Network Threat Protection pros and cons

umms_admin's picture

When we rolled out SEP we decided that we were not going to roll out NTP since we already had Windows Firewall enabled on our clients. However, we are reconsidering it and would love to hear some of your pros and cons of using it.  I currently have most of my clients up to 11.0.4 mp2.

teiva-boy's picture

 NTP is not really about the

 NTP is not really about the FW, which BTW superior to the Windows FW in every way...

But more so IPS.  Without IPS, you are losing a lot of security.  With IPS enabled, you will increase security from malicious attacks by more than 1000%, no joke, and that is not just marketing hype.  

Why do people complain about support wait times, when there is an online portal?
http://mysupport.symantec.com

umms_admin's picture

can you be more

can you be more specific? 

Unfortunately, being a research facility,  we have a fairly open environment where IT has a very difficult time dictating policy. I dont want to get into the politics, but we end up being more reactive than proactive when it comes to these things. So I am

teiva-boy's picture

 Malicious attacks are not

 Malicious attacks are not about viruses being planted and executed.  Malicious attacks now come in the form of network, OS, and app vulnerability attacks, which then allow an attacker to run arbitrary code on the machine.  AV alone cannot stop the majority of today's attacks.

This is where IPS comes in.  Stop the attack at the network level, before it has a chance to plant itself at the filesystem level.  Everyone should have IPS deployed and running with SEP.

The Firewall, I feel is much more powerful, and best of all the logging is there to help diagnose and pinpoint issues whether they are malicious, or just dubugging.

Your best bet is to play with the different features, as there is so much it can do.  If anything, go ahead and deploy NTP, with just the IPS policy enabled, and see how there is virtually no impact to your workstation.  Note, I'm not sure if the XP SP3 issues have been addressed in the latest builds with NTP.

Why do people complain about support wait times, when there is an online portal?
http://mysupport.symantec.com

ShadowsPapa's picture

The windows firewall is

The windows firewall is lame............... not to mention lack of logs and lack of ease of configurability.
Plus I can make holes in it without trying.
It's MSs attempt to get security into XP because people jumped all over them for the wide-open OS.
The windows firewall is for home users and tiny shops, I'd not protect a business with it.

Personal sites -> http://theamcpages.com and http://antique-engines.com
Shadow: Toy:

umms_admin's picture

Thanks Shadow, Do you lock

Thanks Shadow,
Do you lock alot down or are you pretty open? Any significant issues with it?

BharRie's picture

NTP is a network packet

NTP is a network packet scanning engine in Endpoint

Pros,

  1. Effective Firewall that verifies every packet that comes in as well as that goes out. By the verify I mean to say that it checks if the packet is authorized to send or recieve by an application or a port.
  2. Complete log of all the network activity.
  3. Can block an IP address or a whole subnet from attacking your network.
  4. Helps suppress unknown Trojan activiies to a good extent

Con

  1. Delayed PING response as a result slower file transfer in the network
  2. Needs a lot of administrative task at initial stages to stabilize your network. that means more rings to the HelpDesks

Bharrie,
Endpoint Protection
Symantec Corporation