Curt Frierson, EVP, Technology and Education
In our last newsletter, Jay Butler provided a thorough examination of the threat that endpoint devices pose to network security. Additionally, he explored several endpoint security products designed specifically to control the risks associated with endpoint devices. Very recently, however, the landscape of endpoint security control has dramatically shifted, thanks in large part to the Symantec Corporation machine and its devouring of promising security product startups.
Symantec has always been known for its industry leading virus protection products. For many years now, Safe Systems has recommended and implemented Symantec Antivirus Corporate Edition due to its superior malware protection and unparalleled centralized management capability. However, the malware protection market is extremely competitive and other companies such as Trend Micro have recently been closing the functionality gap and gaining impressive market share. This fact has necessitated change in order for Symantec’s flagship product to remain the industry leader. In addition, the proliferation and transforming nature of endpoint threats has been giving rise to numerous startups to fill the security gaps being largely ignored by the major providers. Symantec’s answer has been to acquire numerous smaller companies providing promising security products. By leveraging its enormous size, Symantec has consolidated many of the acquired products into a single, comprehensive solution to provide protection for almost any type of endpoint security threat. Rather than offering this super-sized security control at an additional price, fortunately, Symantec has simply introduced it as the next version of its antivirus product. The new name of Symantec Antivirus is now Symantec Endpoint Protection.
Besides malware prevention, Endpoint Protection adds several additional layers of security to servers and workstations. Security risk protection introduced in previous Symantec Antivirus versions to prevent spyware, adware, and other harmful files, is included. So too is a host firewall, which provides the capability of blocking access to workstations and servers except for certain allowed application types based on specific network need. Next, Symantec provides limited network-based intrusion prevention to proactively block known attack signatures. Proactive Threat Scanning provides an additional layer of host intrusion detection to guard against so-called zero-day exploits, or attacks with no known signatures. The final component of Endpoint Protection is device control. This layer offers the ability to control many types of devices, from USB drives to network adapters. This piece grants the wishes of many technology managers to regulate users’ abilities of introducing unapproved mobile devices into the network. Alone, this new component presents a compelling argument for implementing Endpoint Protection.
The introduction of all of these new features in Symantec Endpoint Protection, however, is not without its downsides. For one, blindly enabling all of these security components will render your network virtually inoperable due to the firewall feature. Unfortunately, several early adopters learned this lesson the hard way. Cautiously implementing the product after doing one’s homework will still not spare Administrators from having to continuously manage exceptions. If a firewall or device control rule blocks access to a service or device that is temporarily required, there is no easy work-around. A new policy will need to be created to specifically allow the component in question, then removed when the task is completed. Unless it is used on a network with few changes, this can be quite frustrating. Care should be taken before implementing these features due to the possibility of false positives blocking valid communications. The most effective method of implementing intrusion prevention and detection is through a managed provider who is able to continuously monitor the system, responding immediately to alerts during and after business hours. This reduces the risk of false positives and provides assurance that threats are handled effectively.
Overall, Symantec’s new product provides exceptional value and capability in a single security product. The number of features included, and the ability to centrally manage them, makes Endpoint Protection a clear choice for anyone looking for a solid all-in-one solution. If extremely granular control is needed for a specific security layer, a separate, stand-alone product may be required to provide the desired functionality. Dedicated products specializing in any one particular area may provide more depth or capabilities. Otherwise, Symantec Endpoint Protection is a great fit for networks and organizations of all sizes.
To learn more about Symantec Endpoint Protection, attend February’s webinar about Symantec Endpoint Protection on 2/19 from 10-11 ET or 2/28 from 2-3 ET.