Endpoint Protection

But that's what many enterprises do. They spend millions defending the perimeter, then allow laptops and other mobile devices to bypass those defenses. A whole host of threats—spyware, worms, bots, you name it—gets a free pass inside. And chaos ensues.

The solutions are endpoint protection and endpoint compliance (endpoint compliance is also known as network access control, or NAC). However, in implementing these solutions, watch for these pitfalls:

1. The 600-pound agent:
   Some endpoint protection solutions overload clients with resource-intensive agents—a full deployment of one vendor's solution requires six individual agents and 80 megabytes per system! Bloated agents steal CPU cycles and overload scarce memory.
   
   There's a way to put security on a diet. The all-in-one agent Symantec Endpoint Protection 11.0 integrates essential securities technologies like top-rated antivirus, antispyware, firewall, and much more—in just 21 megabytes. It's less of a load on memory, CPU—and staff.


2. The OFF switch:
   Intrusion prevention systems (IPS) are vital for effective endpoint protection. But many customers disable them, frustrated by false positive rates as high as 20%.
   
   The Proactive Threat Scan feature within Symantec Endpoint Protection 11.0 has a remarkably low false positive rate. Symantec has scanned millions of endpoints and enjoys an extremely low false positive percentage of 0.004%. You can leave your IPS on and let it do its job, blocking rogue applications, without the worry of false positives.


3. The dead-end street:
   Not ready for NAC? No worries. Many enterprises choose to roll out endpoint security in phases: protection today, compliance tomorrow. But then you have to revamp your whole security infrastructure for NAC, right?
   
   Not with Symantec Endpoint Protection 11.0. Symantec embeds the compliance functions inside that single thin agent. When you're ready for NAC, you simply configure it on the same Symantec Endpoint Protection Manager console, then activate the NAC capabilities already resident on your endpoints. No pushing out new agents, no staff visits to every desktop.
   
   The endpoint is the final frontier of enterprise security. It makes sense to be cautious, but you need to act. The bad guys aren't waiting around—and neither should you.