Connect & Protect - An Antivirus Solution that Works.. Symantec Endpoint Protection v11 (The return of Symantec on our company)
1. Your role in the organization/company (CTO, CIO, CEO, SysAdmin, etc)?
To give you a background, the company that I have been working for deals with Resarch, Media/Public Relations, Crisis Issue Management and everything with regards to relations communications. I worked here before as a technical support/network engineer and we have been using Symantec Antivirus 10.x.x for 5 years. We also act as an IT consultant for this company serving all kinds of their IT needs in all categories (cellphones, desktops, servers, etc)
Due to an unpleasant events, we were replaced by a group of IT which replaced the anti-virus system. I am not sure why they replaced the virus system since the SAV Antivirus System was very reliable for the company. My guess is that this group wanted to get cut from the antivirus seller.
Now, I was re-hired and working as the MIS Manager/Officer for the company. Based from my techsupport group, they encounter numerous issues with this anti-virus (not sure if I can say the name here) to name a few issues were patch management, licensing and virus detection. I tried to generate a report with the virus infections and the report shows no activity as for me looks odd because of the increasing number of viruses as to what I have seen on the computer security websites.
I designed a test environment with Symantec Endpoint 11 and had been running for a month now. I am getting positive feedback from the board and hopefully SEP will be implemented on our company.
Moreover, my job would be to carefully review critical areas/points of our network and systems. Deploying a reliable antivirus solution plays a big part on our network and system security.
2. What was your data protection criteria, concerns and related issues, and how did Symantec Endpoint Protection resolve them?
Before we go to the data protection criterias we must also make in consideration our current endpoints and servers systems. I am proud to say that we mostly have core 2 duo systems and a few pentium 4 and pentium m systems. These systems are running Windows XP's and Vista's. So we pass the system requirements.
Our data protection criterias are
1. Implementing an antivirus solution which works with multiple layers of in-depth defense to minimize risk. When I say about multiple layers this includes, endpoints (desktops), email, servers, firewalls and IPS.
2. Of course we have the price of the product. If they charge annually or monthly, and if it is priced as one package or per module.
3. Another is scan engine. Virus solutions runs antivirus, anti-spyware, app control engines which could affect the performance of the computers.
Manual, Scheduled and start-up scans should also be available.
4. Heuristic scanning, we must make sure that the system has bevavioral based scanning to exploitation attempts.
5. Firewall/IPS, which prevents attacks from the internet.
6. Application/Device Control, for the devices and custom applications/programs that we have.
7. Virus Cleaning / Remediation Process, procedures to remove the virus just in case the virus cannot be cleaned automatically. We should also have
Removal Procedures and Removal Tools available on the net especially for virus infection isolation.
8. Client/Program Updates and Upgrades, virus, spyware updates, release and sizes of the updates. New versions and patches.
9. Console/Dashboard and Alerts monitoring, simple notifications of virus alerts and non updated computers helps to keep system update and fix virus infections right away.
10. Support, no antivirus solutions are perfect so we need technical people to assist us.
Before this company, I have worked as a resident Symantec Security Consultant on one of the biggest call centers here in the Philippines. They are using Symantec Antivirus and later upgraded to Symantec Endpoint. I have seen SEP at work, it answers every criteria I have stated above.
3. What were the strategic or financial reasons you chose Symantec Endpoint Protection Solutions?
I can compare choosing an antivirus solution when designing a building establishment, in order for the building to be stable and withstand disasters it should have a deep foundation, and this will need a big budget. Same scenario if you choose Symantec Endpoint Protection, giving your company a good foundation on security risks and I assure you it is worth your every penny.
I have also discussed to our board the history of Symantec Products in our company. We use Symantec AV from the past and has been very stable and reliable when dealing with security alerts. We didn't encounter any virus outbreaks in past. Being a certified specialist with Symantec AV Security. I prepared a presentation for them, presenting the features of SEP, I also added I can manage the system well if we use Symantec Endpoint Protection.
Another reason why we choose SEP is because Symantec is one our clients on Corporate PR Services. Our account managers which handles Symantec told me that they are having problems with the technical terms in regards how Symantec works. I told them that the best way to learn Symantec is to experience it.
A minor factor also is the GUI of SEP, some of the icons and display alerts of other AV's are so small the user cannot see if your computer is at risk or not. But with SEP, you will notice it right away with big red exclamation points. (really a plus factor if the users are old or have visual impairments)
4. What were the technical criteria/reasons you chose Symantec Endpoint Protection Solutions?
The technical reasons why we choose SEP are
1. Antivirus, Antispyware components - these technologies are delivered by a single agent which improves system performance efficiencies..
2. Network Threat Protection - I was looking for a substitute for Windows firewall, as it lacks logging capability.
3. IPS - another layer of defense which is a network based system that blocks know attacks.
4. Proactive Threat Scanning, this is really need as we are on the cyber age. We need to be protected from unknown threats which acts/behaves like a virus.
5. Device and Application Control, I dont need to manage it via GPO. It is much easier on SEP.
6. Management of the components policies, users and by location - easy management of users, workstations, policies and servers.
7. Console, and access thru http - accessibility using different protocols
8. Virus Alerts and Reporting - this is to inform administrators and techsupports to do action quickly on the alerts and see the trending of the virus.
9. Virus Submission and Response (for Unknow Threats) - manual and automatic submission of unknown threats
10. Disaster Recovery, Backup and Maintenance - clear documentation on the recovery, backup and maintenance process meaning that it has been fully tested.
5. Symantec was the right choice because...?
There's no doubt that Symantec was the right choice for us. Not only that it answers our data criterion but it gives a sense of security for me and the company that I am working for. Given the resources, me being a certified Symantec AV Security Specialist will have an ease handling the SEP Antivirus System. I will be able to use my knowledge and experience with this product to the full extent productively and efficiently. I also wanted our Account Managers which handles our Symantec account in PR to experience SEP so that they will have an ease in understanding the product thoroughly.
Support is very effective not only that Symantec has the techsupport hotline/KB's but we have also "Symantec Connect" forums which other users can contribute globally to our problems. This is also one of the main reason why we choose Symantec, we are able to socialize and communicate to other people, see how their ways of analyzing a problem, creating new ideas and being active
6. How has your Symantec Security Solutions helped you be more successful?
Symantec Security Solutions helped me to more successful by giving me the attitude to gather more and more data/information. And now, since SEP has the newly improved console and management, I can view the reports and alerts with just of a click of a mouse button or just by reading my email notifications. A good defense security risks of today are being well informed on the security patches, keeping virus definitions up to date (preventive) and proactively dealing with security alerts (corrective).
I will be able to enjoy my sleep at night and knowing that my SEP will alert me and my team if problem arises. =) I love SEP.. an Antivirus Solution that works..