Video Screencast Help

Endpoint Security Blog

Showing posts tagged with 11.x
Showing posts in English
dschrader | 15 Feb 2011 | 11 comments

 

 

Symantec today announced the next version of Symantec Endpoint Protection.  This release, version 12.1, will ship later this year.  You can sign up for the beta at http://go.symantec.com/sep12beta/ .

Long in coming, this release is a major milestone.  On the face of it, that statement is odd; after all, SEP is mature product and its feature set hasn't at a fundamental level, changed.  It is still offers the critical elements of endpoint security, - malware protection, access control, device control, application control, firewall and IPS. It “kinda, sorta” looks like nothing has changed.

Well, don't believe it. There are countless new features in this release, and in subsequent blog posts I will dive into them.  The real change, however, is under the covers and in the test results.  SEP 12 is built on a powerful new stack of security...

dschrader | 03 Feb 2011 | 5 comments

 

In one of Alan Shimmel's recent posts to his excellent The Ashimmy Blog, "Do you really need desktop AV anymore?" he states that surfing in safe neighborhoods and practicing safe computing (or safe-hex, as one of his readers posted in the comments section) can provide adequate protection. He is wrong. There are no safe neighborhoods on the internet.  Millions of legitimate web pages are hijacked every year and used to distribute malware. In the past we have seen newspapers, government sites, even the FBI’s home page hijacked – sometimes the networks serving ads to those and thousand of other legitimate sites have been taken over. Worse, malware or links to infected sites are often distributed through sources of trust...

dschrader | 28 Dec 2010 | 0 comments

Gartner just released their annual report on endpoint security (see: Magic Quadrant for Endpoint Protection Platforms, Gartner, 2010)

As you can read in the report, Symantec extended its lead both in terms of vision and ability to execute.  What is really notable, however, is the strong statement Gartner made about the future of endpoint security.  The reports starts with an indictment, "Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users."

Gartner goes on to state, "Signature-based malware detection has been limping along on life support for...

dschrader | 16 Dec 2010 | 10 comments

Today Microsoft introduced Forefront Endpoint Protection 2010.  4 years after Symantec they finally introduced Integration with Configuration Manager, Vulnerability Shielding and Firewall Management – the equivalents of which have all been in Symantec Endpoint Protection for the past 4 years.   

The new version of Forefront still lacks functions we consider essential to endpoint security, including:

  • Device control
  • Application inventory or application control (outside of AppLocker)
  • Access control self enforcement
  • Mac & Linux support – only a promise that sometime next year “details on the timing of the Mac/Linux release will be available”
  • Optimizations for virtual environments - no resource leveling – no way to prevent av storms in virtual environments
  • Bootable recovery disk or a tool equivalent to Symantec’s Power Erasure

A few additional thoughts:...

dschrader | 01 Nov 2010 | 0 comments

Garrett Bechler, a Security Solutions Architect at Symantec has put together a valuable list of tips to reduce the impact of SEP in VDI infrastructures.  With his permission, I thought I would post them here.  These are approaches that have been used in some larger (15-20K node) VDI instances to help ensure that SEP has minimal impact.

1)      Upgrade VDI devices (And SEPM) to latest build of SEP in order to take advantage of the new Resource Leveling settings introduced in SEP 11 06, including Scan Randomization and Content Randomization.

2)      Use the content randomizer in the client communication settings to randomize definition and signature delivery. Based on client density we have found the following to be a pretty decent guideline based on a 1 hour client pull based heartbeat:

a.      25-30 VDI instances per host – 2 hour randomization

b.  ...

Paul Murgatroyd | 12 Aug 2010 | 23 comments

Hi All,
 
I just wanted to take some time out and talk about RU6 MP1.  As you may have seen, there are some people on Connect anxiously awaiting its release for a number of reasons.
 
While I cannot give you a definite date at this point, I can tell you it should be available soon.  We hoped to have it out by now, but there is one last issue which we have to fix before we can release.  RU6 MP1 is a maintenance patch for RU6 and RU6a and because of this, its very much focused on customer defects (somewhere around 80 by the time we ship), although we are adding one new feature for you.
 
Some of the issues which are currently fixed (and should be released) are:
 
1925607: DWHxxxx.tmp files are being scanned and re-detected when new definitions arrive and during scheduled scan
Most of you are fairly aware of this one.  We think we have it nailed for the most part,...