Earlier this year, Symantec CEO Enrique Salem made a splash at the RSA security conference when he said that enterprise security is broken.
Today, Symantec is fixing one of the holes Salem identified with its Symantec Managed Endpoint Protection Services. Symantec will monitor the performance of a trio of enterprise software products — Symantec Antivirus (SAV), Symantec Endpoint Protection (SEP), and Symantec Network Access Control (SNAC) — to make sure they are performing as needed, Grant Geyer, Symantec vice president of managed services told InternetNews.com.
“So if the Service Manager cannot call home for Symantec updates, the SLA says Symantec will contact the customer within 30 minutes. Plus there is a financial penalty to Symantec if the company fails to do so,” Geyer said.
Geyer explained why enterprises would sign up for the service. “One customer who came to us to become a client for managed endpoint protection came to find out why they had infections. The SEP manager was working, but an IT administrator had inadvertently closed a port and prevented SEP from getting live updates.”
As security issues become more complex, Symantec wants its customers to fully utilize its software. “IT and security departments can be short-staffed and many not configure products to their company’s security policy and may miss additional layers of protection that advanced features and industry best practice will afford them,” said Geyer.
Indeed, the Symantec Managed Endpoint Protection Services complement the company’s MSSP offering and are buttressed by its security research team. The MSSP grew out of the acquisition
of Riptech in 2002, a move that was seen at the time as a competitive response to McAfee’s re-merger with Network Associates.
Today’s announcement is focused on threats that the company’s research team and MSSP outfit have identified. “Seventy-two percent of incidents today have to do with botnets,” said Geyer.
“When you see a firewall accept on an outbound message to a known botnet command and control server, all you know is that data is leaving and going to a known bad place but you don’t know what it is. The customer says to us, ‘you’re not telling me what the problem is,'” Geyer added.
The company said that speed is important. With Symantec Endpoint Protection Management, “security events affecting protected endpoints are quickly identified, analyzed, and escalated for remediation. This helps IT security response staff prioritize those events which demand immediate attention and allows them to contain outbreaks before they spread,” the company said.
Helping with compliance is also important. “Customers have a portal that provides all their security data on a single pane of glass. We store all alerts for 92 days,” Geyer said. He explained that the company has to store data for 92 days because the PCI standard requires 3 months’ worth of alerts, and the longest amount of time 3 months could last is two months of 31 days each plus one month that’s 30 days long.
The product is available now to enterprise customers. Pricing was not disclosed, but it is sold in blocks of 2,500 endpoints on a subscription basis, with volume discounts available, so it is clearly targeted at large customers.