Agentless SEP for vShield???
I spotted a prior thread on this subject but its long closed...not a lot of chat out there it seems on the subject and I'm possibly not emailing the right people as I've had little response so I'm going just ask here...
I work for an OEM implementing and supporting on a major Bank customer's account - we are currently ramping up what is probably one of Europe's largest VMware vSphere installation sites for the bank with a 4 figure VM count which is growing every day via aggressive P2V tactics and new VM builds
This bank are already a large customer of Symantec...despite the virtualization advancements the customer uses the trad protection solution in-guest like most do. However due to the solution architected (a small number of very large ESXi hosts) the customer found themselves a classic "AV storm" victim which we recovered from and are managing at present but via heavy admin of the scheduling for scans etc.
We urgently require a move to the latest much talked about AGENTLESS vShield Endpoint AV type solution
I have been given approval to proceed to construct a proof of concept for the agentless type Endpoint solution. The problem I have now politically and technically is that I am faced with delivering this using Trend or Bitdefender. The account being so large already possess a number of VMware vShield licences but I prefer (from every angle) to build the Proof of concept by upgrading the Symantec solution
So my question is:
Can anyone at Symantec help me with your upcoming agentless solution as of today? Does it actually exist? I've heard Q2 this year? Can I participate in any Beta program perhaps for my Proof of concept installation? has anyone out there already been thru this loop and can comment or had success? (but PLEASE don't inform me that the answer lies in managing your scan scheduling etc.) :)
Thanks,
Martin
Comments
hope you are aware of the SEP
hope you are aware of the SEP 12.1 benefit on VM environment
a) Shared insight cache server
b) virtual image exception
regarding the agentless SEP and the roadmap you have to contact the Symantec sales team, they will help you out with the query on roadmap.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Understanding.
Hello,
Quotes -
-- Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec
--Parag Patel, Vice President, Global Strategic Alliances, VMware
SEP 12.1 is specifically created for Virtualized Environment.
These articles may be of interest:
Best Practices for Symantec Endpoint Protection in Virtual Environments
Article: TECH95300
Article URL http://www.symantec.com/docs/TECH95300.
Symantec Endpoint Protection 12.1 Virtualization Best Practices
https://www-secure.symantec.com/connect/downloads/symantec-endpoint-protection-121-virtualization-best-practices
In your case, I would recommend you to contact a Symantec Partner for POC -
http://partnerlocator.symantec.com/public/search/
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
I don't have any information,
I don't have any information, I just want to add my vote to have this happen sometime. Symantec says basically that vShield "is not there yet" in order to have it happen, but I am looking forward to not having an AV agent in each VM.
If you have PCI
If you have PCI considerations, as I'm sure you do, get solid, written verifiable confirmation from your "agentless" vSafe anti-virus vendor that their solution has been found by the PCI Council as acceptable to meet PCI DSS 2.0 5.1.1:
5.1.1 Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.
Testing procedure:
5.1.1 For a sample of system components, verify that all anti-virus programs detect, remove, and protect against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits).
The key requirement that vSafe fails at is the "remove" requirement. If it's not running on the server it can't remove malware from the server. It also can't protect against an in-scope server from geting infected by any way other than the network channel. It can't protect from USB or CD-borne infections. If the malware gets on the server from a USB drive it can encrypt the card data and exfiltrate it without vSafe products even seeing it.
Trend reps told us over and over that PCI QSA's have accepted their vSafe solution but they have been absolutely unable to unwilling to provide documentation or even a reference. I just asked them again last week after they initiated a contact to us again and they have ignored by request.
Make it part of the purchase contract if you decide to switch vendors for this. If t's not part of the contract it's not part of the deal. If their solution meets PCI-DSS, and they're willing to put in a contract requirement to that effect, go for it. I'm betting they won't do it.
Buyer beware.
Ray
At Vision this was discussed
At Vision this was discussed and is road mapped for the future. At the time the issue preventing Symantec was the lack of features/options in Vshield so Symantec has been working with VMWare to add more capabilities to Vshield so they can take advantage.
That being said SEP 11 had a release which added scan randomization to prevent AV storms and 12.1 includes this as well along with additional advance features to the VM environment as stated above.
This was just announced
FYI, VMware just put out a press release announcing Symantec and vShield integration for later this year...
http://www.vmware.com/company/news/releases/vmw-sy...
Going Agentless is a very
Going Agentless is a very agressive performace based Approach..SEP 12 has Performance and Security based Approach.
SEP 12.1 is the right product for Virtualization.
Do read this :
https://www-secure.symantec.com/connect/sites/default/files/SYMANTEC_McAfee_Trend_On_VDI.pdf
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Would you like to reply?
Login or Register to post your comment.