Endpoint Protection

I spotted a prior thread on this subject but its long closed...not a lot of chat out there it seems on the subject and I'm possibly not emailing the right people as I've had little response so I'm going just ask here...

I work for an OEM implementing and supporting on a major Bank  customer's account - we are currently ramping up what is probably one of Europe's largest VMware vSphere installation sites for the bank with a 4 figure VM count which is growing every day via aggressive P2V tactics and new VM builds

This bank are already a large customer of Symantec...despite the virtualization advancements the customer uses the trad protection solution in-guest like most do. However due to the solution architected (a small number of very large ESXi hosts) the customer found themselves a classic "AV storm" victim which we recovered from and are managing at present but via heavy admin of the scheduling for scans etc.

We urgently require a move to the latest much talked about AGENTLESS vShield Endpoint AV type solution

I have been given approval to proceed to construct a proof of concept for the agentless type Endpoint solution. The problem I have now politically and technically is that I am faced with delivering this using Trend or Bitdefender. The account being so large already possess a number of VMware vShield licences but I prefer (from every angle) to build the Proof of concept by upgrading the Symantec solution

So my question is:

Can anyone at Symantec help me with your upcoming agentless solution as of today? Does it actually exist? I've heard Q2 this year? Can I participate in any Beta program perhaps for my Proof of concept installation? has anyone out there already been thru this loop and can comment or had success? (but PLEASE don't inform me that the answer lies in managing your scan scheduling etc.) :)

Thanks,
Martin

hope you are aware of the SEP 12.1 benefit on VM environment

a) Shared insight cache server

b) virtual image exception

regarding the agentless SEP and the roadmap you have to contact the Symantec sales team, they will help you out with the query on roadmap.

Hello,

Quotes - 

• “With the right protection, virtual environments can be as secure, or even more secure, than traditional infrastructure as a result of increased standardization, visibility, automation and control available in high-density environments. Symantec Endpoint Protection defends against all types of attacks and is optimized for performance on VMware View™ and VMware vSphere®.”
  -- Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec

• “Organizations leveraging the VMware vSphere® platform require superior security effectiveness that doesn’t sacrifice performance. We’re working closely with Symantec, including continued collaboration on VMware vShield™, to remove security barriers for customers and help them expand their virtualization projects to enable enterprise hybrid clouds.”
  --Parag Patel, Vice President, Global Strategic Alliances, VMware

SEP 12.1 is specifically created for Virtualized Environment.

These articles may be of interest:

Best Practices for Symantec Endpoint Protection in Virtual Environments
Article: TECH95300
Article URL http://www.symantec.com/docs/TECH95300.

Symantec Endpoint Protection 12.1 Virtualization Best Practices

https://www-secure.symantec.com/connect/downloads/symantec-endpoint-protection-121-virtualization-best-practices

In your case, I would recommend you to contact a Symantec Partner for POC - 

http://partnerlocator.symantec.com/public/search/

 

Hope that helps!!

I don't have any information, I just want to add my vote to have this happen sometime. Symantec says basically that vShield "is not there yet" in order to have it happen, but I am looking forward to not having an AV agent in each VM.

If you have PCI considerations, as I'm sure you do, get solid, written verifiable confirmation from your "agentless" vSafe anti-virus vendor that their solution has been found by the PCI Council as acceptable to meet PCI DSS 2.0 5.1.1:

5.1.1 Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.

Testing procedure:
5.1.1 For a sample of system components, verify that all anti-virus programs detect, remove, and protect against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits).

The key requirement that vSafe fails at is the "remove" requirement. If it's not running on the server it can't remove malware from the server. It also can't protect against an in-scope server from geting infected by any way other than the network channel. It can't protect from USB or CD-borne infections. If the malware gets on the server from a USB drive it can encrypt the card data and exfiltrate it without vSafe products even seeing it.

Trend reps told us over and over that PCI QSA's have accepted their vSafe solution but they have been absolutely unable to unwilling to provide documentation or even a reference. I just asked them again last week after they initiated a contact to us again and they have ignored by request.

Make it part of the purchase contract if you decide to switch vendors for this. If t's not part of the contract it's not part of the deal. If their solution meets PCI-DSS, and they're willing to put in a contract requirement to that effect, go for it. I'm betting they won't do it.

Buyer beware.

Ray

At Vision this was discussed and is road mapped for the future. At the time the issue preventing Symantec was the lack of features/options in Vshield so Symantec has been working with VMWare to add more capabilities to Vshield so they can take advantage. That being said SEP 11 had a release which added scan randomization to prevent AV storms and 12.1 includes this as well along with additional advance features to the VM environment as stated above.

FYI, VMware just put out a press release announcing Symantec and vShield integration for later this year...

 

http://www.vmware.com/company/news/releases/vmw-symantec-2-28-12.html

Going Agentless is a very agressive performace based Approach..SEP 12 has Performance and Security based Approach.

SEP 12.1 is the right product for Virtualization.

Do read this :

https://www-secure.symantec.com/connect/sites/default/files/SYMANTEC_McAfee_Trend_On_VDI.pdf