Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Symantec IPS vs Appliance IPS

Created: 27 Aug 2013 • Updated: 27 Aug 2013 | 5 comments
This issue has been solved. See solution.

Is the SEP IPS an appropriate substitute for an appliance based IPS? PCI DSS compliance states that all access to payment card infrastructure be secured by an IPS at the perimeter of the network. We don't need to be PCI compliant, but we're using those standards as security guidelines. If we have SEP IPS installed on all devices in our production network, would that satisfy that requirement?

I've looked at the signatures in the Endpoint Manager and it certainly doesn't look like the several thousands of signatures that Alert Logic and Cisco boast. Is there more going on behind the scenes then is obvious through the Endpoint Manager Configuration?

Thanks for any input,

Operating Systems:

Comments 5 CommentsJump to latest comment

Brɨan's picture

Sure but keep in mind that the SEP IPS is limited because it is software based. With a hardware based IPS, you will get much better performance.

With that being said, are you only needing to defend workstations/servers? Do you plan to write your own signatures or just use what Symantec has?

SEP is only a HIPS so it can only defend the endpoints.

I believe SEP has around 3800 signatures between the HIPS and Browser IPS.

A few helpful guides:

Best Practices for the Intrusion Prevention System component of Symantec Endpoint Protection on high-availability/high bandwidth servers.

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH162135 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2011-06-13 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-07-10 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH162135

Expected behavior of Browser Intrusion Prevention

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH172174 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2011-10-19 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-08-19 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH172174

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
pete_4u2002's picture

check out for the signatures for IPS and see if it meets the compliance level you looking for.

IamSauce's picture

We only need to defend servers in our production environment. Unfortunately, some of those servers have aggregated links and push a lot of traffic, so we might have to go with the appliance. I'd like the option to write my own signatures, however that's a little bit intimidating.

Thanks for the quick responses! 

Brɨan's picture

Than make sure to read the KBA I linked above regarding IPS on servers as it may adversely affect you.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

 states that all access to payment card infrastructure be secured by an IPS at the perimeter of the network

SEP  host based IPS . You should consider other Symantec product which can be installed at your perimeter