Endpoint Protection

 View Only

  • 1.  Scanning Network Traffic for Malware

    Posted Jul 05, 2016 11:28 AM

    Our endpoints currently have SEP 12 clients installed.  We are looking at different products to scan some of our network traffic.  This network traffic will originate from outside of our network.  The issue we currently have is that anyone can attach anything to something like an expense report.  That file is never 'at rest' until it is written to an internal database.  With that said, we could currently have all kinds of malware residing in our database.  Does Symantec have any software or appliance that is capable of scanning network traffic like this for malicious files?

     

    SharePoint is another example of our problem.  Anyone can upload anything to SharePoint.  We do not have an ICAP server at this time and our Symantec clients cannot scan the files uploaded and downloaded to the SharePoint database due to how SharePoint downloads and uploads those files.  Is there anything as far as software or an applicance from Symantec that can scan this traffic without utilizing an ICAP server?  Our concern is that if an ICAP server went down then it would halt all traffic that was supposed to be scanned and essentially take down other systems with it.



  • 2.  RE: Scanning Network Traffic for Malware

    Posted Jul 05, 2016 11:32 AM

    SEP 12.1 will protect local clients only, it has many features to do that including firewall, IPS, SONAR, and Download Insight.

    You may want to look at Advanced Threat Protection: Network:

    https://www.symantec.com/content/dam/symantec/docs/data-sheets/advanced-threat-protection-network-en.pdf

    What you really need to look at is a network IPS.

    SEP for SharePoint is also available but as you've said, won't work. SEP wouldn't scan it until it hit the disk.



  • 3.  RE: Scanning Network Traffic for Malware