Symantec Endpoint Protection (SEP) Technical Consultancy Services

Transcription

1 Symantec Endpoint Protection (SEP) Technical Consultancy Services Computer Security Technology Ltd (CSTL) provides advanced consultancy and on-site technical services for the installation, deployment and configuration of SEP, we offer eight principle services; Strategy & Architecture Workshop, Quick-Start, SAV-SEP Migration, SEP12x Upgrade, Health-Check, Competitive de-installation, Full deployment and Advanced Feature Set (AFS) activation. A detailed description and scope of works (SOW) is available for each of these services, a summary of each service can found below. 1. Strategy & Architecture Workshop: Involves a consultant spending up to a day onsite to establish a client s end point security requirements concerning preventive measures, related working practices, policies, procedures and evaluation risk, typically encompassing: Suitability of current countermeasures. Suggestions regarding good practices for endpoint precautions. Viruses, Trojans, ActiveX, Java, Worms, Spyware and malware. Preventative and corrective measures (policy, procedures & staff awareness) ISO27001/BS7799 Standards regarding Anti Virus Controls. Reducing endpoint management & improving security. Review of Clients infrastructure. Locktons Insurance Plc (International Insurance brokers) LIGS found themselves with an urgent need to move away from their current AV product. CSTL were selected to install, deploy and configure the SEP suite across their diverse and complex LAN and Wan structure. As Nick Tam (Network Consultant) explained In the UK alone, we have offices on the South coast, the Midlands and in the city of London with just about every operating system and configuration you could imagine. We needed a product that offered maximum protection for users with flexible installation and management options. CSTL assisted us to identify an AV strategy and then went about installing and deploying the product for us all conducted in a professional and swift manner. The SEP solution has given me centralized control and complete protection against viruses all of which has proved to us we made the right choice". The resulting document includes: Malware strategy for your network, Scan & Update policy, and a detailed explanation of the advanced SEP options & how they may improve your IT security posture 1 of 9

2 2. QUICK- START: 2 days on site to discuss the deployment and installation options for SEP. Customers use this service as they plan to complete the full roll out themselves but wish to quickly get to grips with the issues involved. The service uses an experienced and trained Symantec engineer on site, walking staff through the set- up process and providing recommendations about the best way to deploy, install and configure SEP. Issues that are typically raised at the quick-start are: Installation of SEP Manager and where applicable 2 representative GUP (Group update provider) and the NMD (non managed detectors) limited to s ingle subnet. Explaining and walkthrough overview of SEP distribution & rollout methods. Creating SEP Server scan & exclusion policy. Creating SEP Desktop & Server scan & exclusion policy. Walkthrough of Virus quarantine, risk reduction & SARC (Symantec Antivirus Research Centre) submission. Review of methods to remove existing AV Product. Desktop Deployment to representative sample up-to 5 desktops. Configuring up-to 3 standard reports and 3 alert types The service objective for this service is to setup the core management systems for SEP, which has a basic scanning and updating policy, thereby allowing the Customer to complete the endpoint installation themselves. 3. SAV-SEP Migration This service is designed for Customer using the SAV 9x or 10x versions or SEP 11x who need to upgrade to the latest SEP 12x. Typically user of SAV 9x/10x will be using the Symantec System Centre (SSC) for administration and control of the endpoints. This is replaced by the SEP Manager (SEPM) and the migration requires a parallel usage of both during the transition phase, for SEP 11x users they could embrace the new features for virtualized environments, typical service includes: Review of existing scan settings, exclusions and update policies within SSC. Suggested improvements of settings and policies along with explanation of enhancements including use of GUP s (Group update providers) and NMD s (non-managed detectors) Installation of SEPM and the creation of settings, policies and SEP groups. Review and suggestions for high availability, backup and maintenance tasks. Page 2 of 9 Version V9- Jan 2013

3 Test migration of SAV 9x/10x to SEP to test candidates. Upon customer acceptance, deployment to representative production clients. Full deployment of SEP to production clients. Configuration of GUPS and NMD s Report & Alert configuration. Decommissioning SSC. Documented As built handover guide with setting & policies. Does not extend to the configuration of the AFS (Advanced Feature Set) of SEP. Symantec Protection Centre (SPC): web reporting console New feature adoption and optimization for virtualized environments 4. SEP 12x Upgrade Version 12x provides many more functions and benefits over version 11x, such as: Improved Interface design Improved Support for 64bit systems Supporting and Securing virtualised environments both desktop & server Insight Reputation Scanning Improves Security and Speed o Insight Speeds scans by omitting executables with a Symantectrusted reputation from scans o Shared Insight Cache Speeds scans by allowing managed clients to share scan results, so any file that has been scanned with the current defs can be skipped by others o Download Insight Protects Portal Applications (browsers, ftp clients, etc) from downloading executables that are unproven or have a bad rep Real time behavioural analysis Smarter Upgrading and Updating options CSTL can provide two types of services for version 12 upgrades, as listed on the next page: Page 3 of 9 Version V9- Jan 2013

4 i. SEP 12 Upgrade Quick-Start: 2 days. This is suitable for Customers who wish to move to the latest version but don t necessarily want all the new functions enabled and they want to learn from our expertise in order to complete the majority of the upgrade themselves. CST engineers will review the customer s current SEP 11x installation, upgrade a single management server (SEPM), fully upgrade 5 networked representative clients ensuring knowledge transfer is provided to the Customers staff during the process and finally completing a technical handover document. The Quick-Start will not include the enabling of the new features, and is aimed at ensuring that the essential SEP components are upgraded to version 12x, whilst enabling the Customer to continue the client upgrade under their own resources. ii. SEP 12 bespoke Upgrade: Subject to agreed scope of works (SOW) This service suits Customers that either wish to take advantage of the new functionality and require policy and setup guidance, or Customers that require a full end to end upgrade project as they lack the resource or expertise themselves. CST engineers will create a customised SOW(Scope of Works) that details the requirements, a high level project plan and service deliverable s to meet the individual customers requirements, it may take the form of a full out tasked project with CST undertaking all tasks, or a hybrid option with strategic and key tasks undertaken by CST staff, and the Customer completing tertiary deployment actions themselves Technical Considerations Win2k is no longer supported. Min. spec. is winxpsp2 In multi-sepm replicating environment, all must be upgraded. Upgraded SEPM can continue to manage older client versions Page 4 of 9 Version V9- Jan 2013

5 5. Health Check A site visit to review the usage and status of SEP to ensure optimum performance and provide suggestions for improvement. The scope of the service includes a review of the following: SEP Manager (SEPM). o Version, installation review, sub component validation o Group structure o Update frequency & policy o Group policies for scanning (on access & on demand) & exclusions including reference to best practices and vendor recommendations. o Detection & Quarantine actions. GUPs (group update providers) effectiveness review/enhancement NMD s (non managed detectors) effectiveness review/enhancement, undertake network scan to identify endpoints at risk (non managed Anti Virus) Representative SEP client for a Workstation and a Server o Exclusions o User setting access o Location awareness settings Explanation & Introduction of AFS (advanced feature set), does not include activation. Review of virus incident reports to pin point virus attack trends and protection failures. Creation of best practice alerts: Outbreak and Update failure. Symantec Protection Centre (SPC): web reporting console Malicious Activity Assessment (MAA): the analysis of gateway traffic to identify control communication of Spyware, Botnet and Trojan infected hosts. Page 5 of 9 Version V9- Jan 2013

6 6. Competitive Deinstallation Sometimes the largest challenge of migrating to SEP is to first remove the existing antivirus agent. It may be that that current AV agent does not support a central deinstallation, or the removal would leave software remnants that may affect performance. CSTL can help the Customer with a rapid and controlled migration to SEP, using either the Competitive deinstallation scripts within SEP for small-to-medium deployments, or using Symantec Altiris solution for larger more complex environments. CSTL have developed a hardware style appliance to loan Customers; termed SUPA (Symantec Uninstaller Product Appliance). The SUPA has the Altiris solution installed along with the pre-requisite database and all necessary components to scan a network, identify the competitive agent, de-install and deploy SEP, before handing-off the ongoing management and control to the SEPM, key SUPA features include: Controlled and managed deinstallation of competitive antivirus software. No extra license or software cost for the Customer. Reduced complexity and increased visibility. Typically used as a pre-requisite phase, to SEP deployment. Allows granular and staged approach to deployment Remote diagnostics and management Management Style status reporting: Success, Exception & Re-tries. Express Newspapers & Channel 5 News. "We used CSTL for assist with the installation and setup of SEP, including the use of their SUPA product (Symantec Uninstaller Product Appliance), this allowed for a clean and rapid removal of the existing AV client solution. CST services enabled us to move very quickly to the latest version of SEP, which allowed us to realise the investment we made in the shortest amount of time. Dr Ben Dyer Joint IT Head. Page 6 of 9 Version V9- Jan 2013

7 7. Full Deployment: CSTL undertakes the full installation and configuration for SEP across all the client s systems. This option completely removes the need for client personnel. We recommend that key staff are present to ensure product awareness and education. The full deployment normally incorporates the Quick-Start (as above) along with the following: Agree project scope, objectives and deliverable s Uninstall/install to servers Install SEP manager (SEPM); group creation, update configuration, scan policies, and package creation. Install & configure quarantine server if required GUP (Group Update Providers) and NMD s (Non Managed Detectors) installation Existing Desktop anti-virus product un-installation Deploying SEP to desktops & servers Testing: server, workstation, updating and alerting configurations Where application activation of Advanced feature set (AFS) Documented As built handover guide with setting & policy s. Reporting walk through Best practice Alert creation: outbreak, update failure Subsequent revisit to perform SEP health-check Kuwait Investment office - London "CSTL have helped us with our Symantec security installation and setup services for over 8 years; allowing us to get on with our core IT objectives, whilst they take care of the SEP upgrades, policy tweaking and optimisation. Additionally CSTL played an instrumental role in the design and installation of our Symantec NAC solution to both to our production and DR sites. Peter Groves - IT security manager (Investment fund managers) Page 7 of 9 Version V9- Jan 2013

8 8. Advanced Feature Set (AFS): Within SEP there are advanced features that exceed traditional components for an anti virus solution, these advanced features provide extra levels of protection and are described briefly below: A. SEP ATTACHED MEDIA: - Control and manage USB device, read/write, permitted device type, file types and transfer direction. B. ENABLING LOCATION AWARENESS: - Applying different policies based on location e.g.; relaxed when in the office and more thorough when using public wifi for example. C. APPLICATION CONTROL: - Preventing unauthorized executables from launching to maintain standard desktop images, prevent intrusion & reduce risk. D. DESKTOP FIREWALL: - Ensure desktops PC/laptops are secure where they don t benefit from the protection of the LAN firewall. E. LOCAL NAC: - Prevent an unsafe SEP Host from connecting to the corporate LAN. F. FULL NAC: - Prevent any unsafe host from connecting to the corporate LAN. G. INTEGRATION: - Incorporating SEP with SEE (Symantec Endpoint Encryption) and Symantec Altiris Client management suite (patching, imaging, inventory, deployment). Each of the AFS s is a separate services engagement, please request our Scope of Works (SOW) for more detail. Page 8 of 9 Version V9- Jan 2013

9 What make our services exceptional? Professionalism: All our consultants are punctual, commensurably dressed, knowledgeable and polite. They will ensure the most effective use of time to deliver maximum value and will try to comply with Customers expectations and requests. Quality Assurance: Each engagement will have a documented Scope of works (SOW) setting out exact requirements and will include process controls such as:, stage reviews, checklists, method statements and post work surveys to measure and maintain standard. Competence: The engineers are technical trained and experienced to ensure a depth of knowledge. Endorsed by Symantec and having ongoing development to maintain solution comprehension. Service value +: As well as providing the service, CST engineers will where ever possible look to educate the Customer on the technology, and provide as much knowledge transfer as possible to empower the customers technical staff. Service Pledge: 100% refund, if you are not satisfied with our service, as we are that confident our service will match your expectations. If you require more information such as estimated costs, time scales, reference material, or availability then please call the London office on , our staff will be pleased to assist. Page 9 of 9 Version V9- Jan 2013