SEPM Outsourcing
Upcoming SlideShare
Loading in...5
×
 

SEPM Outsourcing

on

  • 876 views

Here is a presentation I recently have to the a Midwest security user group on how to manage multiple environments, or clients, with Symantec Endpoint Protection.

Here is a presentation I recently have to the a Midwest security user group on how to manage multiple environments, or clients, with Symantec Endpoint Protection.

Statistics

Views

Total Views
876
Views on SlideShare
874
Embed Views
2

Actions

Likes
0
Downloads
6
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

SEPM Outsourcing SEPM Outsourcing Presentation Transcript

  • Outsourcing SEPM Tony Asher
  • Agenda • Goal: Successfully manage endpoint security for outsourced clients, while minimizing time and resources. • Requirements / Challenges • Solutions – 3 Unique ‘features’ we leveraged. • Issues
  • Requirements 1. Single point of: • Management • Visibility • Alerts • Reporting 2. 2 Neutral from client environments 3. Automatic ticket generation 3 A t ti ti k t ti
  • Challenges – 1) Independent secure network, allow client communication
  • Challenges – 1) Independent secure network, allow client communication
  • Challenges – 2) Updates to enclave without Internet connection
  • Challenges – 2) Updates to enclave without Internet connection
  • Challenges – 3) Clients ability 'go-away'
  • Challenges – 4) Ticket generation
  • Steps Towards Solutions
  • Solutions – 1) Replication • Choices: Site Replication vs. GUPs – GUPs: Can’t manage independent client admins, won’t centrally collect logs, open ports. – Domains vs Groups vs.
  • Replication Process
  • Replication Process (cont.)
  • Replication Process (cont.)
  • Steps: 1. Verify ‘Additional Site’ in SEPM 2. Edit Properties of Replication 3. Replicate Now 4. Check Log 5. Setup ‘Limited Admin’ p
  • Edit Replication Properties
  • Issues: 1. 1 SEPM = Same Version S V i 2. Shut down replication during upgrade pg 3. Remember to turn back on 4. 4 Easily ‘Deleted’ Deleted
  • Solutions – 2) Live Update Server • C Challenge: – Couldn't communicate with Internet. • Solution: – Live Update Server on Tier 3 with Internet connectivity – Pushes out to 'Distribution share' on a server within the Secure Enclave (use for 4th box!).
  • LUA = Def Pusher
  • Live Update Server
  • Live Update Server (cont.)
  • Live Update Server (cont.)
  • Live Update Server (cont.)
  • LUA Issues 1. Postgres.exe 100% 2. Troubleshooting def’s (3-4 2 T bl h ti d f’ (3 4 spots) 3. Patch s 3 Patch’s more difficult 4. 12/31 disaster 5. No ‘delta’ benefit
  • Solutions – 3) Ticket Automation • Challenge: – No ‘flip switch’ options to escalate alerts. – L Laughed at for not having SEM/SIM solution. h d tf th i l ti • Solution: – Syslog server – Remedy server reads Syslog
  • Steps: 1. Configure ‘External Logging’ 2. Point to Syslog server IP/port o t Sys og se e /po t 3. SLOWLY turn on Log Filters 4. 4 Request tickets be pulled 5. Verified ticket generation 6. Solid Security Incident Response Process in place.
  • External Logging - Config
  • External Logging Ticket
  • Other Issues • Firewall Change Requests = > 80% of time • Client P k Cli t Packages sometimes h ld ‘ ti held ‘master’ SEPM t ’ in Sylink.xml file. • Opened ticket – Due to TS installation. • Use CD Package with custom Sylink
  • Sylink Issue
  • Sylink Issue
  • Resources: Exclusion Process
  • Resources: Exclusion Form