Symantec Endpoint Protection 11.0 by Matthew D. Sarrel.
Businesses face myriad Internet threats—rootkits to the left, bots to the right, spyware behind—yet, despite all opposition, they must charge onto an e-commerce and technology battlefield. Fortunately, the new Symantec Endpoint Protection 11.0 (EP 11), an anti-everything software client, strings virtual barbed wire around your business's PCs. A host-based intrusion prevention system (HIPS) uses TruScan proactive threat scanning to prevent zero-day attacks and at the same time locks down the desktop so that only authorized apps can run. Device control regulates the copying of files to USB memory devices. Antivirus and antispyware features (along with anti-rootkit protection) guard against malware. A network IPS rounds out the product, along with a firewall that provides low-level protection from network threats. Typically, when testing a product as feature-rich as this, we find a few things that don't work, so we're happy to report that Symantec Endpoint Protection 11 actually does work. It blocked malware and controlled removable device privileges as configured and is a fine choice for businesses with perhaps 25 to 50 users.
Administrators can install the software in unmanaged fashion—directly on workstations, in other words—or using a managed approach, by putting the software on a server and then packaging and pushing it to workstations. When I installed it on Windows Server 2003 Enterprise Edition (remember to turn on IIS before installation), a wizard walked me through configuration, during which I set the admin password and created a database (which took 15 minutes or so to initialize). The installation wizard launched a deployment wizard, and using that I exported an install package that was only about 60MB. Although I installed this package manually on my test workstation, you can push it to clients using Active Directory. Once the client software was running, the workstation appeared in the management console.
The management interface gives you control down to an extreme level of granularity. That's no mean feat, and, for the most part, the developers did a great job. Still, to let managers segment clients for management purposes, there are four levels of organization (group, location, domain, client), and getting used to that took some time. The approach provides an advantage, though: Different administrators can assign different policies based on departmental policy and then apply a modified version of that policy if the computer moves. For instance, a laptop in the office may have a more restrictive security policy than the same laptop on the road.
This flexibility is important in large enterprises, but for small businesses it's overkill. You should try to segment as little as possible to simplify ongoing policy management. The soundest advice I can give regarding implementation of Symantec Endpoint Protection 11.0 is to roll it out using the default policies, watch the notifications that you get, and adjust policy as needed over time.
Testing Symantec Endpoint Protection 11.0
Configuring security policy on my management server and pushing it to the client workstation was easy enough. But although the management interface is clean and well organized, the many options make getting lost quite possible. I had no trouble configuring malware scans and HIPS and firewall policies, though—it's really just a matter of finding the right check box most of the time.
In my efficacy tests, Symantec Endpoint Protection 11.0 blocked six of six attempted virus downloads via HTTP, even detecting my test virus within a ZIP file. It blocked six of eight attempted keylogger downloads, allowing me to install the two that got through but later detecting one through a routine scan and removing it. The product blocked all seven attempted Trojan horse downloads and eight of ten spyware downloads, but it did allow me to install the two that got through without removing them. For comparison, consider that the feckless F-Secure Client Security 7.1 fell victim to eight keyloggers, four rogues, and four adware applications. In one case the spyware was never detected; in the other case the antispyware didn't detect the spyware, but the firewall did. I was unhappy, though, that the message the utility displayed was the rather vague "HTTP CommonName Traffic Detected." A chat with Symantec confirmed that this did indeed mean the spyware had been blocked, and you can edit firewall policy from the management console to append a statement like "This traffic has been blocked and your network administrator has been notified" to the message. It might be nice if Symantec did this little piece of work for you, though.
Device control worked very well. I was able to prevent the client computer from writing files to a USB memory key, and I also built and distributed a policy that prevented users from sending data to CD and DVD drives, Bluetooth devices, and printers. In addition, I was able to customize the message that users would see when their access was blocked—a helpful capability that lets them know the restriction is intentional and not a system error.
Symantec Endpoint Protection 11.0 gives an organization's IT administrator comprehensive tools for detecting and repelling attacks. With a protection product that allows this much flexibility and control over policies, you'll have to spend some time learning the ins and outs, but that's far better than learning that your business has been compromised. The good news is that once you climb the learning curve, the product actually works, unlike competitor F-Secure Client Security 7.1, which was easy to implement yet stopped practically nothing from infecting our test machines. Priced at roughly two to three times what the competition costs, Symantec Endpoint Protection 11.0 isn't cheap, but in some respects you get what you pay for—and in this case, you're paying for peace of mind.
Other Symantec products
Norton Internet Security 2008 , Norton Internet Security 2008 5 User Pack , Norton Internet Security 2008 10 User Pack , Norton 360 , Norton 360 - 5 User Pack , Norton 360 - 10 User Pack , Norton AntiVirus 2008 , Norton AntiVirus 2008 5 User pack , Norton AntiVirus 2008 - 10 User Pack , Norton Confidential , Norton AntiVirus 2008 and Norton Internet Security 2008 , Norton Confidential with 1 year subscription , Norton SystemWorks Basic , Norton SystemWorks Standard , Norton SystemWorks Premier , Norton SystemWorks 2006 , Norton SystemWorks 2006 Premier , Norton Ghost 12.0 , Norton AntiVirus 10.0 for Macintosh , Norton AntiVirus 11 for Macintosh , Norton AntiVirus 2008 and Norton Internet Security 2008 , Norton Confidential , Symantec pcAnywhere 12.1 Host & Remote Standard License , Symantec Ghost Solutions Suite 2.0 Standard License , Symantec's Norton AntiBot , SMB - Symantec Backup Exec System Recovery 7.0 , Business - Symantec Endpoint Protection Small Business , Business - Symantec Endpoint Protection 11.0 , Business - Symantec Multi-tier Protection 11.0 , Symantec Home and Home Office Storefront , Norton Smartphone Security
Комментариев нет:
Отправить комментарий