Symantec Endpoint Protection Analyzer Report

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Symantec Endpoint Protection Analyzer Report"

Transcription

1 Symantec Endpoint Protection Analyzer Report For Symantec Customer

2 Table of Contents Statement of Confidentiality Introduction Environmental Analysis Overview Findings Overview Client/Server Distribution Client Versions Protection Overview Antivirus and Antispyware Firewall IPS SONAR Download Insight Threat Detection Summary Infected Clients Top Infections Infections by Client Detections by Scan Type Top Actions Taken Detailed Findings SEP Manager is not running latest version SEP Manager is a vulnerable version Windows 2000 SEP Clients detected LiveUpdate Frequency SEPM Content Revisions are not Best Practice Client IPS installation below 90%

3 Statement of Confidentiality Symantec provides this report on an "as-is" basis, as a courtesy to a Symantec Customer. The deployment metrics provided within this report (e.g. client count, versions, etc.) are generally deemed to be directionally accurate but are non-official and should not be used for license audit purposes. Please engage the Symantec Global License Compliance team if a precise measurement of these items is desired. 3

4 1. Introduction Thank you for participating in the Symantec Endpoint Protection (SEP) Analyzer process. We have analyzed key metrics from the Symantec Customer SEP environment and the results are provided within this report. This report includes a high level summary of each category examined by SEP Analyzer, and reviews each topic, providing charts for each key metric along with details of how to interpret the data. The full set of data used to complete this analysis can be provided upon request. 4

5 2. Environmental Analysis Overview Collection Date :57: Collection Server SEPM SQL Server Address localhost Database Type Adaptive Server Anywhere Number of SEP Clients 523 Clients Number of threat detections (last 30 days) 343 Threats 2.1 Findings Overview Issue Are vulnerable SEP or SEPM Versions installed? Is SEPM running the latest version? Are there Windows 2000 clients in the environment? Is LiveUpdate Configured to update Multiple times per day? Is the SEPM Manager storing recommended content levels? Are Database Backups enabled in the environment? Are Database Maintenance tasks enabled and scheduled? Are there more than 10% of clients with out-ofdate AV Definitions? Is Intrusion Prevention System (IPS) deployed and running in the Environment? Are there infected clients which require attention? Result Review Review OK OK Review OK OK OK Review OK For detailed information on the findings, please review Section 4. 5

6 2.2 Client/Server Distribution Site Server Clients A SEP Site SEPM 523 6

7 2.3 Client Versions Version Clients

8 3. Protection Overview 3.1 Antivirus and Antispyware Antivirus and Antispyware is a fundamental component of SEP responsible for scanning and monitoring the file system for malicious files. All clients in your environment should be running Antivirus. The following graph outlines how Antivirus is currently deployed in your environment: Value Amount Installed 509 Disabled 1 Not Installed 12 Unknown 1 8

9 3.2 Firewall The SEP Firewall is a protection layer which monitors network traffic, and compares it to rules which to allow or block users from accessing the network. Only authorized traffic can pass. This is a highly powerful and customizable component of SEP. While Symantec recommends running this component on all possible systems, it should be noted that High availability servers such as mail servers, domain controllers, etc. should not have the firewall component installed. The following chart outlines how the firewall is deployed: Value Amount Installed 389 Disabled 2 Not Installed 131 Unknown 1 9

10 3.3 IPS The Intrusion Prevent System (IPS) significantly increases the level of protection that Symantec Endpoint Protection provides by checking for port scans and denial-of-service attacks, and protects against buffer overflow attacks. This engine also supports the automatic blocking of malicious traffic from infected computers. You should always have IPS enabled on your network. The following chart outlines how IPS is deployed in your environment: Value Amount Installed 376 Disabled 2 Not Installed 144 Unknown 1 10

11 3.4 SONAR Symantec Online Network for Advanced Response (SONAR) provides real-time protection against threats and proactively detects computer security risks. By examining programs as they run, SONAR identifies emerging threats based on application behavior, giving it the capability to locate new and previously unknown threats. Value Amount Installed 386 Disabled 37 Not Installed 98 Unknown 2 11

12 3.5 Download Insight Advanced Download Protection (Download Insight) is a new advanced protection feature included with the SEP 12.1 client. This feature allows the SEP client to leverage Symantec's Cloud-based reputation database when files are downloaded or executed directly from popular Web browsers. Value Amount Installed 473 Disabled 2 Not Installed 47 Unknown 1 12

13 4. Threat Detection Summary This section covers information related to the SEP client security detections. Each SEP client uploads inventory and security status information to the SEPM. If a client stops communicating with the SEPM, the SEPM will still report on the client for a configured period of time before the client is deleted: the default setting is 30 days. 13

14 4.1 Infected Clients SEP clients may report as being infected, when the remediation process was either unsuccessful, or there are still actions pending. Once client reports as being infected, the status will automatically clear if no further action is required. Analysis of reported infected clients should be a regular administrative process. No Clients were reporting an Infected Status 14

15 4.2 Top Infections An examination of the top infecting threats in the environment can provide insight on the overall health and security posture of the environment. The following chart outlines the top 5 infections detected in the environment in the past 30 days: Threat Name Count Tracking Cookies 113 Adware.GoonSquad 92 WS.Reputation.1 27 Adware.DealPly 19 Yontoo 17 15

16 4.3 Infections by Client This section outlines the number of file detections per client during the past 30 days. It is recommended to review the infected clients to determine if vulnerabilities exist on the system, or if user education is needed. The following chart outlines clients by detection count: Computer Name Infections STEVELAPTOP3 92 BOBSMITH1 19 XCHNG WALSH44 11 KISOK

17 4.4 Detections by Scan Type The following chart outlines the top 5 scan type which caused detections: Source Count Scheduled Scan 256 Real Time Scan 75 Manual Scan 12 17

18 4.5 Top Actions Taken The following chart outlines the top 5 actions taken against detected threats: Action Count Quarantined 159 Deleted 119 Cleaned by deletion 34 Left alone 20 Partially repaired 4 18

19 5. Detailed Findings 4.1 SEP Manager is not running latest version Finding: The SEPM in the environment is not running the latest version of Symantec Endpoint Protection Manager. Potential Impacts: SEP 12.1 RU 3( ) is the latest version of the software which includes the latest product fixes. Recommendation: Review release notes for Symantec Endpoint Protection 12.1 to determine if an upgrade would benefit the environment. See the following documentation: Detail Finding(s): Attribute Value SEPM Version SEP Manager is a vulnerable version Finding: The SEPM in the environment is susceptible to SYM Symantec Endpoint Protection Manager/Protection Center 12.x Buffer Overflow. Potential Impacts: A dynamic link library (dll) in the Symantec Endpoint Protection Manager (SEPM) 12.1.x server and Symantec Protection Center (SPC) 12.0.x Small Business Edition server does not properly validate all external input. This could potentially result in a buffer overflow and remote code execution with application privileges on the system that is hosting the management server. Recommendation: Upgrade your SEP Manager to 12.1 RU3 to ensure that this vulnerability is closed in the environment. For full information on this vulnerability, see the following article: advisory&pvid=security_advisory&year=&suid= _00 19

20 Detail Finding(s): Attribute Value SEPM Version Windows 2000 SEP Clients detected Finding: Some SEP Clients are running Windows 2000, which is incompatible with SEP 12.1 Potential Impacts: Machines running Windows 2000 are of concern due to the unsupported nature of the operating system by Microsoft, and SEP Recommendation: If possible decommission or upgrade the Operating Systems on these machines. If this is not a possibility, discuss with your sales team the benefits of protecting these systems with Symantec Critical System Protection. Detail Finding(s): Attribute Value SEPM Version LiveUpdate Frequency Finding: LiveUpdate is not configured to run multiple times per day. Potential Impacts: Symantec typically releases 3 certified content updates per day to ensure our customers have the maximum protection against known threats. Failure to update multiple times per day lowers security posture. Recommendation: Configure LiveUpdate to run on the SEP Manager hourly to ensure that the clients are able to obtain the latest updates. Detail Finding(s): Attribute Value SEPM Version

21 4.5 SEPM Content Revisions are not Best Practice Finding: SEPM Content Revisions are set to a lower number than recommended by Symantec. Potential Impacts: Clients which have not checked into the SEPM recently and running an older definition pattern will likely receive complete packages of content updates. This has a direct impact on network performance in the environment. Recommendation: Increase the amount of content revisions held by the SEPM manager. Client will then leverage Delta creation of virus definitions, increasing the speed and efficiency of virus definition distribution. Keep in mind adjusting the number of content revisions held will directly impact the size of the SEPM database and the content folder on the SEPM hard drive (each content update accounts for mb of space used). See the following article for information on configuring this setting: Detail Finding(s): Clients Revisions Recommended Client IPS installation below 90% Finding: The Percentage of client running IPS in the environment is less that 90%. Potential Impacts: Client level protection is significantly reduced without Intrusion Protection enabled on a system. Symantec's 2012 Threat Report indicates that 42% of detections are stopped via IPS signatures. Recommendation: The Intrusion Prevent System (IPS) significantly increases the level of protection that Symantec Endpoint Protection provides by checking for port scans and denial-of-service attacks, and protects against buffer overflow attacks. This engine also supports the automatic blocking of malicious traffic from infected computers. You should always have IPS enabled on your network on any system possible including servers. 21

22 Note: IPS is fully compatible with Windows servers and should be used to protect all servers except high availability or high utilization servers. Symantec s Critical System Protection may be a better choice for these servers. See the following article for guidelines: Detail Finding(s): IPS Installed Total Clients % Installed % 22

23 Copyright 2013, Symantec Corporation (Symantec). All rights reserved. This document may not be copied or further distributed, in whole or in part, without written permission from Symantec.

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform TECHNICAL BRIEF: BEST PRACTICES GUIDE FOR RUNNING SEP ON.... AZURE.................................... Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform Who should

More information

SEP 12.1 Best Practices in a Virtual Environment

SEP 12.1 Best Practices in a Virtual Environment SEP 12.1 Best Practices in a Virtual Environment The document is intended to capture the complete set of best practices for installation and configuration of SEP in a virtual environment. 1 Table of Contents

More information

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations Technical Product Management Team Endpoint Security Copyright 2007 All Rights Reserved Revision 6 Introduction This

More information

Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide

Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide Symantec Endpoint Protection Small Business Edition 12.1.2 Installation and Administration Guide Symantec Endpoint Protection Small Business Edition Installation and Administration Guide The software described

More information

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines. Regional Product Management Team Endpoint Security

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines. Regional Product Management Team Endpoint Security Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines Regional Product Management Team Endpoint Security Agenda 1 2 SEPM Architecture and Settings Recommended Client Protection Technologies

More information

UP L13: Leveraging the full protection of SEP 12.1.x

UP L13: Leveraging the full protection of SEP 12.1.x UP L13: Leveraging the full protection of SEP 12.1.x Martial RICHARD Principal Field Enablement Manager Endpoint Security UP L13 1 Threat landscape (ISTR Vol.18 April 2013) http://www.symantec.com/threatreport/

More information

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices TECHNICAL BRIEF: BEST PRACTICES GUIDE FOR PROTECTING RETAIL....... POS.... SYSTEMS............................. Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices Who

More information

Securing the endpoint and your data

Securing the endpoint and your data #SymVisionEmea #SymVisionEmea Securing the endpoint and your data Piero DePaoli Sr. Director, Product Marketing Marcus Brownell Sr. Regional Product Manager Securing the Endpoint and Your Data 2 Safe harbor

More information

L06: Migrating to SEP 12.1

L06: Migrating to SEP 12.1 L06: Migrating to SEP 12.1 Elisha Riedlinger Technical Product Management L06: Migrating to SEP 12.1 1 At the end of this lab, you should be able to Understand how to Migrate SEP 11.x SEPMs to SEP 12.1

More information

BitDefender for Microsoft ISA Servers Standard Edition

BitDefender for Microsoft ISA Servers Standard Edition BitDefender for Microsoft ISA Servers Standard Edition Copyright 2006 SOFTWIN Edition 1. How Does It Work? As content entering or leaving your company must meet security policies, it is crucial to choose

More information

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started Getting Started Symantec Client Security About Security Security provides scalable, cross-platform firewall, intrusion prevention, and antivirus protection for workstations and antivirus protection for

More information

Getting Started with Symantec Endpoint Protection

Getting Started with Symantec Endpoint Protection Getting Started with Symantec Endpoint Protection 20983668 Getting Started with Symantec Endpoint Protection The software described in this book is furnished under a license agreement and may be used only

More information

System Management. What are my options for deploying System Management on remote computers?

System Management. What are my options for deploying System Management on remote computers? Getting Started, page 1 Managing Assets, page 2 Distributing Software, page 3 Distributing Patches, page 4 Backing Up Assets, page 5 Using Virus Protection, page 6 Security, page 7 Getting Started What

More information

Release Notes for Websense Email Security v7.2

Release Notes for Websense Email Security v7.2 Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version

More information

Symantec Endpoint Protection 12.1.4

Symantec Endpoint Protection 12.1.4 Data Sheet: Endpoint Security Overview provides unrivaled security across physical and virtual platforms and support for the latest operating systems-mac OS X 10.9 and Windows 8.1. Powered by Symantec

More information

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group 2 WHITE PAPER: BEST PRACTICES Sizing and Scalability Recommendations for Symantec Rev 2.3 Symantec Enterprise Security Solutions Group White Paper: Symantec Best Practices Contents Introduction... 4 The

More information

Symantec Endpoint Protection Small Business Edition Implementation Guide

Symantec Endpoint Protection Small Business Edition Implementation Guide Symantec Endpoint Protection Small Business Edition Implementation Guide Symantec Endpoint Protection Small Business Edition Implementation Guide The software described in this book is furnished under

More information

Contents. McAfee Internet Security 3

Contents. McAfee Internet Security 3 User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21

More information

Host-based Intrusion Prevention System (HIPS)

Host-based Intrusion Prevention System (HIPS) Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively

More information

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in this book is

More information

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support m-satut@northwestern.edu

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support m-satut@northwestern.edu Microsoft Software Update Services and Managed Symantec Anti-virus Michael Satut TSS/Crown IT Support m-satut@northwestern.edu Introduction The recent increase in virus and worm activity has created the

More information

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and

More information

Symantec Mobile Security

Symantec Mobile Security Advanced threat protection for mobile devices Data Sheet: Endpoint Management and Mobility Overview The combination of uncurated app stores, platform openness, and sizeable marketshare, make the Android

More information

Additionally, you can run LiveUpdate manually to check for the latest definitions directly from Symantec:

Additionally, you can run LiveUpdate manually to check for the latest definitions directly from Symantec: Image not found https://it.ucsf.edu/sites/it.ucsf.edu/themes/custom/it_new/logo.png it.ucsf.edu Published on it.ucsf.edu (https://it.ucsf.edu) Home > SEP for Windows: FAQ SEP for Windows: FAQ vgalvan on

More information

Migrating from Legacy to New Business Solutions

Migrating from Legacy to New Business Solutions Migrating from Legacy to New Business Solutions Thank you for your loyalty and for choosing the Newest Technology from Bitdefender. As we understand that this is an important step for your business, this

More information

AVeS Cloud Security powered by SYMANTEC TM

AVeS Cloud Security powered by SYMANTEC TM Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting

More information

Symantec Endpoint Protection Getting Started Guide

Symantec Endpoint Protection Getting Started Guide Symantec Endpoint Protection Getting Started Guide 12167130 Symantec Endpoint Protection Getting Started Guide The software described in this book is furnished under a license agreement and may be used

More information

SIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection (V12.1) Preface 1. Virus scanner administration 2.

SIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection (V12.1) Preface 1. Virus scanner administration 2. Preface 1 Virus scanner administration 2 SIMATIC Configuration 3 Process Control System PCS 7 Configuration Symantec Endpoint Protection (V12.1) Commissioning Manual 04/2013 A5E03874574-02 Legal information

More information

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in this book is

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

BitDefender Client Security Workstation Security and Management

BitDefender Client Security Workstation Security and Management BitDefender Client Security Workstation Security and Management BitDefender Client Security is an easy to use business security and management solution, which delivers superior proactive protection from

More information

Best Practice Configurations for OfficeScan (OSCE) 10.6

Best Practice Configurations for OfficeScan (OSCE) 10.6 Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches for OfficeScan, click here. Enable Smart Clients 1. Ensure that Officescan

More information

Anti-Virus/Malware Policy

Anti-Virus/Malware Policy Purpose This document establishes the corporate policy and standards for anti-virus/malware protection on any system owned by LandStar Title Agency, Inc or connected to the LandStar Title Agency, Inc network

More information

End to End Security do Endpoint ao Datacenter

End to End Security do Endpoint ao Datacenter do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:

More information

Symantec Endpoint Protection Small Business Edition 12.1.2 Getting Started Guide

Symantec Endpoint Protection Small Business Edition 12.1.2 Getting Started Guide Symantec Endpoint Protection Small Business Edition 12.1.2 Getting Started Guide Symantec Endpoint Protection Small Business Edition Getting Started Guide The software described in this book is furnished

More information

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector for Microsoft Windows Quick Reference The software described in this book is furnished under a license agreement

More information

W H I T E P A P E R : T E C H N I C A L. Understanding and Configuring Symantec Endpoint Protection Group Update Providers

W H I T E P A P E R : T E C H N I C A L. Understanding and Configuring Symantec Endpoint Protection Group Update Providers W H I T E P A P E R : T E C H N I C A L Understanding and Configuring Symantec Endpoint Protection Group Update Providers Martial Richard, Technical Field Enablement Manager Table of Contents Content Introduction...

More information

Home Use Installation Guide For Symantec Endpoint Protection (SEP) 11 For Mac

Home Use Installation Guide For Symantec Endpoint Protection (SEP) 11 For Mac Home Use Installation Guide For Symantec Endpoint Protection (SEP) 11 For Mac May 2010 Table of Content 1 INTRODUCTION... 2 2 AntiVirus Software Home Use License Policy... 2 2.1 Authorized Users:...2 2.2

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. SERVICES BRONZE

More information

Insight. Security Response. Deployment Best Practices

Insight. Security Response. Deployment Best Practices Insight Deployment Best Practices Overview Symantec Insight is a reputation-based security technology that leverages the anonymous software adoption patterns of Symantec s hundreds of millions of users

More information

Best Practices & Deployment SurfControl Mobile Filter v 5.0.2.60

Best Practices & Deployment SurfControl Mobile Filter v 5.0.2.60 Best Practices & Deployment SurfControl Mobile Filter v 5.0.2.60 rev2.1, January 2006 Pre-Installation Guide Notice 2006 SurfControl. All rights reserved. SurfControl, SurfControl E-mail Filter, SurfControl

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

PC Security and Maintenance

PC Security and Maintenance PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-

More information

Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University

Security Consultant Scenario INFO 517-900 Term Project. Brad S. Brady. Drexel University Security Consultant Scenario INFO 517-900 Term Project Drexel University Author Note This paper was prepared for INFO-517-900 taught by Dr. Scott White. Table of Contents ABSTRACT.1 THE INTERVIEW...2 THE

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Best Practices for Deploying Behavior Monitoring and Device Control

Best Practices for Deploying Behavior Monitoring and Device Control Best Practices for Deploying Behavior Monitoring and Device Control 1 Contents Overview... 3 Behavior Monitoring Overview... 3 Malware Behavior Blocking... 3 Event Monitoring... 4 Enabling Behavior Monitoring...

More information

Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control

Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in

More information

Nessus and Antivirus. January 31, 2014 (Revision 4)

Nessus and Antivirus. January 31, 2014 (Revision 4) Nessus and Antivirus January 31, 2014 (Revision 4) Table of Contents Introduction... 3 Standards and Conventions... 3 Overview... 3 A Note on SCAP Audits... 4 Microsoft Windows Defender... 4 Kaspersky

More information

Symantec Endpoint Protection (SEP) 11.0 Configuring the SEP Client for Self-Protection

Symantec Endpoint Protection (SEP) 11.0 Configuring the SEP Client for Self-Protection SYMANTEC TECHNOLOGY NETWORK: SECURITY Symantec Endpoint Protection (SEP) 11.0 Configuring the SEP Client for Self-Protection Purpose of this Whitepaper:... 3 Overview... 4 The SEP Client Interface... 5

More information

Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide

Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide Symantec Protection for SharePoint Servers 6.0.4 Implementation Guide for Microsoft SharePoint 2003/2007 Symantec Protection for SharePoint Servers Implementation Guide The software described in this book

More information

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically

More information

Mobile Network Access Control

Mobile Network Access Control Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices

More information

Symantec Endpoint Protection 12.1.2

Symantec Endpoint Protection 12.1.2 Data Sheet: Endpoint Security Overview offers comprehensive defense against complex attacks for both physical and virtual environments. It integrates ten essential security technologies in a single, high

More information

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. PREMIER SUPPORT

More information

Airtel PC Secure Trouble Shooting Guide

Airtel PC Secure Trouble Shooting Guide Airtel PC Secure Trouble Shooting Guide Table of Contents Questions before installing the software Q: What is required from my PC to be able to use the Airtel PC Secure? Q: Which operating systems does

More information

Seqrite Endpoint Security

Seqrite Endpoint Security Enterprise Security Solutions by Quick Heal Seqrite Essential enterprise security for every connected endpoint SME Edition Product Highlights A must-have endpoint security solution that provides the best

More information

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Protecting the Infrastructure: Symantec Web Gateway

Protecting the Infrastructure: Symantec Web Gateway Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options

More information

Symantec Endpoint Protection 12.1.6

Symantec Endpoint Protection 12.1.6 Data Sheet: Endpoint Security Overview Last year, we saw 317 million new malware variants, while targeted attacks and zero-day threats were at an all-time high 1. The threat environment is evolving quickly

More information

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

Spector 360 Deployment Guide. Version 7.3 January 3, 2012 Spector 360 Deployment Guide Version 7.3 January 3, 2012 Table of Contents Deploy to All Computers... 48 Step 1: Deploy the Servers... 5 Recorder Requirements... 52 Requirements... 5 Control Center Server

More information

Symantec Endpoint Protection Getting Started Guide

Symantec Endpoint Protection Getting Started Guide Symantec Endpoint Protection Getting Started Guide Symantec Endpoint Protection Getting Started Guide The software described in this book is furnished under a license agreement and may be used only in

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

http://downloadcenter.trendmicro.com/

http://downloadcenter.trendmicro.com/ Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release

More information

Comodo Endpoint Security Manager SME Software Version 2.1

Comodo Endpoint Security Manager SME Software Version 2.1 Comodo Endpoint Security Manager SME Software Version 2.1 Quick Start Guide Guide Version 2.1.111114 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Endpoint Security Manager - SME Quick

More information

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Sr. Presales Engineer, CISSP, MCSE Key Ingredients for Endpoint Protection Antivirus World s leading AV solution Most (44) consecutive

More information

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two

More information

by New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document

by New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.

More information

AV Management Dashboard

AV Management Dashboard LabTech AV Management Dashboard AV MANAGEMENT DASHBOARD... 1 Overview... 1 Requirements... 1 Dashboard Overview... 2 Clients/Groups... 2 Offline AV Agents... 3 Threats... 3 AV Product... 4 Sync Agent Data

More information

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems Symantec Endpoint Protection.cloud Employing cloud-based technologies to address security risks to endpoint systems White Paper: Endpoint Protection.cloud - Symantec Endpoint Protection.cloud Contents

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Symantec Endpoint Protection and Symantec Network Access Control Client Guide

Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide The software described in this book is furnished

More information

Core Protection for Virtual Machines 1

Core Protection for Virtual Machines 1 Core Protection for Virtual Machines 1 Comprehensive Threat Protection for Virtual Environments. Installation Guide e Endpoint Security Trend Micro Incorporated reserves the right to make changes to this

More information

Symantec Endpoint Protection (SEP) Technical Consultancy Services

Symantec Endpoint Protection (SEP) Technical Consultancy Services Symantec Endpoint Protection (SEP) Technical Consultancy Services Computer Security Technology Ltd (CSTL) provides advanced consultancy and on-site technical services for the installation, deployment and

More information

USER GUIDE: MaaS360 Services

USER GUIDE: MaaS360 Services USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document

More information

Symantec Mail Security for Domino

Symantec Mail Security for Domino Getting Started Symantec Mail Security for Domino About Symantec Mail Security for Domino Symantec Mail Security for Domino is a complete, customizable, and scalable solution that scans Lotus Notes database

More information

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION Frequently Asked Questions WHAT IS SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION 1? Symantec Endpoint Protection Small Business Edition is built

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Find the needle in the security haystack

Find the needle in the security haystack Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Symantec Endpoint Protection 12.1.5 Datasheet

Symantec Endpoint Protection 12.1.5 Datasheet Symantec Endpoint Protection 12.1.5 Datasheet Data Sheet: Endpoint Security Overview Malware has evolved from large-scale massive attacks to include Targeted Attacks and Advanced Persistent Threats that

More information

Configuration Information

Configuration Information This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,

More information

2. Installation and System requirements

2. Installation and System requirements RELEASE NOTES F-Secure Anti-Virus for Windows Servers Version 9.00 build 333 Copyright 1993-2010 F-Secure Corporation. All Rights Reserved. Portions Copyright 2004 BackWeb Technologies Inc. This product

More information

Devising a Server Protection Strategy with Trend Micro

Devising a Server Protection Strategy with Trend Micro Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud

More information

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Email Security

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Email Security Email Security SonicWALL Email Security 7.0 for Microsoft Small Business Server System Compatibility SonicWALL Email Security 7.0 Software is supported on systems with the following: Operating Systems

More information

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection

More information

Symantec Endpoint Protection 12.1.5 Sizing and Scalability Best Practices White Paper

Symantec Endpoint Protection 12.1.5 Sizing and Scalability Best Practices White Paper Symantec Endpoint Protection 12.1.5 Sizing and Scalability Best Practices White Paper Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper Product version: 12.1.5 Documentation

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

Symantec Protection Center Enterprise 3.0. Release Notes

Symantec Protection Center Enterprise 3.0. Release Notes Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D. Running head: UNIT 3 RESEARCH PROJECT 1 Unit 3 Research Project Eddie S. Jackson Kaplan University IT540: Management of Information Security Kenneth L. Flick, Ph.D. 10/07/2014 UNIT 3 RESEARCH PROJECT 2

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Devising a Server Protection Strategy with Trend Micro

Devising a Server Protection Strategy with Trend Micro Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information