1. /
  2. Confident Insights Newsletter/
  3. Where Endpoint Security and Management Meet

Where Endpoint Security and Management Meet

October 14, 2008


Many businesses are finding their current approach to endpoint protection and management isn’t adequate or effective.
Many businesses are finding their current approach to endpoint protection and management isn’t adequate or successful. Why? All too often, security and management are regarded as separate, independent activities, leading to wasteful overlap in some places, and excessive gaps in others. Increasingly, businesses are discovering that uniting all management and security tasks is the most effective path to protecting a growing number of endpoints and the information stored on them.

The situation

Endpoints have come a long way in the past few years. Not long ago, PCs made up the majority of the endpoints connecting into the business network (perhaps a few laptop machines, as well). Fast-forward to today and the variety of endpoints is staggering - devices like smart phones, PDAs, and portable entertainment systems have become ubiquitous in many businesses.
However, as endpoints multiply and extend the IP network, they are at constant risk of threats that can lead to system compromises, data breaches, or policy violations. Despite IT managers’ awareness that threats to endpoints continue to evolve as much as the devices themselves, managing endpoints while protecting critical IT assets is proving to be difficult. This is mainly because of the following:
  • Independent security and management: Managing endpoint security and operations such as threat detection, protection against malicious codes, vulnerability scanning, backup/restore, and Network Access Control (NAC) can require multiple software agents, products, and servers. Often, management is independent and has little integration with other security initiatives. This is how a security team can end up trying to manage patches (an area not considered their domain), for example. With a lack of administrator skills, redundant processes, and considerable management overhead, this common scenario is set up for failure.
  • Neglecting data on endpoints: Typical endpoint security tools such as antivirus, antispyware, and firewalls were designed for network security or malicious code protection. Businesses also need (but often lack) data loss prevention, full-disk encryption, and regular endpoint backup to protect the data that regularly flows in and out of endpoint devices.

Finding common ground

Symantec believes that a secure endpoint is a well-managed endpoint, and understands that it takes multiple technologies to fully protect endpoints. This is where Symantec Endpoint Management Suite comes in. Symantec Endpoint Management Suite integrates technology and organizational efforts that have traditionally resided in separate silos inside a business. The suite enables cohesive sharing of processes, technology, and data supported by workflow and a centralized Configuration Management Database (CMDB). This approach helps businesses reduce their IT costs and complexity as well as their exposure to security and compliance risks.
There are three core products that are part of Symantec’s Endpoint Management Suite:
  • Altiris Client Management Suite (CMS) is the lynchpin of the Endpoint Management Suite. It is on this platform that the groundwork for the collaborative environment is laid. Businesses benefit by having a single platform to manage the security of the endpoints and management of endpoints now and as a business’ needs expand.
  • Symantec Endpoint Protection – This solution provides layered antivirus and antispyware protection, firewall, intrusion prevention, and application and device control. The multilayered approach significantly lowers the risks to business assets, and simplifies endpoint security administration. A single management console enables single software updates and policy updates, unified and central reporting, and a single licensing and maintenance – making it cost-effective and easy to manage.
  • Backup Exec System Recovery – Performs local and offsite backup, file and folder restore, and complete system recovery. Another key capability is Granular Restore, which allows users to pluck individual files or folders, and even Exchange messages from backups. The solution also integrates with Symantec ThreatCon to perform threat-triggered backups.
These three solutions are fully integrated, meaning that the Altiris Client Management Suite can talk to Backup Exec System Recovery and Symantec Endpoint Protection, and vice versa, all through a single console. Together, the suite protects businesses systems from misconfiguration, reduces the window of exposure, ensures backups are made, and makes recovery possible. The benefits of using the suite are tangible: reduced cost and complexity, a rare but welcome by-product of security and management solutions.


Without an integrated approach combining systems management, security, and backup and recovery capabilities, it is difficult for businesses to achieve visibility into and control over their entire endpoint environment. Businesses using the Symantec Endpoint Management Suite can be confident that they are receiving best–of-breed endpoint solutions from a single vendor.

Back to Newsletter