Endpoint Protection

 View Only

  • 1.  Shared Insight Cache and Private Insight

    Posted Feb 23, 2017 02:27 AM

    Hi all,

    Below is what I have understand of shared insight cache and private insight. Please correct me if I am wrong. 

    Shared Insight Cache suitable for virtual environment. Client send the clean files to the server and added it into the cache. Other client will ignore the file that is in the server when they scan their PC. Share Insight Cache server will not download the insight reputation files/ database from Symantec. Symantec does not receive any submissions for file reputation.

    Private insight cache suitable for user without network connection. The private server stores a copy of Symantec Insight's reputation database in private cloud. Client will check with the private insight server regarding their files reputation. The private insight server need to upgrade manually. Symantec does not receive any queries or submissions for file reputation.

    May I know what is the different between this two?

    Thanks



  • 2.  RE: Shared Insight Cache and Private Insight
    Best Answer

    Trusted Advisor
    Posted Feb 23, 2017 03:33 AM

    Hello,

    You are almost correct. Just a small difference.

    SIPC is for private cloud (not every company would have that - it's extremely expensive) and requires vitual appliance to be installed, where as shared insight is for vitualized environment with a virtual server Windows 2003/2008.

    Symantec Insight for Private Clouds (SIPC) is a virtual appliance that can be used for SEP 12.1 RU3 and above's Insight/Reputation-related lookups on dark networks (no Internet connectivity).  A rough analogy is that SIPC is like a "LiveUpdate Administartor 2.x server for Reputation" (creates an in-house mirror of what is on the Internet servers).

    There are substantial system requirments for this virual appliance and SIPC is an optional add-on which must be purchased.  It's best suited for very large high-security networks (tens of thousands of endpoints with no Intenet access) in my understanding.  Sales should have more info for you, if this sounds like something that would be of interest. 

    https://www-secure.symantec.com/connect/user/paul-murgatroyd

    The Symantec Endpoint Protection Shared Insight Cache eliminates the need to scan files in a virtualized environment that Symantec Endpoint Protection has determined are clean. When Symantec Endpoint Protection scans a file for threats and determines it is clean, the client submits information about the file to Shared Insight Cache. When another client subsequently attempts to scan the same file, the client can query Shared Insight Cache to determine if the file is clean. If the file is clean, the client can bypass virus scanning on that particular file. If the file is not clean, the client scans the file for viruses and submits those results to Shared Insight Cache.

    The SIC server works with Symantec Endpoint Protection (SEP) 12.1 clients, especially in virtualized environments, to improve on-demand scan performance. SEP clients can be configured to request information on unknown files and submit information on known files to/from the SIC. The SEP client performs these lookups during all scheduled and on-demand scans. This allows the the client to substitute a small amount of network traffic for a larger amount of disk I/O by not scanning files another SEP client has already scanned and determiend to be safe.

    https://support.symantec.com/en_US/article.HOWTO81020.html

    Regards,



  • 3.  RE: Shared Insight Cache and Private Insight

    Posted Feb 23, 2017 03:36 AM

    SIC: For a particular set of Defs ( 2/23/2016) All machines would submit the file results to SIC, if you do another scan ( manual or schedule for the same set of virus defs) it would quicky query the SIC and there by ignore all the good files and only scan others there by decreases scan time. clients are the one who build the DB based on voting system to determine which file is clean and which is not in an virtualized environment.

     

    Private: its checked against symantec offline DB for a file reputation. You need to update the offline DB manually

     

    For more information you need to check with your Sales Rep, as there are limited info available based on these two...

    These are required only in  a Very Large Environment, Ours is a small Net we dont use any of these to be honest

     

     

     

     



  • 4.  RE: Shared Insight Cache and Private Insight

    Posted Feb 23, 2017 03:37 AM

    Private Insight cache is only for special environments that for some reason can't use Symantecs cloud.
    It's designed for governments and Forbes100 companies. It's extremly expensive... Unless your company has a IT security budget similar to NSA, just ignore the option. It stores file reputation for mostly executables.


    Shared Insight cache network is an application that stores hashes of all files scanned by a scheduled scan in your environment so the file is never scanned twice. This means absolutly every single file type,  not only executables.

    Example.

    Server A does a full scan. Scans 10million files. Hashes of the scanned files are sent to the Shared Insight Cache
    Server B does a fulll scan and also checks the shared insight cache. It scans 10million files. 7million of the files has already been scanned by Server A so Server B don't scan these files. This decreases the scan time by several hours. I've seen servers go from +24 hours of full scan to less than 2 hours.

     


     



  • 5.  RE: Shared Insight Cache and Private Insight

    Posted Feb 24, 2017 03:51 AM

    The SIC server works with Symantec Endpoint Protection (SEP) 12.1 clients

    Do you mean this doesn't work with v14 clients?