Endpoint Protection

Hello everybody

Since SEP14 has been released, I was wondering and searching for reasons to upgrade.
Main reason for this is the - subjective - lack of improvements outside of the cloud-based area.

To me, it seems that without using cloud funcionalities, there is no reason whatsoever to upgrade to SEP14.

Even more as the company I work for is not allowing any outside-connection to reputation services and so on.
Bottom line, since SEP12 has become stable the past few months, there is no reason to go to SEP14 in an offline environment.

Any inputs and/or reasons for an upgrade to SEP14 are welcome.

There are also machine learning and the sandboxing technology that are new.

Well, please correct me if I am wrong, but the machine learning is nothing one can use without internet connection to the Symantec servers on the web?
As for sandboxing - IMHO it never was and never will be a good approach to secure software with other software.

Yea it uses cloud. All new features of 14 are outlined here: http://www.symantec.com/docs/HOWTO125362 I guess you don't benefit much outside of the new GEM component.

Hi, The biggest advantage of sep14 itself is cloud. Everyone is moving to cloud. Sep 14 also uses advanced technologies to tackle unknown threats using SONAR + INSIGHT + MACHINE LEARNING + BASIC ANTIVIRUS DEFINITION and so on. Suppose something new has come to your company environment and SEP does not have definitions for that yet. So it can use cloud reputation database to look for that particular file to judge it. Also using IPS it can also block attack like ransomware if SEP cloud has information related to the command and control websites of attacker in it's database. And lastly Machine learning - this will block applications and malwares based on it's own algorithm, but as it's is in early stages it might throw some false positives, to tacke this it will also need cloud. Hence, CLOUD IS THE FUTURE

Well, I do not want to doubt this whole Cloud topic. Nevertheless, AV is pretty useless anyway and only still there for the sake of having it. A relict to me.
We do have other solutions in place to protect us from unknown threats. They're pretty accurate and saved us various times already when SEP did not even have a clue of a threat.

What I have been and still am surprised is that SEP has still not been integrated in the other Symantec products as DLP and Bluecoat for example. This really would make a difference from the other security products available.
Hence you could actually build your own little cloud with the possibility to integrate these products. Needless to say that also other security products would be able to feed and consume the then created platform.

Cloud-integration is nice, but in real world for security-sensitive environments simply not feasable and therefore worthless.

Seems you have your mind set on usefulness (or lack thereof) for AV. Being in a closed environment you may not face the same challenges of others in an environment with Internet access.

SEP is not just AV but we'll have to agree to disagree on the usefullness of it. Since 14 has much more cloud functionality it probably does not appeal to your environment.

It is set somehow, but this mainly is owed to the past few years showing that having only AV is simply useless.

I absolutely agree on the fact that SEP is more than AV, which is one of the main reasons we still have it.
Nevertheless, I still hope Symantec to create a unifying-client in the future.

And also I think that my question has been answered.