Investing in data and information security ranks number three for small and midsize businesses that are prioritizing their tech budgets for 2019, according to a recent survey.
But, purchasing and installing security software is only half the job. You must also maintain the software—through regular updates, deployment on new endpoints, and customized configurations—to ensure that it meets your specific business needs and is able to deliver on protecting your business against cyberattack attempts.
Symantec Endpoint Protection is one among the many security software solutions on the market from which small businesses can gain more value if implemented and used correctly. Optimizing the use of all Symantec Endpoint Protection features will ensure maximum return on your investment (ROI).
Small businesses that customize, regularly update, and use relevant add-ons with their security software will be better prepared against cyberattacks and will see a higher return on investment from their purchase than those that use the software as-is out of the box.
What to know before you begin
First, it’s important to note that there are two versions of this software:
- Symantec Endpoint Protection Small Business edition is the on-premises version of the software and is designed for smaller businesses.
- Symantec Endpoint Protection Cloud is the cloud-based version and suited to small or midsize businesses.
Regardless of which edition you choose, here are four ways to prepare your business to better implement and start using Symantec Endpoint Protection.
1. Establish a SPOC (specific point of contact)
While purchasing and implementing Symantec Endpoint Protection (SEP), choose one or two employees from your organization (from the IT team, if you have one) who will be responsible for accelerating the implementation and adoption of SEP.
These points of contact will be responsible for all communication with the software vendor, ensuring that all endpoints are covered and making sure that best practices for software usage are followed within the organization.
2. Check existing systems for compatibility with Symantec
If you are in talks with Symantec to purchase either a cloud-based subscription or on-premises licenses for endpoint protection, remember to check compatibility through either of these methods:
- Download and run the Symantec Diagnostic tool (SymDiag) and follow the instructions provided.
- Read through the release notes and systems requirement documents provided by Symantec and check that your system meets the conditions.
3. Evaluate Symantec Endpoint Protection features:
Understanding the capabilities of the product you have purchased or are about to purchase is very important. This ensures that you’re aware of the software’s capabilities and know clearly what it can do, as well as what it can’t.
For example, you need to know that the cloud-based SEP small business edition supports only Windows operating systems and offers limited protection for virtual environments.
Key Symantec Endpoint Protection (SEP) features include:
- Antivirus to detect and remove malware
- Firewall to control traffic
- Intrusion prevention to detect and block malware from entering your machine
- Device controls to block malware from external devices such as USBs
- Behavior monitoring to detect and report suspicious activity
- Machine learning to detect new and evolving threats
4. Get to know Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager is the software server that enables you to manage the tool’s operations and settings by configuring clients, creating alerts, and generating reports.
The Symantec Endpoint Protection Manager console is the interface that provides access to the manager and lets you manage and view configurations, deployment updates, and more.
Symantec Endpoint Protection Manager dashboard with key metrics such as license status and activity summary (Source)
Install all relevant software updates and upgrades for improved data protection
How it adds value
Symantec releases updates with the latest security features, bug fixes, and OS (operating system) support at least once per week. But, not every user readily implements these updates. According to one study, only 64 percent of security administrators prioritize updating their software solutions and fewer than 40 percent of regular users do the same.
By not implementing security software updates, you’re leaving yourself vulnerable to cyberattacks that target weaknesses in older versions of the software. According to Gartner, 99 percent of cyberattacks are based on vulnerabilities that have been known for at least a year (full research available to clients). Updating software regularly reduces the risk of attackers exploiting known vulnerabilities.
Updating vs. upgrading
Updating software involves making small improvements such as bug fixes, security patches, adding additional features, etc. to the existing version of the software. Updates are usually free.
Upgrading involves making significant changes to the core structure of your existing software or changing the existing version of your software to a new one. Upgrades may or may not be charged.
What to do
Here are a few best practices to keep in mind when updating/upgrading Symantec Endpoint Protection tool:
Review system requirements, release notes, and new fixes
Even if you already have a version of Symantec Endpoint Protection installed, if you are upgrading to the latest version, you need to check the guidelines offered by the vendor regarding OS compatibility and other system parameters. There is a chance that the latest version may not be supported by your current system software.
Read through the release notes, systems requirements, and “new fixes” documents provided by Symantec to ensure compatibility. You can also use the Symantec Diagnostic tool to determine compatibility.
Upgrading to the latest version that is not compatible with your system parameters will only lead to errors.
Ensure sufficient disk space and other policies that allow for communication with Symantec’s servers
There are many things that need to be in place to ensure a successful upgrade. Some of the key considerations include:
- Ensuring that the free space in your disk is at least three times the size of the database.
- If you are using corporate or proxy firewalls that block communication with Symantec URLs required for validating licenses, apply appropriate exclusion criterion to allow communication with the URLs.
- Upgrading to Symantec Endpoint Protection 14.2 (the latest version at this time) requires you to have IPv6 to avoid issues connecting with Symantec Endpoint Protection Manager.
Back up Symantec Endpoint Protection Manager database before an upgrade
Before you begin the upgrade, be sure to back up your current Symantec Endpoint Protection Manager using a backup or disaster recovery solution. This will help you restore a copy of your files in case the upgrade fails or there are other issues with it.
Update content including virus definitions and intrusion prevention signatures on all client systems
By default, Symantec Endpoint Protection Manager downloads content updates from the Symantec LiveUpdate server. The client systems then download these updates from the Symantec Endpoint Protection Manager.
Ensure that all client systems get the updates at the same time and take steps to enable clients to receive deltas for virus definitions to mitigate network overload issues while updating the software. Software updates must be completed as soon as they are made available by Symantec to ensure continued protection against new threats.
The decision to upgrade the software must be made by the IT team and top management. All regular users should be instructed to update the software when the changes are made available. Contact the vendor for any troubleshooting assistance that cannot be handled by the internal IT staff or admin.
Customize preconfigured settings to meet your specific business needs
How it adds value
Hard pressed for time, many small businesses settle for whatever software configurations the vendor offers. In fact, 95 percent of people are too confused or too busy to change the preconfigured default settings that control data privacy settings.
What they fail to realize is that by simply adjusting some of the default settings and configuration policies in the software, they can derive more value from the product and better meet their specific business needs.
But, also be cautioned that changing default settings without proper know-how can backfire.
What to do
Here are some tips to help you optimize your configuration policies in Symantec Endpoint Protection software.
Understand your requirements and test the different settings policies to identify the best options for your business
Symantec Endpoint Protection and Symantec Technology And Response (STAR) teams have set the default settings based on the recommended security posture they developed for endpoint protection. But they also acknowledge that client environments are varied and that the recommended settings do not fit all environments.
For example, the preconfigured virus and spyware protection policies are set to “balanced performance,” keeping an optimum between the security needs and the performance needs. However, a business has the option to change the setting to “high security,” if it feels that it is facing a higher cyberthreat risk.
Read through user guides and settings policies before making any changes
Changing the default settings randomly will not yield the desired results. On the contrary, it may backfire and lead to more damage.
You must first identify specific areas in the software where you want improved performance—say, scanning of files on an hourly basis—and then identify settings options that allow you to make the necessary changes. Read through the policy statements and user guides to understand what purpose each particular setting option serves, and seek assistance from the vendor to answer any remaining uncertainties.
Symantec offers a wide range of online and offline materials to help you understand how the endpoint protection tool works. The user manuals also suggest default options that you can change to meet your specific needs.
Changing some crucial default settings that safeguard your systems, such as your network authentication settings, is not recommended. It can backfire if you change default settings that are essential for the functioning of the software. Consult with your software vendor, an IT expert, and your internal IT team when in doubt.
Changing the default setting must be done with caution. Ensure that only authorized personnel such as the IT admin or IT manager have permissions to change the default settings.
In addition, you should keep track of the changes you make to the default settings to understand which settings work best and which don’t. If you’re unsure what effect changing a particular system setting will have, check with your manager, IT team, or the software provider for more guidance.
Effectively use add-ons to expand the capabilities of Symantec Endpoint Protection
How it adds value
Symantec Endpoint Protection comes with multiple tools designed to help you advance your security capabilities. These tools can either be found alongside the installation file on FileConnect or on Symantec Endpoint Protection Manager. Using these add-ons will help you to improve the functionality and capabilities of the product.
What to do
Here are are a few tips to help you choose the right Symantec Endpoint Protection add-ons for your business.
Know what add-on tools are available with your Symantec Endpoint Protection license
There are several add-ons available with your Symantec Endpoint license. Check out their details and install the necessary ones as and when needed.
Some of the key tools you can use with Symantec Endpoint Protection
|Add-on||How it adds value|
|ApacheReverseProxy||Allows Mac and Linux clients to download LiveUpdate content from the web server. This tool is designed for small business networks with fewer client systems.|
|CentralQ||Sends infected files from the local quarantine to the central quarantine to gather advanced forensic information.|
|ContentDistributionMonitor||Manages and monitors multiple group updates in your network environment.|
|Deception||Detects adverse activity at the endpoints using rule-based algorithms|
|ITAnalytics||Supports creation of custom reports and queries, graphical reporting, and multidimensional analysis.|
|Group Update Provider||Helps distribute content within organizations to reduce the load on the servers. It is particularly useful for remote locations with limited bandwidth.|
Integrate with additional tools for disaster recovery and data backup
You can connect your Symantec Endpoint Protection software with Symantec’s disaster recovery tools to get broader security capabilities and back up data in case of an emergency.
Symantec Endpoint Protection also offers cloud APIs that help to connect the software with third-party SIEM (security information and event management), remote monitoring tools, MSP (managed service providers) consoles, and more.
Making the best use of Symantec Endpoint Protection requires effective participation and awareness about the need for cybersecurity among all stakeholders, including your employees.
You must also communicate with Symantec, or its authorized resellers, to ensure that you are updated about the latest developments in the product and other cybersecurity issues.
Here are three steps to take to ensure that you are deriving maximum value from your Symantec Endpoint Protection solution installation.