Saturday, July 7, 2012

Review of Symantec Endpoint Protection 12



The choice of corporate anti-virus - a simple matter and requires careful consideration of applicants. Current solutions are often offered as a harvester, which includes additional components such as firewall and IPS, blocking all avenues of possible contamination and reducing risks. That's the way it is Symantec Endpoint Protection 12.


TECHNOLOGY USED IN BOT


The products from Symantec has used a number of mechanisms to detect and block malicious 0day-code: Insight, SONAR, and Bloodhound. Technology Insight is based on the "sensors" placed on millions of computers. Comparing the exchange of data between systems, analyzed the age distribution of the source file and on what basis is the output file security. To reduce the load, intellectual HYDRATED scanner checks files in system downtime, so the user does not notice the work of anti-virus. SONAR technology uses the behavioral-reputational approach - blocking 0day-vulnerability threats and narrowly focused on the analysis and comparison with the profile. Proactive Technology Bloodhound isolates some of the files and If a program tries to go beyond the established perimeter, its actions are analyzed, and then a decision is made about the degree of danger.

POSSIBILITY OF SYMANTEC ENDPOINT PROTECTION 12


The company Symantec has known anti-virus software on the market for years. Many people probably still remember the Norton Antivirus, which stood on the vast majority of PCs in the beginning of the century, and successfully repulsed the attack of viruses. Today, he released Symantec, however, is Norton Internet Security. Corporate sector also protects a series of Symantec Endpoint Protection, which consists of three decisions:

• Endpoint Protection Small Business Edition - for small companies (up to 100 users), simple installation and configuration, all data stored on local systems;

• Endpoint Protection.cloud - realization in the form of SaaS, where there is no need to deploy their own infrastructure management, provides protection for Windows-systems in organizations of up to 250 PC;

• Endpoint Protection - most fitted with a solution that protects workstations and servers running various operating systems and virtual environments, is designed for organizations with many users will be more familiar with sta.

Dalee Endpoint Protection, version of the SEP 12.1 RU1 which became available in November 2011 goda.Reshenie based on the classic for corporate anti-virus client-server architecture. Endpoint Protection Manager server is used for centralized license management, configuration, upgrade and database agents, as well as to collect data on system status and generate reports. In the terminology created by Symantec SEPM structure is called a site. The network can have multiple servers, sites and domains for load balancing with data replication, rapid recovery and hierarchical organization, providing ease of management and delegation of authority.

All settings are made through the Web or a local console, Web Access (port 9090), which are built using Java. Their appearance and functionality skhozhi.Konsol can be integrated with other products from Symantec, particularly the Protection Center, providing a single environment and safety management to respond quickly to new threats. The component extends the functionality of IT Analytics Reporting Endpoint Protection with additional features analysis and graphical presentation of data.

To store the settings and use of customer information database. For networks with up to 5,000 systems with a single management server, you can use the built-in database, which is automatic and requires no additional configuration. If the customer is greater than or plan to deploy several EP Manager with data replication or load balancing, you should upgrade to MS SQL Server.

As an agent installed on end-systems, integrated multiple security mechanisms:

• Anti-Virus provides protection against viruses, spyware, Trojans, bots and rootkits;

• Rule-based firewall and IDS - protects against network attacks and prevents malicious software downloads;

• Module Application and Device Control - control applications and devices that can run a user or computer.

To install the agent need:

- computer with an Intel Pentium III class 1 GHz or higher;
- 512 MB RAM (Recommended 1 GB RAM);
- 700 MB of space on that drive.

Symantec Endpoint Protection client for Windows version supports 2k, XP, Vista, 7 and Server 2k3/2k8, including the Small / Essential Business Server.

Client for Linux supports installation on: Debian 4/5/6, Ubuntu 8.04-11.04, Fedora 10/12/13/15, SLES / SLED 9/10/11, RHEL, Novell Linux Desktop 9 and Open Enterprise Server.

Symantec Endpoint Protection client to Mac:

• Mac with a PowerPC-based MacOS X 10.4-10.5x;
• Mac Intel-based Mac OS X 10.4-10.7 (i86 and x64 edition).

Server Management Endpoint Protection Manager requires the computer is not lower than Pentium III 1 GHz with 1 GB of RAM (4 GB recommended) with 4 + 4 GB of free space (server + DB) running Win XP-2k8.

As a database server, you can use built-in database or MS SQL.

No comments:

Post a Comment