Symantec on Monday introduced new client-side security software for the enterprise that borrows some tools and techniques from the company's consumer line.
Symantec Client Security 2.0 is the result of “commingling of our technologies," said Kevin Murray, the Cupertino, Calif.-based firm's director of product marketing. "There were features in our consumer space security products that corporate customers thought would be useful in a managed environment, so we're starting to bring them to the enterprise.”

Client Security integrates firewall, anti-virus, and intrusion detection defenses for desktops and laptops, then puts all the protected clients under control from a single management console. Its target: systems that are beyond the enterprise perimeter, such as employee PCs, mobile workers' notebooks, and branch office systems unguarded at the gateway.

“If clients always stayed behind the perimeter, you wouldn't need something like Client Security,” said Murray. “But they're moving beyond the perimeter, and enterprises need to protect every aspect of the corporate environment.”

Blended threats, such as SQLSlammer and Code Red, said Murray, were the drivers behind companies wanting a client-based firewall on their systems to add another layer of protection to already-existing perimeter defenses of the network.

“The real milestones were Slammer, Code Red, and topmost, MSBlast because of their port scanning,” he said. “Defenses comprised only of anti-virus were totally vulnerable to how these worms looked for vulnerable systems.”

Among the new features in version 2.0 are several which made their debut in the consumer-level Symantec Internet Security, said Murray. Client Security now includes a Web ad blocker, as well as an adware/spyware detector, all tools that have been part of the Internet Security for consumers. “Corporate administrators are now saying, 'I don't want that on my networks,'” said Murray.

Client Security also boasts several new features expressly for enterprises, including a virtual private network (VPN) compliance checker that verifies an outside system meets set policies before it's allowed to connect with the network. Some VPN providers, including Nortel, CheckPoint, iPass, and Fiberlink, already have implemented Symantec's new client compliancy application program interface (API), and others, said Murray, will follow suit during 2004.

Administrators can demand that remote machines accessing the network via a VPN tunnel, for instance, have up-to-date virus definitions and a properly configured and enabled firewall.

“Before a user establishes that VPN tunnel, Client Security checks the defenses of the client,” said Murray. “In today's blended threat climate, during the time it takes to log on [to a VPN], there are loads of threats that could impact the client.”

Such fast-acting exploits seen last year, said Murray, included MSBlast, which was able to infect an unprotected system in just fractions of a second.

Another new feature sniffs out suspicious e-mail activity that may mean a worm has installed an SMTP engine in an infected client and is getting ready to mail a slew of copies to others. Client Security now stops such mailings before they're sent, said Murray.

Client Security 2.0 sports about half the hard drive footprint of its predecessor -- jut 18MB as compared to 34MB -- includes a location awareness feature that lets administrators control the client's access depending on its physical location, and can trace infections spread through open file shares to the originally-infected system.

Client Security's pricing depends on the number of clients protected. For an enterprise with between 2450 and 499 nodes, the software costs $43.40 per node; for larger installation -- over 2,000 nodes, for instance -- the price falls to $31.80 per client.

You can view the original article here...
http://www.techweb.com/wire/story/TWB20040405S0001