Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection
Altiris, Now Part of Symantec Copyright 2007 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Altiris and any Altiris or Symantec trademarks used in the product are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION, INCLUDING WITHOUT LIMITATION ITS AFFILIATES AND SUBSIDIARIES, SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, Rights in Commercial Computer Software or Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display, or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 http://www.symantec.com Altiris, Inc. 588 W. 400 S. Lindon, UT 84042 http://www.altiris.com II :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Table of Contents Introduction...4 What s New in Symantec Endpoint Protection 11.0?...4 How Does the Free Symantec Endpoint Protection I ntegration Component Add Value?...5 Installing the Symantec Endpoint Protection Integration Component...7 How it Works...8 What is Dell Client Manager?...8 Value of Dell Client Manager in Symantec Endpoint Protection Environments...9 Conclusion...12 Additional Resources...12 III :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Introduction With the release of Symantec Endpoint Protection 11.0, Symantec has secured its position as the leading provider of antivirus and advanced threat prevention technologies. No other security vendor offers such a comprehensive solution in a single, integrated console and agent. In an effort to facilitate the migration and deployment to this new solution, Altiris now part of Symantec has released the Symantec Endpoint Protection Integration Component. This free tool runs on the Altiris Notification Server architecture. The integration component is designed to ease the rollout of Symantec Endpoint Protection and provides additional benefits for organizations that use Altiris software to manage their environments. So what does this mean for users of Dell Client Manager? Dell Client Manager is also based on the Altiris Notification Server and, given the extensible framework of that architecture, Dell customers can realize additional value from this integration. To start, let s take a look at what the free Symantec Endpoint Protection Integration Component from Altiris offers. Then, we ll discuss how Dell Client Manager extends that integration for Dell customers. What s New in Symantec Endpoint Protection 11.0? Symantec Endpoint Protection 11.0 combines Symantec AntiVirus with advanced threat prevention to deliver unmatched defense against malware for notebooks, desktops and servers. It seamlessly integrates essential security technologies (much more than just antivirus) into a single agent and intuitive management console, increasing protection and helping lower total cost of ownership. The new Symantec Endpoint Protection agent also has a significantly smaller footprint than previous versions of just the AntiVirus agent, and it has been optimized for performance. Capabilities of this new Symantec Endpoint Protection release include: Antivirus Software that attempts to identify, thwart and eliminate computer viruses and other malicious software. Antispyware Software designed to remove or block spyware. Desktop firewall An application that controls network traffic to and from a computer, permitting or denying communications based on a security policy. Device control Controls access to ports and devices connecting to a computer. Intrusion prevention Monitors network and/or system activities for malicious or unwanted behavior and can react, in real time, to block or prevent those activities. [Note: Symantec intrusion prevention is unlike any other IPS because it includes anon-signature-based, behavior-blocking technologies with advanced accuracy.] Learn more about this new Symantec offering at http://www.symantec.com/business/products/overview.jsp?pcid=2241&pvid=endpt_prot_1. 4 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
What Value Does the Free Symantec Endpoint Protection Integration Component Add? The Symantec Endpoint Protection Integration Component is provided to bring power and simplicity to the process of upgrading and deploying your endpoints to the new Symantec Endpoint Protection 11.0 agent. The Symantec Endpoint Protection Integration Component snaps into the Altiris Notification Server, which is a free management platform used navigate, monitor and configure Altiris management solutions. Note that no prior Altiris solutions are required to use this free component; however, existing users of Altiris management solutions will find added value in running the Symantec Endpoint Protection Integration Component alongside their other Altiris solutions. So what specific benefits does this free Symantec Endpoint Protection Integration Component provide? Here s a partial listing: Robust remote install, upgrade or uninstall of Symantec agents via pre-built tasks, including options for multicasting, scheduling, bandwidth throttling, checkpoint recovery, tracking agent installation status, and deploying to WAN environments. Initiate scans from the Altiris Console leveraging collections built from the Altiris configuration management database (CMDB). If you re already using other Altiris solutions, you can target scans to machine collections built from any data in the Altiris CMDB. This provides fine-grained targeting of Symantec Endpoint Protection scans based on a variety of different device properties. Figure 1: Initiate Symantec Endpoint Protection scans from the Altiris Console Prebuilt tasks to help locate and uninstall agents from previous versions of Symantec (or from other vendors such as McAfee or Trend Micro). Active Directory Integration. 5 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Symantec Endpoint Protection operational dashboards. If you are using other Altiris solutions you may already be familiar with how the console can be used to create a custom portal view that combines dashboards and reports from many different solutions into one view. Symantec Endpoint Protection dashboards can also be combined and leveraged in this way. Figure 2: Symantec Endpoint Protection dashboards in the Altiris Console 6 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Graphical, Web-based reporting on signature status, installed clients and infected systems. Figure 3: Initiate Symantec Endpoint Protection scans from the Altiris Console Role-and-scope based security for the above functions. Installing the Symantec Endpoint Protection Integration Component The Symantec Endpoint Protection Integration Component can be downloaded from http://www.altiris.com/download.aspx?product=41799 or, if Altiris Notification Server is already installed, it can be downloaded from within Solution Center using the following steps. 1. Open the Altiris Notification Server console. 2. Select the Configure menu, and then select Solution Center. 3. In the Available Solutions tab view, click the Segments button. 4. Expand the Components list. 5. Select Symantec Endpoint Protection Integration Component. 6. Click Start. 7 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
How it Works From the Altiris Console, you can view and act upon data generated from Symantec Endpoint Protection. This data is transferred from your Symantec Endpoint Protection Manager database to the Altiris Notification Database. This is done using basic data imports and a linked server connection created between the Altiris Notification Database and the Symantec Endpoint Protection Manager database. The configuration and scheduling of these imports can be user defined. When run, the import pulls a common identifier representing each computer from the Symantec Endpoint Protection Manager database into the Altiris Notification Database. If a computer that exists in the Symantec Endpoint Protection Manager database is not found in the Altiris Notification Database, then a new computer entry is created. Figure 4: Data Exchange with the Symantec Endpoint Protection Integration Component Computer resources imported from your Symantec Endpoint Protection Manager are automatically organized into collections. The Symantec Endpoint Protection Integration Component automatically adds each client computer to its applicable collection based on the inventory imported from the connector. Custom collections and reports may be created from this inventory to identify and target specific computers (for example, computers with outdated virus definitions). What is Dell Client Manager? Dell Client Manager is a free tool for managing Dell systems that is part of the Dell OpenManage product line. It is available for download to all Dell customers at www.dell.com/openmanage (click the Client Management link). Additional for charge versions of the tool add operating system and application management features like system migration, software delivery, OS patching, application metering, and so on. Specifically, Dell Client Manager provides the ability to inventory hardware and BIOS settings on OptiPlex, Precision, and Latitude systems running a Windows 2000 or Windows XP operating system. Hardware and BIOS inventory properties can be used to automate common Dell client management tasks such as remotely updating the system BIOS. Administrators can also use Dell Client Manager to remotely configure BIOS settings via policies, monitor hardware health and system settings, remotely perform power management operations and apply power schemes. 8 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Learn more about Dell Client Manager at www.dell.com/openmanage or www.altiris.com/dellclientmanager. Value of Dell Client Manager in Symantec Endpoint Protection Environments Dell Client Manager provides several valuable functions for Dell customers, but what value does it add for customers who are also running Symantec Endpoint Protection? See below for a partial listing. Comprehensive security Symantec Endpoint Protection customers are clearly interested in securing their environments. Dell Client Manager can help with this effort in some key ways including the enforcement of critical BIOS settings via policies. Such settings may include: o o Setting BIOS passwords that keep other BIOS settings protected or even preventing a system boot without an end-user password Securing device boot order (for example, eliminating the ability to boot to a CD or USB device, or disabling Wake on LAN or Preboot Execution Environment settings) Figure 5: Enforcing Dell BIOS settings via a policy 9 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Leveraging Dell Client Manager data or functions as part of your Symantec Endpoint Protection agent rollout: o Use Dell Client Manager s support for Intel vpro as a secure alternative to Wake on LAN to wake up systems during off-peak hours for SEP agent deployment. Figure 6: Leveraging Intel vpro for SEP Agent Deployment o Dell Client Manager collections and BIOS/HW inventory data can be used to target Symantec Endpoint Protection agent distribution to Dell systems Figure 7: Leveraging Intel vpro processor technology for Symantec Endpoint Protection agent deployment 10 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Dell Client Manager reports and dashboards can be combined with Symantec Endpoint Protection status information in one console view Figure 8: Combined Dashboards from Dell Client Manager and Symantec Endpoint Protection in a Single Portal Page Dell Client Manager provides monitoring of hardware related events - such as detecting a chassis intrusion - that may be helpful as part of an overall company security policy. 11 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION
Conclusion The Symantec Endpoint Protection Integration Component from Altiris adds value to your organization by simplifying the deployment and ongoing management of systems running Symantec Endpoint Protection. Leveraging free tools such as Dell Client Manager with the Symantec Endpoint Protection Integration Component broadens management capabilities by providing additional data and functionality to more precisely secure Dell client systems. The Altiris Notification Server architecture allows integration between many other management solutions to increase management capability while reducing the overall cost to manage Dell environments. Additional Resources Important links for additional information are listed below. Symantec Endpoint Protection 11.0 Overview http://edm.symantec.com/endpointsecurity/ Symantec Endpoint Protection Integration Component from Altiris - Data sheet: http://www.altiris.com/upload/ds_sepic.pdf - Documentation: http://www.altiris.com/upload/sepintegrationhelp.pdf - Release notes: https://kb.altiris.com/article.asp?article=35819&p=1 Dell Client Manager www.altiris.com/dellclientmanager www.dell.com/openmanage 12 :: DELL CLIENT MANAGER AND SYMANTEC ENDPOINT PROTECTION