A small business network doesn't seem that small when you're trying to safeguard dozens, scores or perhaps hundreds of computers against an endless cavalcade of online threats. Installing data security software on all the computers on your network is the first step to protection, but it's not the last. You need to be sure the data protection on each system remains up-to-date and functioning properly on a daily basis -- after all, as the adage says, a chain is only as strong as its weakest link.
Symantec EndPoint Protection Small Business Edition 12.0 (SEPSBE) aims to provide a high degree of network protection for Windows-based small business networks while at the same time demanding a relatively low amount of legwork to get it running and keep it humming.
The Symantec Protection Center management console provides the security status of your network at a glance.
(Click for larger image).
SEPSBE consists of two parts: 1) a security agent for PCs and servers and 2) a centralized management server that keep tabs on all the systems running the aforementioned agent. The cornerstone of SEPSBE's integrated agent software is an anti-virus/anti-spyware component, but it also includes a firewall as well as an intrusion prevention module.
This module inspects network traffic to ensure it's not trying to exploit documented security holes (the kind that -- let's face it -- you probably didn't apply the patches for) or engaged in any sketchy behavior. SEPSBE doesn't include spam or phishing protection; for that you need to step up to Symantec Protection Suite Small Business Edition
The SEPSBE agent can protect Windows XP/Vista/7 or 2003/2008 Server systems, while the management server -- called Symantec Protection Center (SPC) -- can run either on a Windows 2003/2008 server or an ordinary XP or Windows 7 desktop system. (Notably, Vista is excluded as an SPC host, but you're probably not running Vista anyway, right?)
Hardware requirements for both the agent and SPC are fairly modest -- for the former, 1 GB of RAM and either a 1 or 2 GHz Pentium 4 or equivalent CPU, depending on whether you're using the 32- or 64-bit version. The latter has similar CPU requirements but recommends 2 GB of RAM.
Server and Client Installation
SEPSBE's setup wizard keeps things extremely short and sweet; you need specify little more than the company name, an administrator account password, and the email address (plus a mail server address and port) where you want to receive alerts. The setup is arguably a bit too streamlined, because if your email server requires authentication -- as many do -- you'll need to visit the email configuration settings after finishing the wizard to provide the necessary account credentials. (Fortunately, you don't need to dig around to find the settings, as a link is helpfully provided.)
After the SPC is installed, the next step is the agent install wizard. How straightforward installing the agent on your computers will be depends a lot on how they're organized and configured (more on this in a moment), but you get three options that will allow you to install the agent on individual computers without necessarily having to visit them in person.
The agent-install options are email notification, remote push and custom. Email notification deployment lets you delegate the task of installing the client to your users (provided they have admin rights to their computers) by sending a message containing a link to the software to one or more recipients. There's no way to directly send the message to a large group of email addresses other than to type each address (separated by a comma) into the To: field, but a way around this is to email the notification to a single address and then forward it on to a distribution list.
The remote push option completely automates the client install process, letting you browse or search the network for target systems to receive the software. It works best in domain environments and when certain prerequisites have been satisfied, such as first disabling or removing any security or firewall software already on the client. Last but not least there's the custom installation, which lets you package the client software into a single setup file that you can deposit on a shared folder or distribute by other means.