Video Screencast Help
Security Community Blog

Evolving Endpoint Security

Created: 04 Feb 2013 • Updated: 05 Feb 2013
Vikram Kumar-SAV to SEP's picture
+3 3 Votes
Login to vote

 

Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12..

When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000.

Even though we had SCS (firewall and IPS) seclected people used the other features.

Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares..

FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it..

However in last few years there has been targetted attacks, specific type of institutions, specfic country or region or sometimes specific company its more Advanced Persistent Threats (APTs)

which SEP with all features enabled and configured properly is capable of dealing with but SEP 12 is the correct product to deal with threats of today.

 

Signature based Antivirus will be here for long but they might even detect APT threats but it is not what you can rely on today with the way each day so many malwares are created (not even written now they are all tool based)

Heuristics and Insight is the present and future of Endpoint Security, not to forget how handy Application and Device Control is..

When we recommened an upgrade its not for our good but its for the customer..

Gartner report validates how good SEP 12.1 is..its has been on top since its release..So I strongly recommend you to upgrade to SEP 12.1 and follow the security best practices and most importantly use as many features of SEp as you can.

It is very important ot balance between Security and Performance but when you are leaning towards performace make sure Risk is transferred ..simply accepting the risk can lead to disastors.

Or else its really not safe out there in the wild :-)

To add to it SEP will only add security to your network..your companies security is not SEP but you need other layers of security as well..It doesnt has to be Symantec but here are few options..

Altiris -OS and Application (java,adobe etc) Patches

CCS-Open Shares,  Compliance checks, VA Scans

SCSP -Server Hardening and Security. (Security from any kind of exploit even without patches)

PGP WDE - Hard Disk Encryption

SBG and SMS - Email Security

Symantec web gateway - For detecting malwares and suspicious contents entering your network..

Network IPS/IDS - Very critical for any type of company.

DLP - We all know what DLP does It prevent Data Leakage, as we know how important it is to keep tab on company's confidentail data. But more than that it does a behavioral Change in employees. The sense that someone is looking at them, so employees would know understand and adhere to companies policy.

SSIM - To handle your SOC, manage and alert on critical security incidents and help in remediating them..as its difficult to review Security Logs from all devices and co-relate but SSIM can do just that..