SEP – Symantec Endpoint Protection
Posted On July 19, 2009
SEP always amazes me sometimes, i have had the pleasure of working with SEP on a client Account, and for the past 8 months we have designed, built and implemented the server infrastructure; We are now in the final phases of getting the application piloted.
And over the entire experience i guess i may have been slightly more critical of the product than i should have been. Its only recently after looking at a client problem in relation to Symantec Client Security that i realised how far this suite of products has actually come.
There was two things i really hated about SAV, that was the issues of migration between parent servers and configuring the Symantec client firewall. Ill expand a bit….
While you could set failover servers with SAV CE from the SSC console it never always seemed to work on some clients, for whatever reason if you had 10000 clients on one server and then you had failover enabled for SAV Roaming you were never always guaranteed that the 10k clients would actually move over when your Parent server died. So you may have a 1000 or so clients that you have no visibility of at all…. Which leaves a massive reporting issue for finding new virus’s on the network…
If you take the consideration of HP IT. which has to support workstations for over 300k staff from the new combination of our EDS colleagues, the SAV server for my lappy is located somewhere in Atlanta or California somewhere, and here is me VPN’d in writing a blog post in my back garden here in for one Sunny Ireland. This is the nature of the beast and the new flexibility that all our Wireless broadband and high speed VPN to the office brings, this also makes things more difficult for AV administrators having such a geographically dispersed workforce and in general yes it can be overcome with the Likes of HP CM, Microsoft SMS or any other form of Package management suite but your then adding reliance to a larger platform.
And SEP is different, i have actually had SEP Managers down for one or two days and not noticed, because of the ingenious way in which it load balances and gives 100% failover capabilities.You can actually trust it to failover, which in any IT Architects role brings a lot of kudos’s with the customers.
Moving swiftly onto SCS (Symantec Client Security), i never really liked this program for a number of reasons. The main of which is the ambiguous Symantec Client Administrator tool that comes to create your XML or CFG files, you just didn’t get a since of total control, you kind of made some rules and hoped they worked on some locations in which you defined (which were also impossible to define correctly).
SEP however shines in this case, again its not until you have a problem do you realise SEP’s potential, i worked on a problem recently which involved the new 3g / HSDPA dongles that all the networks are offering for high speed data anywhere, for some reason rules weren’t applying to this data connection but there just wasn’t any troubleshooting interface or traffic monitoring information, so you didn’t know if one rule was over-riding the other. So as a little test, i exported the rules into SEP and assigned it to a client i had, low and behold the same issue happened; However sep is smarter and gives you some traffic analysis tools, within about 10 minutes we had a potential fix despite working with SCS for hours.
So there you go, its not a bad product after all; Its a bit slow and clunky sometimes but when you have a problem it shines.
Cannot wait for SEP 12 which is rumoured to include Endpoint Encryption !