All-size protection

Database News - Wednesday December 12, 2007

SECURITY / SYMANTEC ENDPOINT SECURITY 11.0

All-size protection

DON SAMBANDARAKSA

"A virus or worm does not ask if you are an SME or a large enterprise - it will go at you with everything it has," said Don Ng, Symantec's gateway security field director for Asia-Pacific. Ng was in Bangkok for the launch of Symantec Endpoint Security 11.0 and explaining why everyone now needs the same level of protection - from the individual home user through to the enterprise.

He said that malware had evolved from something that was for fun and fame in the late 80s to something aimed at causing real damage in the 90s and now to today's economic criminals. In response, the IT industry has had to come up with anti-virus, firewalls, anti-spyware, host-based intrusion detection systems and intrusion prevention systems. But the ultimate goal is always to protect the end point - the user's PC - from the malware out there.

Previously, corporations would have to deal with seven or eight different security products, which would mean many different dashboards and packages to work with and to configure. With the launch of Endpoint Security 11.0, this has been simplified into one package.

Ng claimed that even with this multi-facted approach, each individual component is still an industry leader in its own right.

Symantec's anti-virus has been the only program to score 100 percent over the last three years at virusbtn.com.

The anti-spyware component has a new technology called raw disk scan, which came from the acquisition of Veritas. This allows the software to detect rootkits that are usually invisible to the host operating system.

Symantec does not do signatures for viruses, but it does do signatures for exploits and vulnerabilities. Thus one signature can often serve hundreds of variants of the same piece of malware, as well as any new ones that arise in the future based on that vulnerability.

Endpoint Security's firewall is based on technology from another acquired company, Sygate, which has been in Gartner's magic quadrant for four years.

However, all this protection is useless when it becomes easier to bribe an employee or cleaner to copy data out of the organisation on a USB drive or MP3 player. To combat this, Endpont Security also offers policy enforcement so that a central adminisrator can disable USB ports for certain devices, certain programs, disable autorun or even push software to a client to help terminate a worm that is running.

One optional new component of Endpoint Security 11.0 is Network Access Control. This software will check with the company's set network policy and will deny access to user PCs that do not have the required patch levels, out of date antivirus or any other policy that is set. The user who logs into the LAN will then be quarantined and given access only to tools and patches.

Endpoint Security 11.0 can be purchased from a one-user retail box as well as bulk licence packs for SMEs and corporations. The only option is the Network Access Control, which is not needed for many smaller installations but can be enabled at any time with the purchase of a licence key.

Bangkok Post