SEPM Outsourcing

823 views

Published on

Here is a presentation I recently have to the a Midwest security user group on how to manage multiple environments, or clients, with Symantec Endpoint Protection.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
823
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SEPM Outsourcing

  1. 1. Outsourcing SEPM Tony Asher
  2. 2. Agenda • Goal: Successfully manage endpoint security for outsourced clients, while minimizing time and resources. • Requirements / Challenges • Solutions – 3 Unique ‘features’ we leveraged. • Issues
  3. 3. Requirements 1. Single point of: • Management • Visibility • Alerts • Reporting 2. 2 Neutral from client environments 3. Automatic ticket generation 3 A t ti ti k t ti
  4. 4. Challenges – 1) Independent secure network, allow client communication
  5. 5. Challenges – 1) Independent secure network, allow client communication
  6. 6. Challenges – 2) Updates to enclave without Internet connection
  7. 7. Challenges – 2) Updates to enclave without Internet connection
  8. 8. Challenges – 3) Clients ability 'go-away'
  9. 9. Challenges – 4) Ticket generation
  10. 10. Steps Towards Solutions
  11. 11. Solutions – 1) Replication • Choices: Site Replication vs. GUPs – GUPs: Can’t manage independent client admins, won’t centrally collect logs, open ports. – Domains vs Groups vs.
  12. 12. Replication Process
  13. 13. Replication Process (cont.)
  14. 14. Replication Process (cont.)
  15. 15. Steps: 1. Verify ‘Additional Site’ in SEPM 2. Edit Properties of Replication 3. Replicate Now 4. Check Log 5. Setup ‘Limited Admin’ p
  16. 16. Edit Replication Properties
  17. 17. Issues: 1. 1 SEPM = Same Version S V i 2. Shut down replication during upgrade pg 3. Remember to turn back on 4. 4 Easily ‘Deleted’ Deleted
  18. 18. Solutions – 2) Live Update Server • C Challenge: – Couldn't communicate with Internet. • Solution: – Live Update Server on Tier 3 with Internet connectivity – Pushes out to 'Distribution share' on a server within the Secure Enclave (use for 4th box!).
  19. 19. LUA = Def Pusher
  20. 20. Live Update Server
  21. 21. Live Update Server (cont.)
  22. 22. Live Update Server (cont.)
  23. 23. Live Update Server (cont.)
  24. 24. LUA Issues 1. Postgres.exe 100% 2. Troubleshooting def’s (3-4 2 T bl h ti d f’ (3 4 spots) 3. Patch s 3 Patch’s more difficult 4. 12/31 disaster 5. No ‘delta’ benefit
  25. 25. Solutions – 3) Ticket Automation • Challenge: – No ‘flip switch’ options to escalate alerts. – L Laughed at for not having SEM/SIM solution. h d tf th i l ti • Solution: – Syslog server – Remedy server reads Syslog
  26. 26. Steps: 1. Configure ‘External Logging’ 2. Point to Syslog server IP/port o t Sys og se e /po t 3. SLOWLY turn on Log Filters 4. 4 Request tickets be pulled 5. Verified ticket generation 6. Solid Security Incident Response Process in place.
  27. 27. External Logging - Config
  28. 28. External Logging Ticket
  29. 29. Other Issues • Firewall Change Requests = > 80% of time • Client P k Cli t Packages sometimes h ld ‘ ti held ‘master’ SEPM t ’ in Sylink.xml file. • Opened ticket – Due to TS installation. • Use CD Package with custom Sylink
  30. 30. Sylink Issue
  31. 31. Sylink Issue
  32. 32. Resources: Exclusion Process
  33. 33. Resources: Exclusion Form

×