Endpoint Protection

 View Only

  • 1.  Symantec IPS vs Appliance IPS

    Posted Aug 27, 2013 11:28 AM

    Is the SEP IPS an appropriate substitute for an appliance based IPS? PCI DSS compliance states that all access to payment card infrastructure be secured by an IPS at the perimeter of the network. We don't need to be PCI compliant, but we're using those standards as security guidelines. If we have SEP IPS installed on all devices in our production network, would that satisfy that requirement?

    I've looked at the signatures in the Endpoint Manager and it certainly doesn't look like the several thousands of signatures that Alert Logic and Cisco boast. Is there more going on behind the scenes then is obvious through the Endpoint Manager Configuration?

    Thanks for any input,



  • 2.  RE: Symantec IPS vs Appliance IPS
    Best Answer

    Posted Aug 27, 2013 11:31 AM

    Sure but keep in mind that the SEP IPS is limited because it is software based. With a hardware based IPS, you will get much better performance.

    With that being said, are you only needing to defend workstations/servers? Do you plan to write your own signatures or just use what Symantec has?

    SEP is only a HIPS so it can only defend the endpoints.

    I believe SEP has around 3800 signatures between the HIPS and Browser IPS.

    A few helpful guides:

    Best Practices for the Intrusion Prevention System component of Symantec Endpoint Protection on high-availability/high bandwidth servers.

    Article:TECH162135  |  Created: 2011-06-13  |  Updated: 2013-07-10  |  Article URL http://www.symantec.com/docs/TECH162135

     

    Expected behavior of Browser Intrusion Prevention

    Article:TECH172174  |  Created: 2011-10-19  |  Updated: 2013-08-19  |  Article URL http://www.symantec.com/docs/TECH172174

     



  • 3.  RE: Symantec IPS vs Appliance IPS

    Broadcom Employee
    Posted Aug 27, 2013 11:33 AM

    check out for the signatures for IPS and see if it meets the compliance level you looking for.



  • 4.  RE: Symantec IPS vs Appliance IPS

    Posted Aug 27, 2013 12:27 PM

    We only need to defend servers in our production environment. Unfortunately, some of those servers have aggregated links and push a lot of traffic, so we might have to go with the appliance. I'd like the option to write my own signatures, however that's a little bit intimidating.

    Thanks for the quick responses! 



  • 5.  RE: Symantec IPS vs Appliance IPS

    Posted Aug 27, 2013 12:33 PM

    Than make sure to read the KBA I linked above regarding IPS on servers as it may adversely affect you.



  • 6.  RE: Symantec IPS vs Appliance IPS

    Posted Aug 27, 2013 12:48 PM

     states that all access to payment card infrastructure be secured by an IPS at the perimeter of the network

    SEP  host based IPS . You should consider other Symantec product which can be installed at your perimeter