Endpoint Protection

Can anyone comment on the effectiveness of the Symantec Endpoint Protection 12.1 firewall function on a server with a public facing website? Does it effectively function as a WAF? (Web Application Firewall) Or is a true WAF a product that is more specifically tailored for deployment on a server hosting public websites? I'm looking to provide protection against malware attacks (sql injection / css scripting) developed to exploit the encryption (https / ssl) environment. IPS and Firewall work on non-encrypted traffic and via access-list rules, but ours are not encrypted traffic smart.

Yes, you would definitely need a true WAF. In this case, the SEP IPS component would come into play and it's only as good as the signatures it has.

SEP IPS will catch xss/sql injection but that's only if a signature is available. XSS/SQL Injection can be maniuplated to get around traditional signatures. A true WAF will give you much more flexibility.

You could write custom IPS signatures in SEP, so this may help out more and let you be flexible as well.

About custom IPS signatures

No, not to my knowledge.

Yes, you would definitely need a WAF firewall for that purpose. The firewall provided in SEP is practically only host based and not designed to protect a hosting of public websites.

Definitely not recommended to use SEP as "WAF"....

one would always think of multi-layered defense... so get another box or two  ;)

Hello,

You would required WAF. SEP should be used in the network to protect form malicious attack while to protect from outside network you definitely need some more layer of defence.

Can think of WAF or even hardware firewall, Squid server etc.