Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Role of SNAC for virus threat

Created: 10 Apr 2013 • Updated: 12 Apr 2013 | 3 comments
This issue has been solved. See solution.

Can anyone tell me what is the role of SNAC in SEPM for preveenting the threat. Just it helps for endpoint complianace or it has feature beyond this. If anyone can describe more on this then it will be appreciated. Do I just need Symantec SNAC appliance or I can implement snack on windows server 2008 also.

Comments 3 CommentsJump to latest comment

Brɨan's picture

SNAC works in combination with SEP and helps to ensure you are in compliance. You can configure it to check to make sure the client has up to date file defintions, ensuring the client firewall is working, ensure specific security patches are installed, ensure a specific service pack is installed, or even use custom rules to check for certain softwarem processes, services, etc.

So think of this as taking a proactive approach. It won't stop a client from getting infected but it could potentially stop an infected client from coming on to your network, preventing a huge outbreak.

Valuable articles here:

https://www-secure.symantec.com/connect/articles/s...

https://www-secure.symantec.com/connect/articles/w...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

K33's picture

Hi,

You can set Antivirus Requirement in your organization that means your clients should be running the Antivirus you have specified or it will be rejected from network or sent to Quarantined network. Antivirus Products that SNAC supports are AnhLab V3 Internet Security, AVG Internet Security/Antivirus, Bit Defender Internet Security/Total Security, CA eTrust Antivirus/InoculateIT, Kaspersky Antivirus/Internet Security, McAfee VirusScan, Microsoft ForeFront Client Security, Microsoft Live OnceCare Antivirus, Norton Antivirus, Panda Antivirus, Sophos Antivirus, Symantec Endpoint Protection, Trend Micro OfficeScan Corporate Edition and Trend Micro Pc-Cillin. With these Antivirus Products you can check if they are installed, Running and having latest definitions. If not then you can redirect them to a location where the Antivirus will be automatically installed or the users can download and install the AV software or the latest virus definitions. If the Antivirus is turned off you can also enable the antivirus.

You can also select Any Antivirus, in this option you can check the definitions and direct them to download the definitions but the options for installing or starting a specific application are not available.

Look some of artical

https://www-secure.symantec.com/connect/articles/s...

https://www-secure.symantec.com/connect/articles/s...

Look this blog and find all SNAC releated document

https://www-secure.symantec.com/connect/blogs/snac...

SOLUTION
Mithun Sanghavi's picture

Hello,

SNAC is a Compliance Management software

  1. Set compliance standards for the Network (Host Integrity Policy)
  2. Ensure all clients comply to the set-standards (Using Enforcement methods like DHCP OR Gateway Enforcers, etc... and Remediation)

Organizations that deploy Symantec Network Access Control Starter Edition can experience multiple measurable benefits, including:

• Reduced propagation of malicious code such as viruses, worms, spyware and other forms of crimeware

• Lowered risk profile through increased control of unmanaged and managed endpoints accessing the corporate network

• Greater network availability and reduced disruption of services for end users

• Verifiable organizational compliance information through near real-time endpoint compliance data

• Minimized total cost of ownership based on an enterprise- class centralized management architecture

• Verification that endpoint security investments such as Symantec AntiVirus™ and the client firewall are properly enabled

• Integrates seamlessly with Symantec™ Endpoint Protection

To explain more in detail:

You might be knowing more than 90% of the attacks, infections comes from within the LAN from our trusted computers.

You say they are trusted because they are employee of your company .. that's it..

You configure your firewall and everything from external threats and attacks but do you exactly do to make sure your employees are doing what they are supposed to do.

What applications they are running, do they have any AV installed or have they removed them are they on the latest patch and AV definitions or they are just hiding from Administrators..

An Administrator wants his network to be completely secured and Patched up..but do the employees care out what definition or patch they have..they think its Admins job to check these things..

One un-Patched/un-secure computer is enough to bring down the whole company without compliance check.

Symantec Network Access Control helps you achieve this compliance..

Eg: A Field engineer /Sales Employee has been out for a month..he has not updated his definitions or patch..he has his laptop infected with bots

Then he logins to the network saves some files to your server including the bot..

Now the bot can control over your network..

When you have SNAC in place it won't allow an unpatched PC, old definition PC to connect to your critical servers.

First they will connect to a Remediation VLan/Server to get these updates and become totally safe to be able to login to the network.

Think about the VPN clients who don't even come to office to connect to the LAN..how to believe they are patched up ? SNAC will do that for you..

You can control what application clients should run and what they should not..

You can do any compliance related Job to make sure the clients inside your network including VPN clients are the trusted ones..

It is all policy/rules based about what do you think your clients should be like and should be doing...if they don't obey they are thrown out of the network..

You can also do windows patch management.

SNAC is a independent product that can be integrated by SEP/SEPM..

So if you are using any 3rd party antivirus it will do the compliance check for it..

Addition to those above:

It provides basic user management. You're at the command prompt of all clients, you can run scripts (cmd, vbs, powershell), collect information, get the juice out of your network.

Check these Articles:

SEP and SNAC - An Unbeatable Combination

https://www-secure.symantec.com/connect/articles/sep-and-snac-unbeatable-combination

Supported virus protection applications in a SNAC Host Integrity policy

http://www.symantec.com/docs/TECH162768

Symantec Endpoint Protection and Symantec Network Access Control 12.1.2 Installation and Administration Guide

https://www-secure.symantec.com/connect/downloads/downloadable-guides-reference-symantec-endpoint-protection-121-ru2

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.