In the good old days, IT departments could easily point to a malevolent e-mail attachment or macro as the delivery mechanism for malware. Today, end-user interaction isn’t required to wreak havoc on unsuspecting clients. Malware can jump from machine to machine in seconds, creating botnets that scour the Internet for open ports in order to infiltrate and infect new computers.
To combat such autonomous threats, a multitiered security tool is an absolute necessity. Symantec’s Endpoint Protection 11.0 strikes a balance between threat-bashing functionality and manageability.
Disaster recovery is a top priority for most IT departments. Similar concern should apply to disaster prevention. Symantec goes the distance, including antispyware, intrusion prevention and device and application control, along with antivirus and firewall protection. Endpoint Protection is also Network Access Control–ready, helping you make the most of the built-in security on Vista clients. The net result is effective layered protection in a single program.
Endpoint Protection’s improved interface fuses its management tools into one intuitive console, giving help-desk staff a one-stop shop for verifying system integrity. Its Management Server offers both simple and advanced setup options. Using simple setup, you can configure a server in a few mouse clicks. To manage more than 100 clients, the advanced option lets you configure either embedded databases, which will support up to 5,000 clients, or SQL databases, which will support well beyond that mark.
A migration and deployment tool lets administrators upgrade existing Symantec Antivirus or Client Security clients and perform a clean install on machines that don’t carry earlier versions of the software. Because help-desk staff do not have to touch every machine, deployment is exponentially faster. And you won’t have to disrupt end users to upgrade their security.
In our test environment, the Symantec Management Server was very stable and did not appear to be taxed. The test clients had no trouble updating from the server, and notebooks stayed up to date, even though they were not always connected to the network. Such proven performance is critical, especially in enterprise environments in which trust (or the lack of it) can yield hundreds of successes (or failures) at a time.
One drawback to this product is overhead: Symantec Endpoint Protection 11.0 runs three processes on client machines, each of which uses 20 megabytes of RAM at idle. That 60MB may not seem like a lot, but it could place a burden on slower computers.
Finally, no matter how good your security software is, it’s not going to catch everything. No product is a panacea or all malware-related threats.