Symantec's Endpoint Protection Small Business Edition


Uploaded by davidstrom2007 on 20.04.2009

Transcript:
Hello and welcome to another episode of Web Informant dot tv. I am David Strom, you host
and reviewer. Today we are looking at version 12 of Symantec's Endpoint Protection Small
Business Edition. It is a powerful protective application that can secure your small network
and we are looking at its main console that shows you the current overall status, what
endpoints are being managed, and whether any threats have been detected
This product is geared towards small businesses that don't have a lot of IT depth or experience,
and it installs quickly and is very simple to set up. It includes its own Web server
and doesn't require that your network be running Active Directory, or even a Windows file server,
although it can leverage these pieces. It automatically sets up a series of protective
policies, groups of computers, and rules for protecting your endpoints and your network.
Here we are looking at the default groups screen.
There are two major pieces to the product: a management server called the Symantec Protection
Center that can install on just about any Windows server Ð as long as it isn't running
Vista; and the client piece that provides the protection, which we are looking at here,
which runs on Vista along with older Windows versions.
This is not just an anti-virus product, but incorporates three other main technologies
to keep your PCs from being compromised: a desktop firewall that can beef up Windows'
own puny attempts in that area, proactive threat protection that handles unknown and
zero day attacks, and a sophisticated collection of intrusion prevention tactics that we'll
get to in a moment.
Once you install the server, which took us about five minutes, you next bring up the
Client Installation Wizard that you see here. It is very simple. There are three different
choices for the installation: -- to create an executable setup file, send an email link
that points to the setup so that each end user can perform their own installation, or
push the installation with no user interruption or action, using the admin login on the end
user''s PC.
After the client has been installed, the protective features are automatically enabled and there
is nothing more to do. It is that simple.
The value in this product is its simple reports that can keep you current with what is happening
on your network without burying you in copious logs with every event. Go to the Reports
/ Scheduled Reports tab and you can see a daily and weekly status report that are set
up by default. If you want more, click on the Add button and you can select from four
different canned reports and schedule it to run at a certain frequency
What happens when you hit an infected Web site, or try to download a virus? Here you
see a warning message that pops up on the client side PC. There are also summary statistics
that are displayed over on the console as well.
One of the things I liked about the product was that the reporting portion of the management
console is remotely accessible, which is great for VARs and consultants that need to manage
the machine from afar, you just bring up your Web browser and the IP address and you will
see this screen in your browser. [show IE doing remote monitoring from port
9090]
Another thing is that the product has a lot going on under the covers but doesn't intrude
with a lot of annoying dialogs to the individual end users like some personal firewalls. Here
we are looking at the Zone Alarm firewall and what happens when we bring up IE and Google,
it peppers us with a lot of allow or block questions.
The difference is notable with Symantec's product Ð there isn't anything for the end
user to do, they are just being protected as they go about their business and no annoying
dialogs either.
Going back to the management console, here we see the list of threat signatures that
come turned on for the intrusion prevention module (we get there by going to IP policy,
then exceptions, then add an exception to our policy). When we took this video, we had
more than 1600 threats catalogued and there is a convenient link to the threat database
on Symantec's Web site.
Another thing is that there is a free 30-day trial with unlimited licenses to the full
product. The software is very competitively priced, with client licenses ranging between
$35- $45 each, and between $16-$20 if you are using any non-Symantec AV products, making
this software a very good deal indeed. Finally, there is a series of screens that will show
your licensing profile Ð clicking on that link on the main console will bring up this
information.
There is also a different version of the SEP product with more options for larger enterprise
installations that include removable device controls and the ability to lock users from
installing any new applications.
What are things I didn't like? I wish the default was to replace the standard Windows
firewall with the Symantec version, which is much more capable because the Microsoft
firewall doesn't block any outbound traffic, and these days with the level of phishing
and blended attacks that can be a big security weakness. Here we are looking at the various
firewall rules that you can enable and customize (go to Policies/Firewall, add a policy, then
go to Firewall rules and select the particular policy)
Another drawback is that the product is Windows-only: it would be nice to have something that works
on Macs too. Thanks for watching Web Informant dot tv. This is David Strom, feel free to
email me comments to david at strom dot com.