Small and medium enterprises often get the short end of the stick when it comes to managed endpoint protection. While they need the same level of protection as their large enterprise counterparts, finding integrated security packages that are both affordable and easy to deploy and manage can be an almost insurmountable challenge. Most are forced to cobble together a variety of security products and management applications to keep endpoints secure. Symantec aims to solve that dilemma with Symantec Endpoint Protection Small Business Edition 2013 (SEP SBE2013), a comprehensive security solution to protect servers and PCs. SEP SBE 2013 unifies endpoint security into a singular product/service, integrating features typically treated as separate products by other vendors. This integration is SEP SBE 2013's main value proposition.
SEP SBE 2013's deployment options differentiate it from the competition. Although Symantec offers SEP SBE 2013 primarily as a cloud-based solution for businesses looking to leverage all that the cloud has to offer, customers can also choose to deploy the product onsite. This way, businesses not yet ready for the cloud can still enjoy a full endpoint security solution. There are pros and cons to each of those deployment styles, of course. The cloud-based option takes the lead in ease of deployment and centralized support for remote workers and satellite offices. The onsite offering, on the other hand, leverages in-house hardware and can better isolate users from the ills associated with untethered connectivity. Regardless of which path a customer selects, Symantec provides full support and security management.
A closer look at SEP SBE 2013
SEP SBE 2013's accessibility will keep many charged with small and medium business security happy. The product features an easy-to-use interface, automated dashboard, and extensive alerting and reporting to help network managers stay on top of security without having to actually participate in all of the mundane and idle tasks normally associated with endpoint security management. Management is intuitive both in onsite and cloud-based deployments. The cloud option even uses the same management console as other Symantec products, such as Backup Exec.cloud, so SME network managers can manage both services from a single console.
On the security front, SEP SBE 2013 provides malware protection in the form of a local client application that can be remotely managed. Its anti-malware capabilities protect laptops, desktops, and servers against viruses, worms, Trojans, spyware, bots, zero-day threats, root kits, and other threats. The product includes an advanced software firewall. This silently guards against attacks and intrusions by monitoring Internet traffic. SEP SBE 2013 also provides web browser security, USB device blocking in the cloud version, automated updating, and “always-on” protection to secure devices even on external networks.
SEP SBE 2013 installation and configuration
I took a close look at both the onsite and cloud-based versions of SEP SBE 2013 to uncover the differences between the deployment models, as well as to determine the usability and effectiveness of the product’s primary capabilities. I found the hosted version of the product incredibly easy to set up. The process is guided by a wizard and takes little more than logging into the hosted management console and following the wizard's prompts. During the initial configuration, the wizard presents the option of cloud or on-premise management. That choice determines what happens next in the installation process. Either way, installation proves nearly effortless. The on-premise version requires a local system to take on the role of the management server, a chore suited to a variety of versions of Windows Server and Windows Desktop OSes. The cloud-based version can skip that step, running the management server on Symantec's cloud services platform.
After initial configuration, the next step is to push out the anti-malware client to the endpoints. Surprisingly, the onsite version takes the lead in simplicity here, since the agent software can be pushed out silently across local area networks using policies. The cloud-based deployment proves painless as well, however, but “silent” install is achieved using a redistributable package. Alternatively, users can be emailed a link to download and install the agent, or the agent install can be scripted to simplify the installation process for the end user. Once the agents are installed and the endpoints associated with the management console, administrators can define policies, monitor endpoints, and create reports to generate a visual representation of endpoint security performance.
Defining policies in SEP SBE 2013
SEP SBE 2013 can store member endpoints in customizable groups, which can then be associated with polices to automate security controls, system access, and acceptable use. Defining a group requires little more than making some basic selections from a few pull-down menus. Associating client systems with those groups allows automatic policy distribution and enforcement based upon group membership. I found defining groups, associating PCs, and building policies quite simple to accomplish. This simplicity makes SEP SBE 2013 a good fit for smaller enterprises that lack dedicated IT staff or use external consultants to take care of their IT needs.
Admins can define policies for a number of different security purposes, such as control of USB devices web browser protection, firewall controls, and even the configuration and deployment of the security agent. For example, administrators can choose to install only antivirus capabilities and then disable end users' ability to change the associated settings. Policies can also include scanning exceptions and drive exclusions, which in turn can speed up scanning routines by removing mapped network drives from the scanning process.
One enhancement worth mentioning is improved performance. In the past, analysts identified Symantec’s other AV and desktop protection products as poor performers. With SEP SBE 2013, Symantec has made significant improvements to the scanning engines, update mechanisms, and patching process. Those improvements add up to a significant performance boost, a claim backed by independent analysis from performance testing lab PassMark Software. PassMark gave a top rating to SEP SBE 2013 when compared to a field of five competing products.
Currently, the cloud implementation of SEP SBE 2013 only supports Windows systems. The on-premise based solution does include support for Macintosh computers. Symantec Endpoint Protection Small Business Edition 2013 is a subscription service, with prices starting at $30 per computer per year for a one-year subscription. Symantec also offers quantity licenses, discounts, and longer- and shorter-term commitments.