Symantec revamps endpoint security product

Symantec today unveiled its retooled enterprise desktop security product and management console and announced the phased retirement of existing standalone security products.

Windows-based Symantec Endpoint Protection 11.0 adds network-access control functionality  to a product that already combines antivirus, host intrusion prevention, device control and a firewall. In launching its new flagship product, which was code-named “Hamlet,” Symantec also made clear that older desktop security products and the management console Symantec Systems Center are officially slotted for retirement.

“We now stop selling standalone antivirus and network-access control to the enterprise,” says CJ Desai, Symantec’s senior director of endpoint security. Symantec’s current enterprise products, including AntiVirus Enterprise Edition, Client Security, Network Access Control and Sygate Enterprise Protection, are officially being phased out, Desai says. However, Symantec will continue to offer standalone-style products to the consumer and home-office market.

The phase-out of Symantec’s standalone enterprise security products won’t happen overnight, Desai adds.

“We’re giving people three to five years to do this,” he says. In the meantime, to encourage migration to Symantec Endpoint Protection 11.0, Symantec is offering it at no cost to customers of the products slated for retirement.

That offer holds appeal for Glendale, Ariz., healthcare organization Touchstone Behavioral Health, which plans to migrate from Symantec’s standalone security products to the Endpoint Protection 11.0 integrated software for its 200 users.

“Our contract’s financial terms make that an easy upgrade path,” says Steven Porter, IT director at Touchstone Behavioral Health. “The common agent is one of the factors that excites me, rolling all this functionality into the product.” Porter says he has been interested in trying NAC, and this will be a way to do it under a limited IT budget.

To help customers migrate from the Symantec System Center management console to the new Symantec Endpoint Protection Manager, the security firm is providing migration tools. In addition, management tools such as IBM Tivoli, Microsoft SMS and HP OpenView also can be used for the job.

With Symantec Endpoint Protection 11.0, Symantec is introducing integrated agent software where network-access control is based on both an 802.1X and DHCP-based approach, says Desai. “If part of the network is 802.1X-ready and the other part is not, we have NAC.”

Symantec’s NAC agent is compatible with the Cisco NAC architecture, and Symantec is looking at certifying with Microsoft NAC, Desai says. In addition, the new Symantec NAC agent is backward-compatible with the Sygate agent software that will eventually be retired.

Symantec’s NAC infrastructure works with its Network Access Control Enforcer, an in-line device, to provide “on-demand NAC for a guest or contractor who comes to the network,” Desai says.

The Symantec NAC infrastructure recognizes VPNs from Nortel, Cisco and others, plus antivirus software from about 10 other vendors, including arch-rival McAfee.

A new feature added to the device-control function in Endpoint Protection 11.0 is the ability to block the transfer of data to unauthorized devices based on the type of device, including USB, infrared, BlueTooth and serial connections.

Desai points out that although Symantec Endpoint Protection has many integrated functions, it’s not necessary for corporations to use them all at one time. “It’s all modular,” Desai says, noting that when used with the Symantec System Center console, it can scale from a small business to large enterprises with hundreds of thousands of users.

Symantec Endpoint Protection 11.0 costs $52 per seat; volume discounts are available.