Your SlideShare is downloading. ×
SEPM Outsourcing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SEPM Outsourcing

606

Published on

Here is a presentation I recently have to the a Midwest security user group on how to manage multiple environments, or clients, with Symantec Endpoint Protection.

Here is a presentation I recently have to the a Midwest security user group on how to manage multiple environments, or clients, with Symantec Endpoint Protection.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
606
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Outsourcing SEPM Tony Asher
  • 2. Agenda • Goal: Successfully manage endpoint security for outsourced clients, while minimizing time and resources. • Requirements / Challenges • Solutions – 3 Unique ‘features’ we leveraged. • Issues
  • 3. Requirements 1. Single point of: • Management • Visibility • Alerts • Reporting 2. 2 Neutral from client environments 3. Automatic ticket generation 3 A t ti ti k t ti
  • 4. Challenges – 1) Independent secure network, allow client communication
  • 5. Challenges – 1) Independent secure network, allow client communication
  • 6. Challenges – 2) Updates to enclave without Internet connection
  • 7. Challenges – 2) Updates to enclave without Internet connection
  • 8. Challenges – 3) Clients ability 'go-away'
  • 9. Challenges – 4) Ticket generation
  • 10. Steps Towards Solutions
  • 11. Solutions – 1) Replication • Choices: Site Replication vs. GUPs – GUPs: Can’t manage independent client admins, won’t centrally collect logs, open ports. – Domains vs Groups vs.
  • 12. Replication Process
  • 13. Replication Process (cont.)
  • 14. Replication Process (cont.)
  • 15. Steps: 1. Verify ‘Additional Site’ in SEPM 2. Edit Properties of Replication 3. Replicate Now 4. Check Log 5. Setup ‘Limited Admin’ p
  • 16. Edit Replication Properties
  • 17. Issues: 1. 1 SEPM = Same Version S V i 2. Shut down replication during upgrade pg 3. Remember to turn back on 4. 4 Easily ‘Deleted’ Deleted
  • 18. Solutions – 2) Live Update Server • C Challenge: – Couldn't communicate with Internet. • Solution: – Live Update Server on Tier 3 with Internet connectivity – Pushes out to 'Distribution share' on a server within the Secure Enclave (use for 4th box!).
  • 19. LUA = Def Pusher
  • 20. Live Update Server
  • 21. Live Update Server (cont.)
  • 22. Live Update Server (cont.)
  • 23. Live Update Server (cont.)
  • 24. LUA Issues 1. Postgres.exe 100% 2. Troubleshooting def’s (3-4 2 T bl h ti d f’ (3 4 spots) 3. Patch s 3 Patch’s more difficult 4. 12/31 disaster 5. No ‘delta’ benefit
  • 25. Solutions – 3) Ticket Automation • Challenge: – No ‘flip switch’ options to escalate alerts. – L Laughed at for not having SEM/SIM solution. h d tf th i l ti • Solution: – Syslog server – Remedy server reads Syslog
  • 26. Steps: 1. Configure ‘External Logging’ 2. Point to Syslog server IP/port o t Sys og se e /po t 3. SLOWLY turn on Log Filters 4. 4 Request tickets be pulled 5. Verified ticket generation 6. Solid Security Incident Response Process in place.
  • 27. External Logging - Config
  • 28. External Logging Ticket
  • 29. Other Issues • Firewall Change Requests = > 80% of time • Client P k Cli t Packages sometimes h ld ‘ ti held ‘master’ SEPM t ’ in Sylink.xml file. • Opened ticket – Due to TS installation. • Use CD Package with custom Sylink
  • 30. Sylink Issue
  • 31. Sylink Issue
  • 32. Resources: Exclusion Process
  • 33. Resources: Exclusion Form

×