Endpoint Protection

I am always curious about my fellow SEP administrators and what other roles they perform. I am sure most of it depends on your environment and the size of your organization, but Id love to hear some of the background of what you do.

I am the only person who manages SEP (and SAV). We have 200 + servers and close to 4000 clients. 

How about you? 

I'm a security analyst that works for a security consulting firm. I deal with many large scale, enterprise level engagements, as well as alot of work for the military and other government entities.

I'm hired by a reseller to be a contract based, resident consultant for a BPO. They were using SAV 10 at that time. I'm here to provide answers to problems on Symantec products. They have over 10k clients and servers. I'm helping them migrate to SEP and SBG. And since I'm not an employee of the company, I have limited access to PCs for troubleshooting. I do my troubleshooting through the phone or by email.

I am working for a client who has the standard as SAV and SPA as the protection technology for the client workstations(41 SAV servers, ~35,000 clients, 2 Sygate servers(Primary and failover)) and McAfee safeboot encryption(~15,000) for the laptops. Symantec Enterprise Security Architecture (SESA) is used for the reporting and alerting.(2 reporting and 1 db2 server)

We are upgrading the entire SAV, SESA and Sygate environment to SEP.

Trend Micro ServerProtect is the standard for the servers(~2,500). Even the primary and secondary SAV servers have trend on them with the SAV Auto Protect off as that's not it's real job.

Our EPS team comprises of 5 people, One for each technology and we act as a backup for atleast one of the other service(SAV, Sygate and Trend for me),Everyone is involved if there is a major incident with any of the services. I like my job :)


 

I work for a non-profit supervising two System Administrators and manage 260 desktop/laptops, 24 servers, hardware based firewall (mainaining packet filter rules, web content proxy, anti-virus, anti-spam, IPS).  About 24 locations across the State.

Also responsible for File/Print servers, Exhange FE/BE, WSUS, SMS 2003 (upgrading at the moment to SCCM 2007 R2), BackupExec, SEPM/SEP (upgraded from SCS 3.x, upgraded from SAV 8/9/10), SQL, Oracle, HP Insight Manager, VMware ESX, Trend Micro, Exclaimer, VOIP phone system (currently upgrading), Retail POS computer registers, bar code printers, several brands of security camera DVR systems, Terminal Services in application mode for WYSE thin clients (testing now to convert old shared computers to replace/deploy about 120 thin clients), Blackberry Enterprise Server, four custom applications for HR, Finance and Marketing.

Finally implemented a NetFlow Analyzer server to "know my flow" (what a big help).  I'm a jack of all trades, master of none. :-)

RickJDS - do you even sleep, man???  How much of the "hands-on, in the trenches" work do you do yourself, as opposed to having the folks you supervise do?  Just wondering, to get an idea as to what's feasible for one guy (or small team) to do.

Craigpower - beleve it or not, but yes I can do it all if I absolutely had to.  Granted my staff and I cannot run all of these services the way it should (checking logs, performance, etc.) so we're more of a "reactive" shop.  When something needs attention, we move our efforts to that problem, then hit the next problem, etc.

Most things are on autopilot though.  Most of the hands on that I do is SEPM, Hardware firewall configuration/monitoring and SMS (along with a lot of project management).   I let my staff handle the helpdesk tickets, POS, BackupExec, VOIP and the dedicated custom applications.  I try to teach them everything I can for their benefit.

I have to give my two administrators a lot of credit.  They've grown immensly under me and they work and learn quickly.  They also take ownership for things that I teach them.  They are both excellent troubleshooters.

Two things really help us out a lot: HP Insight Manager to monitor my servers and routers (email notification if there's a problem) and SMS for installing software remotely, hardware/software inventory and remote desktop control.

Wow, props to you!  I asked because I'm a "one man band", albeit at a smaller organization (4 servers, 60 or so workstations, 'bout 100 or so users), and wanted to know how it was working for you at your place.  Know what you mean about not being able to run things the way you'd really like; I end up having to be pretty reactive, too.  Thanks for the suggestions on HP Insight Manager and SMS, too.  I'm considering moving to Windows Essentials Server, primarily because of the "SMS Lite" that is included with it.

Thanks for you response!

Regards,

Craig

I completely agree with the HP Insight manager. We have that and Dell OpenManage up and running and it can be a savior. We do not have SMS or an alternative solution and that can be a pain sometimes. Was SMS a bear to implement? I have hear the horror stories or how tough it is to manage.

I started at the company I'm at a few months ago (contract-to-hire).  My first project has been to convert from SAV 10.x Corporate to SEP 11.  I'm also piloting a third party application and device control program (think what SEP offers on steriods, our Symantec sales rep almost wet himself when I showed it to him).

This is the first company I've worked at with a compartmentalized IT staff.  Before now I've always been in a situation like Rick's.  A handful of guys taking care of everything that runs on electricity.

I'm "officially" and IT Security & Compliance officer for a billion dollar financial services company (one that's still doing well---we actually only made loans to people we thought could afford to pay them back).  In addition to SEP, I am responsible for:

1)  Dealing with the various regulatory agencies and internal/external auditors
2)  Formulating and enhancing (with others) IT and Information Security  related company policies and procedures
3)  Managing our WSUS updates
4)  Deploying/managing our mobile device encryption program
5)  Member of our InfoSec Incident Response team
6)  Information Security Training for users
7)  Overall, making sure our company is in compliance with regulatory guidelines, industry best practices, and common sense security measures across the various lines of business

I'm Admin for SEP/SEPM, SEV, Exchange 2007, AD and am 3rd line support for BES and HP Insight Manager in UK, EMEA and Asia Pacific regions.

Happy days!

RickJDS is also known as Clark Kent after-hours...............

I evaulate and test hardware/software, am involved in setting "desktop" standards.
I create the images used on our computers.
I deal with network admin and network connectivity - the ASAs, etc.
I'm network/data security administrator - I handle agency firewalls, IPS, AV and so on.
I act as backup for almost everything IT here.
I handle some AD stuff, and deal with the policies in AD managing Acrobat Reader (lockdowns) and our enterprise defrag software.
20-some servers, roughly 350+ desktop and notebook computers.

Prior to this, I was the AV admin and architect for the SAV xxx implimentation at PFG - 1200 servers, 16000 clients world-wide.

SMS was a bit tough to set up in the beginning, but once its up, it is very easy to manage (in my experience).  I'm now doing a side by side upgrade to SCCM 2007 so I can't wait to see what's new in this version.

Let me give you all a gist about everyday routine of a support engineer in Symantec.

I work for SEP support Pune (India) , (I know watz going through your mind :P) but the answer is NO,SEP support is not outsourced. It is a Symantec office, it is Symantec’s support centre in India and not outsurced.

SEP support is not limited to first hand support on just installation and working of the software. It involves close coordination with corporate infrastructure / network teams to maintain strict compliance. Assisting clients design their network in the best possible way, getting the most out of the product, applying the latest patch, designing firewall policies that best suit the customer’s requirements, in case of outbreak provide the immediate steps to be taken to restrict breakdown.

Not to forget, nothing is error free in this world. Any bugs are first reported by support and then gradually escalated to backline team which in turn provides the final fix in the form of patches.

SEP doesnt work alone, it has to be on a platform like windows and there can be multiple applications running on the same platform. So troubleshooting windows and trying to resolve the conflict with other applications is the best effort support provided.

The best thing about Symantec is that it provides a calm and very comfortable working environment.

Symantec engineers dedicate a lot of time in research and reproduce your issues in the “in house” labs.

But as they say, you can’t win them all, Customers are not always happy with our ways but that has never been the motive and as a matter of fact whatever you say does get noticed, Be it here or back here. You can take my word for it. :)

Regards,

Barkha
MCSE SCTS STS