Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Security Blog
Showing posts tagged with Endpoint Protection (AntiVirus)
Showing posts in English
Sean Yarger | 08 Jun 2011 | 2 comments

 

Let’s pretend for a moment that you’re on a business trip. You hear the boarding call for your flight and reach down to grab you laptop – only your laptop isn’t there. Whether it was left at security or snagged by another traveler in the terminal, your laptop is gone and your company data is at risk.

 

So what do you do? Typically you’ll need to make a call to the office, notifying your IT department of the incident. This call will initiate a chain reaction of events set into place to ensure measures are taken to secure the files and equip you with a new device to keep business running as usual. This process typically involves a series of forms, approvals, signatures, etc.

 

While it may sound simple, enforcing processes with effectiveness is one of hardest things for companies to do. With multiple people involved and steps required, any number of things can go wrong, slowing down the process –...

KatieBurton | 03 May 2011 | 1 comment

 

Battling Advanced Persistent Threats with Relevant Actionable Intelligence

High profile assualts today such as Hydraq and Stuxnet are prime examples of how attackers are taking advantage of visibility and protection gaps in our customers environments. Attackers- albeit cyber criminals, nationalists, or malicious insiders- are relying on the simple fact that managing security is complex. It’s nearly impossible to keep a real-time status of your security posture, and the protection measures you have in place to secure your confidential information and the infrastructure where it resides.

 

To add insult to injury, many of the security technologies that are used to monitor and protect our environments are already in place, yet the bad guys keep getting through. So what gives? How can we get ahead of these attacks?

 

At Symantec we believe that combining and correlating local and global threat...

dschrader | 01 May 2011 | 20 comments

 

This week Symantec introduced the concept of V-Ray – tools that provide visibility into virtual environments.  SEP itself has been enhanced to seamlessly support virtualization.  Today’s blog is a checklist for configuring Symantec Endpoint Protection to play nicely in a virtual space.  Optimizing a new product is a work in progress, so if you have suggestions on addition steps/settings to better allow SEP to run in VDI, let me know.  (My thanks to Anthony Flaviani for much of this material).

1.       Ensure that Insight is enabled. 

Insight determines a file's security rating by examining the following characteristics of the file and its context:

•      The source of the file

•      How new the file is

•      How common the file is in the community

•  ...

dschrader | 15 Feb 2011 | 11 comments

 

 

Symantec today announced the next version of Symantec Endpoint Protection.  This release, version 12.1, will ship later this year.  You can sign up for the beta at http://go.symantec.com/sep12beta/ .

Long in coming, this release is a major milestone.  On the face of it, that statement is odd; after all, SEP is mature product and its feature set hasn't at a fundamental level, changed.  It is still offers the critical elements of endpoint security, - malware protection, access control, device control, application control, firewall and IPS. It “kinda, sorta” looks like nothing has changed.

Well, don't believe it. There are countless new features in this release, and in subsequent blog posts I will dive into them.  The real change, however, is under the covers and in the test results.  SEP 12 is built on a powerful new stack of security...

dschrader | 03 Feb 2011 | 5 comments

 

In one of Alan Shimmel's recent posts to his excellent The Ashimmy Blog, "Do you really need desktop AV anymore?" he states that surfing in safe neighborhoods and practicing safe computing (or safe-hex, as one of his readers posted in the comments section) can provide adequate protection. He is wrong. There are no safe neighborhoods on the internet.  Millions of legitimate web pages are hijacked every year and used to distribute malware. In the past we have seen newspapers, government sites, even the FBI’s home page hijacked – sometimes the networks serving ads to those and thousand of other legitimate sites have been taken over. Worse, malware or links to infected sites are often distributed through sources of trust...

dschrader | 28 Dec 2010 | 0 comments

Gartner just released their annual report on endpoint security (see: Magic Quadrant for Endpoint Protection Platforms, Gartner, 2010)

As you can read in the report, Symantec extended its lead both in terms of vision and ability to execute.  What is really notable, however, is the strong statement Gartner made about the future of endpoint security.  The reports starts with an indictment, "Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users."

Gartner goes on to state, "Signature-based malware detection has been limping along on life support for...

dschrader | 16 Dec 2010 | 10 comments

Today Microsoft introduced Forefront Endpoint Protection 2010.  4 years after Symantec they finally introduced Integration with Configuration Manager, Vulnerability Shielding and Firewall Management – the equivalents of which have all been in Symantec Endpoint Protection for the past 4 years.   

The new version of Forefront still lacks functions we consider essential to endpoint security, including:

  • Device control
  • Application inventory or application control (outside of AppLocker)
  • Access control self enforcement
  • Mac & Linux support – only a promise that sometime next year “details on the timing of the Mac/Linux release will be available”
  • Optimizations for virtual environments - no resource leveling – no way to prevent av storms in virtual environments
  • Bootable recovery disk or a tool equivalent to Symantec’s Power Erasure

A few additional thoughts:...

Hear4U | 09 Dec 2010 | 0 comments

The holiday season is upon us and, as usual, many people are planning on taking time off from work. But with the proliferation of mobile devices such as smartphones, “time off” doesn’t exactly mean what it used to. Symantec recently conducted a survey to uncover enterprise mobile device users’ expected smartphone habits and usage patterns – particularly those that relate to mobile security and management – while out of the office over the holiday season and in general. Here is a look at the key findings:

thumbnail" />

The interesting thing about this finding is that 62 percent of respondents do not simply plan to access confidential data on their smartphones, but expect they will need to access this sensitive data while away from the office during the holiday season. Sure, respondents might access and view this data in the privacy of their home, but in all likelihood, many will do so in public, possibly while standing in a...

Blake M | 17 Nov 2010 | 0 comments

With all of the options in the marketplace today, small businesses must secure customer trust and loyalty to remain competitive. Regardless of the industry, their customers are looking for the best quality, value and service and they will quickly move on if their needs are not met. They also want to know that their personal information, like their credit card numbers and bank account information, is protected when they deal with a small business.

Today, so much of our valuable information resides on computers. It’s how we work. So it is expected that small businesses would be concerned about keeping their customers’ personal and financial information safe. In fact, according to the recent Symantec 2010 SMB Information Protection survey, almost three-quarters of SMBs are somewhat/extremely concerned about the loss of crucial business information. This does not come as a surprise when you consider that 42 percent have actually lost confidential or proprietary...

dschrader | 01 Nov 2010 | 0 comments

Garrett Bechler, a Security Solutions Architect at Symantec has put together a valuable list of tips to reduce the impact of SEP in VDI infrastructures.  With his permission, I thought I would post them here.  These are approaches that have been used in some larger (15-20K node) VDI instances to help ensure that SEP has minimal impact.

1)      Upgrade VDI devices (And SEPM) to latest build of SEP in order to take advantage of the new Resource Leveling settings introduced in SEP 11 06, including Scan Randomization and Content Randomization.

2)      Use the content randomizer in the client communication settings to randomize definition and signature delivery. Based on client density we have found the following to be a pretty decent guideline based on a 1 hour client pull based heartbeat:

a.      25-30 VDI instances per host – 2 hour randomization

b.  ...