Symantec Endpoint Protection has an antivirus with anti-malware and application control capabilities that we use to protect assets like servers, workstations, and ATMs. There's a central management server we use to manage all the endpoints, regardless of the categories, and we install an agent on all the endpoints that reports to the management server.
If I want to check the status of any asset, I need to get the details like the IP address and the hostname of the system. The management server will give me the current status. I have three different kinds of agents on the endpoint that I can use to control access.
The agents for the ATMs and servers aren't as heavy as the ones for workstations. It's a stripped-down version that removes some of the components and add-ons that are not part of the endpoint protection engines, so the agent is lighter and can be deployed faster. The activities on servers and ATMs are dynamic, so the antivirus must also be very light. To centrally manage the antivirus, I have to set up distribution points because I have more than 14,000 endpoints altogether distributed across more than 250 branches in Nigeria.
I set up distributional points on systems and ATMs. The ATMs are always on the network because they're connected with other points at every branch and location. I need them to be distribution points. When I need to send a file to update all the other systems, I send it to these distribution points. These distribution points in Symantec record the data needed to update all the other systems
Let's say I have two different locations. I will have the updated data at location one, and I have other data at location two. These different locations have their own IP subnets, so I will configure the update data so that the IP within that subnet can talk to it and no other IP outside the subnet. This one makes ensures my assets, ATMs, workstations, and servers can update as soon as possible.
I'm always compliant. The servers in the data center don't need to talk to any distribution points. They talk directly to the management server to get the updates regularly because the servers are always on the network at the data center, the workstations that people shut down at the end of the day. Any time people connect to the network, the system will update automatically. That is the normal architecture for Symantec.
Symantec centralized our intrusion detection system while creating additional layers of security at the endpoint level. We're not relying on the central intrusion detection system. It gave us more value than expected.
The solution also helped give us visibility into compliance within our whole system and ensure everything is updated. I can tell you the number of outdated systems from the same management server. In the same console, I can remotely trigger an update on any system. Symantec offers more flexible administration than other solutions. Most other antivirus products get updates directly from their portal, install them on the management server, and all the endpoints pull the update from it. Sometimes, an endpoint may not update. The update might be on the endpoint, but the system will still not pick up.
Most other antivirus solutions can't do a workaround like Symantec, where you can download the JDB file from the portal and copy the file to a specific path on the problem system. You don't even need to install it. Once you drop the script into the system, it will run automatically. After 20 to 40 seconds, the system will be updated, and the status will turn green.
Using distribution points is also a game changer because it has saved it. Symantec considers that you may have bandwidth issues in this part of the world. You can leverage the update and push the file through locations with inadequate bandwidth. When you push the file through, the update can pull the data file and distribute it across the other endpoints.
Having this flexibility makes the solution easy to use. You can also segment the systems according to assets. It lets you classify servers, ATMs, and workstations separately. You can have different versions because of the flexibility. You can remove some components before generating the agent you are installing on the endpoint.
I get around 95 percent compliance, meaning that 95 percent of the systems are up to date at any time. I also want to take it a step further to achieve around 98% because I have discovered some systems are not updating.
Then there is another file called the JDB in Symantec that I download regularly and distribute across all the ATMs, which I use as my distribution points. I will run a script to pick this JDB file and copy it to a specific path on all the outdated MAA workstations to update them automatically.
Overnight, I usually copy the script to all 256 distribution points across the nation. The next day, I will run another script that goes to the specific distribution point, acquires the JDB file, distributes it to the list of data systems I have prepared by location, and copy the file to those computers. They will be updated automatically.
That has been fully automated. I download the file every day at the close of business. It is shared through a script that is already automated across the distribution points the following day at 9:00 am because it's expected that people will resume work by 8:00 am. By 9:00 am, I expect every system to be on. The outdated systems will be targeted with the JDB and updated.