Connect And Protect - Symantec Protected us from LAN congestion

As a system Admin my job was to secure user data and provide minimal down time for a network consisting of 1500+ PCs, 300+ terminals, 300+ Thin Clients, 50+ laptops, all within an area of 15 kilometers..  I was unable to do so because of the number of viruses spread throughout our network. 

Here's the history behind the issue, and how Symantec's Endpoint Solutions helped.  In the past,  we had no antivirus solution for our network .  Maintenance agencies were using some free AV product to clean infected Pcs. Because of  this process, Pcs were formatted regularly, at least once every 2-3  months. This  was causing serious problems for some of the important departments like purchase, marketing, project management, materials management etc. Additionally, some departments use digital signatures for banking, e-tender purposes, among others. After formatting those Pcs,  too many problems would arise. We also saw an increase in the number of calls from users..

Due to the broadcast of the viruses, our network became very slow. Copying a 1 to 10 MB file in the network was next to impossible.

One of our vendors suggested we use a hardware firewall to filter traffic, which would hopefully  increase network performance.

We decided to do this in order to filter the traffic, hoping the network performance would be increased.  We installed a Cisco pix firewall and observed the traffic and created some rules to filter packets. After a few days, we realized that it wasn't  helping us  improve the performance of our network.

The failure of the hardware firewall was due to having more than 100 individual broadband internet connections as the main entry point for threats to our network.  Upwards of 90 % of the employees use pen-drives, which were also one of the causes of viruses entering our network. Additionally, some users were using their cell phones to connect to the internet and visit some illegal websites.

Because of these difficulties, we  finally decided to review various antivirus solutions.  We asked a few vendors to give us a presentation on how their product wouldl benefit  our network environment.  Additionally, we asked the vendors how they would overcome the problem.  Lastly, we needed to determine the scope and cost of deploying the software and hardware.

Three  vendors came with 3 different products. All gave their presentation and showed us the features of their products and told us the benefits over other products. All seemed to have their own merits and demerits.

 We were looking for an Antivirus solution which had a centralized firewall which required minimal user interaction. This was a concern because we didn't want to disturb users with some annoying messages. We needed a cost effective solution as we already purchased a hardware firewall and we couldn't afford to have an high cost Antivirus for our network.

After a long process of review, we decided on Symantec for our network based on cost, popularity and market share.

Initially, we bought 400 licenses of Symantec client security 3.0 as it had centralized firewall.  We deployed it to 2 VLANs and observed the traffic for a few days. After cleaning all Pcs,  the network performance in the two VLANs increased considerably.  To our disappointment, the centralized firewall didn’t worked as we thought. The client firewall crashed too often.  However, due to the antivirus, the unnecessary broadcast traffic became very low, and all machines were finally virus free.

Because of this success, we purchased another 1000 licenses and deployed to the remainder of the clients. We used 2 SCS servers and load balance ( Feature of Symantec Client security). The load balance saved us from considerable downtime as one of the two servers had a  hardware failure issue.  The load balance simply moved the other clients to another server!  I highly recommend using the load balance/failover feature of Symantec on a large scale deployment.

After a few months Symantec launched their "Endpoint Protection."  We upgraded the server to SEPM and all clients to SEP. The firewall stability of SEP was a considerable benefit compared to other vendors solutions.

Some of the features of SEP firewall we are using which we found very helpful to us and are not available in any other av products are

1) It not only blocks IP address, but it can block particular ports, and  exclude others.
2) SEP Firewall can block network services like DHCP/DNS/VPN/SMTP and many more.
3) We can now monitor client side applications and block particular applications running on client computers.
4) Blocking through MAC address is also possible which is a very useful feature.
5) You can schedule the time for blocking /allowing the traffic. Which we are using to good effect. I have not found this option in any other Antivirus Products.
6) We previously had no centralized internet connection, we were unable to stop users visiting some unwanted web sites.  However, because of the firewall/custom IPS functionality, we are able to restrict users from visiting those sites.

Another feature of SEP which I found helpful for our network environment is “Application and Device Control”.

At my company of 1500+ Pcs, we  don’t have any Domain Controller or Active Directory Domain in our network .Our network runs as a workgroup network. In this workgroup network, we were initially unable to control the user’s access over PC, as we couldn't deploy group policy/system policy (centrally). Users were free to use USB devices such as pen-drives, Bluetooth devices, Bluetooth modems etc. to connect to the internet. Now, we are able to restrict users access to usb devices like pen-drives, Bluetooth modems, etc . Thankfully, an advantage for us was the fact users could use USB keyboards, "mice" and pricnters on the same system.  We had blocked windows default games through applications and device control policies! The "Application and Device Control" policy allowed us to block the autorun.inf file through pen-drives, as this was the main points where viruses would spread.

Another great addition to SEP is its ability to protect from attacks over software loop holes by using what is called “Intrusion Prevention System.

Lastly, the installation of the server, deployment of the clients, and general administration of SEP was quite easy.  The hierarchical structure of groups and policies applied to the groups are just like an active directory domain.   This makes it easy to set and edit different policies for different clients.

We felt we made the right decision going with Symantec because it solved our original LAN congestion problem.  Because of this, and the other features, functionality, and support provided, we are planning on an additional 500 licenses of SEP. 

I would rate SEP above its competitors because of its innovative features and Support to its clients.

Best,

Bijay