Symantec Unifies Security To The Endpoint

Symantec on Thursday released a new security product that is trying to do for security what the company has been doing with storage: unify the different elements into a single integrated product.

Symantec Endpoint Protection 11.0, which the company demonstrated at its partner conference in San Diego a couple of weeks ago, gives customers anti-virus, anti-spyware, desktop firewall, intrusion prevention, device control, and application control capabilities via a single integrated agent, and allows them to manage the different functions from a single management console, said George Meyers, Symantec's director of product management and endpoint security.

Symantec Endpoint Protection is based in large part on Symantec's acquisitions of Sygate Technologies and Whole Security, and addresses security and compliance issues across a company's entire infrastructure, including servers, desktops, and mobile PCs, through a single console.

A Small Business Edition also includes security for Microsoft Exchange mailboxes, while the Multi-tier Protection also offers Domino and SMTP e-mail security.

Symantec also unveiled Symantec Network Access Control 11.0, a separately licensed product to secure access to networks and enforce endpoint security policies using the same agent as SEP.

Customers are having to deal with external threats such as viruses and spyware, internal threats such as data theft and data leakage, and issues related to compliance, Meyers said. "But most of them don't have the time to research all the different solutions, buy them, and manage them," he said. "It's too costly."

While security applications from other vendors bring together many of these functions, and may use a single console, they are not integrated to the point where customers can manage all their clients right to the edge of their network, Meyers said.

"We didn't simply stretch our definition of customer and end protection, we did a best-of-breed solution," he said.

For instance, SEP 11.0's network intrusion prevention capabilities include generic exploit blocking which prevents against all variants of a threat once it is identified without waiting for new updates to become available.

The application control technology allows customers to block and restrict access at the file-level and application access level, he said.

Also included is device control, which is the ability to lock down peripherals to prevent, for instance, users from downloading data to USB devices. "We've seen sites where customers use epoxy to block USB ports," Meyers said. "Ours is a better solution."

SEP 11.0 also has host intrusion prevention technology which stops attacks at the application level without the need to scan files, Meyers said. It scans the behavior of applications and processes to decide if something is malware and should be locked down. "It catches a lot of threats," he said. "Internally, at Symantec, we catch about 1,000 threats per month that no other anti-virus application can see, including other Symantec applications. It finds and blocks threats before anti-virus software sees them."

Much of the new technology comes from several acquisitions Symantec has made in the last few years. For instance, he said that the anti-spyware component includes raw disk scan from Veritas, while the firewall technology comes from Sygate and the host-intrusion prevention technology comes from Whole Security, Meyers said.

Ron Fowler, president and CEO of Structured, a Portland, Ore.-based solution provider, said that customers are more than ready for SEP 11.0.

"It's a natural culmination of what Symantec has been putting together for years," Fowler said. "They pretty much control the desktop. But if the device control works as promised, it will give them even more control."

Fowler said he has looked at other applications from companies such as Cisco, Juniper, and Lumension Security, the Scottsdale, Ariz.-based developer of PatchLink. "They're all trying to achieve a similar goal of unifying security," he said. "None of them are all the way there yet. But Symantec seems to be the most complete."

Solution providers should find SEP 11.0 a product that is both easy to sell and easy to support, Meyers said. "The integration is done," he said. "This increases the opportunity for VARs to focus on new business."

Anti-virus technology has been a turnkey product for years, Meyers said. "However, SEP will allow VARs a lot of services opportunities to go on and tune it to their customers' specific environments," he said.