Jan 30 2009

End Your Crippling Support Nightmare

Counter security threats with solid endpoint security.

Ask any experienced IT manager and they will tell you: End-user security threats aren’t what they used to be.

Once upon a time, there was a clearly defined threat timeline, which led to infected end-user machines. MIS departments (remember when they were called that?) could easily point to an e-mail attachment, a virus-infected file or even a malevolent macro and piece together where things went wrong. The aftermath of such a discovery would typically involve a simple virus scan with updated definitions and might culminate with some finger-wagging at the end user, coupled with a friendly reminder about cautious computing.

Those were the days.

Modern malware no longer relies on end-user interaction to wreak havoc on unsuspecting clients. Today’s malware jumps from machine to machine in seconds, creating botnet zombies who relentlessly scour the Internet for IP addresses and open ports in order to infiltrate and infect new computers. Given the prevalence and autonomous nature of these blended threats, a multitiered, comprehensive end-user security solution is no longer a luxury — it’s an absolute necessity.

When choosing such a solution, finding a product that strikes a balance between functionality and manageability is of critical importance. One product that promises to achieve such a balance is Symantec Endpoint Protection 11.

End-User Advantages

Disaster recovery holds the top spot on many IT departments’ priority lists, but similar concern should apply to disaster prevention. While many products offer antivirus and firewall protection, Symantec goes a step further and includes antispyware, intrusion prevention and device and application control. Endpoint Protection is also Network Access Control –ready, helping you make the most of the built-in security on Vista clients. The net result is effective layered protection in a single program.

Why It Works for IT

Earlier versions of Symantec’s security software typically came with separate consoles for antivirus and firewall configuration. For administrators, one of Endpoint Protection’s most noticeable improvements is a more intuitive interface, which fuses everything needed to manage end-user security into a single console  Likewise, whereas earlier versions of the security client came with separate System Tray icons for firewall and antivirus, Endpoint Protection offers options for both of these under one parent application, giving users (and help-desk staff) a one-stop shop for verifying system protection and integrity.

Symantec’s Management Server is straightforward, offering both simple and advanced setup options. Using simple setup, you can configure your management server in just a few mouse clicks. But to tailor-fit security for servers that manage more than 100 clients, you’re better off using the customizable advanced option. You can customize and configure either embedded databases, which will support up to 5,000 clients, or SQL databases, which will support well beyond that mark.

Symantec Endpoint Protection comes standard with a migration and deployment tool that allows administrators to create installation packages that can then be used to migrate or deploy new clients. The migration side of the tool allows administrators to upgrade existing Symantec Antivirus or Symantec Client Security clients to the current version in a relatively seamless fashion, without disrupting end users. The deployment tool works in much the same way, but performs a clean install of Endpoint Protection on machines that have no previous versions of the software installed. This tool is also very flexible, in that it allows administrators to select which computers or groups receive what components of Endpoint Protection. Administrators can choose to either save their created packages (to be used later) or push them out immediately to clients over the network.

These features will undoubtedly save you both time and money: Because help-desk staff will not have to touch every machine, deployment will be exponentially smoother and faster. And you won’t have to disrupt end users to upgrade their security.

While centralized management and deployment is at times a double-edged sword, there is much to be said for its inherent consistency. Having all clients running the same software version, the same patches and the same definitions removes many variables, and promotes universal compatibility. One of the most futile support scenarios for any IT department is one that involves troubleshooting or testing in an environment in which end users have several versions of the same software. When everyone is drinking from the same well, so to speak, you won’t have to rely on centrally managed solutions.

In our test environment, the Symantec Management Server was very stable and at no point appeared to be taxed. The test client PCs had no trouble updating from the server, and notebooks did a good job of staying up to date, even though they were not always connected to the network — all of which underscores our final point: Symantec makes products that work . Proven performance is critical , especially in enterprise environments, in which trust (or the lack of it) can yield hundreds of successes (or failures) at a time.


The biggest drawback to this product is the inevitable overhead. Symantec Endpoint Protection 11 primarily runs three processes on client machines: smc.exe, smcgui.exe, and the familiar rtvscan.exe, each of which uses 20MB of RAM at idle. In a world where base line machines ship with 1 gigabyte of RAM, those 60MB may not seem like a lot. But it’s something to keep in mind if you have slower machines with less RAM. And as with any major software rollout, it probably wouldn’t be a bad idea to do a quick audit of users’ machines to see if anyone is in need of a memory upgrade before adding to the load.

Finally, no matter how good your security software is, it’s not going to catch everything. It would be overly optimistic to present this product as a panacea for all malware-related threats; there is no such thing. That said, this is one of the most comprehensive products I have yet seen and lends a sense of security that few other programs can offer.