Symantec Endpoint Security 11

Yesterday, I attended a webinar on Symantec Endpoint Security 11. It should be available for ondemand replay at some point on at symantec.com.
A lot of people including myself have been very negative about the Symantec product, virus detection rates, and product support. I’m actually starting to believe that Symantec is turning things around. Yes, I know this brief ray of hope will soon be crushed by more Symantec nonsense. But for now, for this blog entry, I’ll focus on the positive.
Symantec Endpoint Security, formerly code named Hamlet, is a single agent, single console solution. In the past people have implemented piecemeal solutions. So the clients have anti-virus products, antispyware products, and a personal firewall. Each of these products require a separate management point. They each require upgrades and management. There is a incredible cost to the old “best-of-breed” approach. Back then “kitchen-sink” solutions like Symantec Client Security were bloated beasts that weren’t the best at anything. McAfee Total Protection was the first vendor to grab my attention with a consolidated approach. Lets see what Symantec brings to the table.

  • Antivirus – as I’ve blogged about before, Symantec is doing much better on the AV tests.
  • Antispyware – Includes Veritas technology VxMS to detect rootkits. They feel this is superior to rootkit detection in other products. I’m not convinced though that the product is overall better in spyware detection than Webroot or Sunbelt. But it may be worth it to preserve resources.
  • Intrusion Prevention (Network and Host)
    Generic exploit blocking (currently in SCS)
    Proactive Threat Scan (from Whole Security)
    Deep Packet Inspection

  • Device Control – restrict data leakage (not a lot of info on this that I noted)
  • Symantec NAC

This is all with a single agent. According to the presenter McAfee is using multiple agents in its product.
They had some interesting memory baseline numbers:
Symantec Antivirus Corporate Edition – 62 MB
Symantec Client Security – 129 MB
McAfee Total Protection – 71 MB
Symantec Endpoint Protection 21 MB
That is a very significant number. We have been very concerned about each security solution adding a burden to the computer.
There is a public beta. To sign up for that, or for additional information, check out www.symantec.com/endpointsecurity.
This sounds interesting. Of course I would never install a dotZero release from Symantec. But about 6 months after release this could be of interest.

3 Comments

  1. Well, let’s hope they’ve updated their atrocious Live Update so the damn thing actually updates automatically. I’ve got staff based overseas who can’t access the Server portion of Symantec update who have to log in as administrators and manually run liveupdate to update. Not really very impressive!
    And how about Tamper Protection switched on by default?

  2. Pingback: » Belt and Suspenders - Roger's Information Security Blog

Comments are closed.