I believe most of you security professionals face the same challenge as I do: an increasing number of problems to solve, and with it an increasing number of solutions. But how to choose? The idea of this new section is to provide all of you with a space to share your experience with fellow peers across the globe, either good or bad.
This section intends to go beyond the technology, and really evaluate the service as a whole (support, usage, problems, etc.). How was it when you needed support during the night? What sort of issues did you encounter during implementation? Did it create problems you didn’t have before? Those are some questions to pose that only the collection of our experiences can provide us with a veredict.
Another factor worth mentioning is that no single security professional will have exposure to all the solutions in the market, so feel free to comment about other vendors and your experience as well!
Well, with enough said about the objective of this section, let me start with one of the first solutions a security professional will have to deal with: Malware/Endpoint protection. Since I have worked with this vendor across the globe, Symantec was the chosen one to debut this article with its endpoint Protection product.
Here we go!
Viruses, malware and worms.
My company needs to install and endpoint solution across the environment, but with so many choices out there, which one should I proceed with?
Symantec Endpoint Solution
Among all of the products I had a chance to work with, I can attest that Symantec is a very robust and reliable tool. For most of the time, their malware detection engine is efficient and the signatures are released on on a reasonable timeframe, which reduces the exposure of the environment.
As for unidentified threats, an environment I once managed got infected with a zero-day vulnerability and the whole network went haywire. Upon isolating the malware and submitting it to Symantec, it took around 6h from when I submitted the sample to receiving a signature that effectively cleaned the environment. A bit long when systems are shutting down left and right, but given the amount of reports they might receive and the coding/QA of the vaccine/hotfix, I would say it was a reasonable response. From a customer service perspective I found it very responsive, and we were kept well informed about the progress.
As for the rolling out of the product, despite minor glitches with machines traversing dial up links, we successfully migrated thousands of hosts from its previous versions, as well as machines using another vendor’s product due to a recent merge the company had gone through.