In Small Business environments the "IT administrator" often wears many hats from Desktop, Network, Security, Backup and the list goes on and on. In other cases the IT administrator is actually the operations or support manager or even better the CEO of the company. I think all companies should sincerely spend IT Admin Appreciation day July 30th this year (http://www.sysadminday.com/) appreciating the IT admins contribution to the business.
But I digress. So, recognizing how overburdened IT Administrators are, SEP SBE 12.0 was designed to reduce the day to day overhead of the administrator. Rather than logging into the management console to get security status information, the product is designed to contact the administrator and report on issues and problems periodically.
So how does that work?
This is primarily done through preconfigured notifications and reports that are emailed to the administrator. And yes, we have taken care to ensure we don't end up SPAMing the admin. With SEP SBE 12.0, the administrator gets a Weekly Summary Report (see attached) which was designed to give the administrator all the information he needs to assess the security status of his environment. In addition, the notifications are designed to be sent only when an event requires the administrators attention.
The primary assumption here is that the management server is configured correctly to send email. This assumption sometimes falls apart in smaller environments where there is no Mail server or mail settings are mis-configured to not accept email.
To account for these cases, SEP SBE 12.0 management server has built-in intelligence, where if the mail is not successfully sent to the IT administrator, the management server temporarily assumes the role of a mail server and attempts to directly mail the notifications and reports to the administrator. So if you have used the product, you might have been surprised to get an email even though you did not configure your mail settings.
The mechanics of this is if the management server detects an error while attempting to send email, it will perform a DNS - MX (mail exchange) lookup for the domain name in the administrators email address. The management server attempts to establish a connection to the registered Mail server and attempt delivery.
So what does this mean? If the mail server has not been configured or incorrectly configured on the system, then SEP SBE 12.0 makes additional attempts to deliver the email. This is an example where SEP SBE 12.0 attempts to simply work right out of the box.
During Beta and Early Adopter testing for the product, it was great to see customers and even internal Symantec folks get excited about getting cool reports and notifications even though they had skipped setting up the mail server. In the next Blog I will discuss the kind of notifications and reports we have pre-configured by default.