SharePoint Environment by "Defense in Depth"
Microsoft SharePoint has undergone phenomenal growth since it's release in December 2006, and is now the fastest selling server solution in Microsoft's history. In some companies SharePoint use has grown at the workgroup level with little or no involvement from IT. Often these installations are setup for a specific purpose – such as document management – and little thought is given to security. Securing a SharePoint environment is critical as SharePoint becomes the main repository for documents, legal contracts and other forms of communication.
You may think that having an antivirus solution such as Symantec AntiVirus or Symantec Endpoint Protection installed on each machine will keep your systems safe from the threat of viruses and that's as far as you need to go. However, endpoint protection is just one piece of a comprehensive antivirus arsenal.
With an endpoint antivirus solution, files uploaded to SharePoint would only be scanned with desktop AV definitions at the time the file is posted and there is a possibility that a virus might enter SharePoint before definitions are available to catch and clean the threat. Files downloaded from SharePoint are scanned when they reach an end user's machine, as long as the antivirus software hasn't been disabled and the user is working from a known machine. But with SharePoint, you don't really know what machine an end user might be connecting from. For instance, your end users, customers or partners may connect from a home machine or public machine and upload a document for other people to access. How do you know that those endpoint machines are protected so that files being uploaded to your SharePoint environment are virus-free?
Defending documents at the source
If an infected document is uploaded into SharePoint, anyone who later downloads that document will get an infected file. Although it can be scanned by an antivirus protection product where the document is downloaded, the file in the SharePoint environment will still be infected. The only way to get rid of the virus within SharePoint is to delete the file from the SharePoint database, unless you use a product specifically designed to scan the SharePoint database.
SharePoint Antivirus adds a deeper level of protection so you don't have to worry about the security of the endpoint machines that are uploading and downloading files from your SharePoint environment. Documents are scanned as they're being uploaded into SharePoint; they're scanned as someone downloads them; and the database of documents stored within SharePoint is scanned on an on-demand basis or a scheduled basis. Whenever updated antivirus definitions are installed, SharePoint Antivirus rescans the database.
Antivirus solutions provide a certain level of safety for uploading and downloading files to and from your SharePoint environment, but you should adopt a "defense in depth" strategy to complete your arsenal. You can clean files when you download them, but it's better to also defend them at the source—the SharePoint database. SharePoint Antivirus protects your systems at every level, in every place that you might encounter a threat.
For more information about Symantec Protection for SharePoint, click here.