Building a better mousetrap isn't necessarily the answer for enterprise endpoint protection. Claiming you have the most and fastest AV signatures, foolproof behavior analysis and bullet-proof host intrusion prevention won't necessarily send the corporate world beating a path to your door.
Helping enterprises shoulder the burden of managing security on thousands of desktops, laptops and servers are another matter.
Symantec Corp. is betting that enterprises will respond eagerly to two new services announced today to manage and monitor endpoint security. With Endpoint Protection Monitoring and Endpoint Protection Management, the 800-pound-guerilla in this market is selling business help rather than its technology.
"In the past, it has always been about bits and bytes," said Khalid Kark, principal analyst at Forrester Research Inc. "The whole notion here is taking a business perspective towards these services -- how does it solve business problems?"
Symantec's pitch to large enterprises is that resources are tight just when threats are increasing at a staggering rate—requiring frequent updates, quick alerts and rapid, prioritized responses to infections and outbreaks.
The management service assures that endpoint protection is present, running and up to date on all systems and that management consoles are up and running so updates are issued. The service will also notify customers about performance issues on consoles, such as lack of disk space.
Endpoint Protection Monitoring feeds event reports to Symantec security analysts, who also use information from their Global Intelligence Network and correlate it with information from network protection systems to identify and address security issues and escalate as needed to enterprise security personnel.
"Large enterprises have malware outbreaks all the time," said Grant Geyer, vice president for managed services at Symantec. "There are so many people on the network that don't have the right level of endpoint protection—consultants, partners."
"In addition, sometimes servers and systems put on networks are inadvertently not patched properly. Systems may not be updated for a variety of reasons. You can fall pretty far behind pretty quickly because of the dramatic increase in malware."
Symantec is tying strong service-level agreements to their services: 10-minute notification of critical incidents, 99.9% service and Web portal availability and 30-minute notification if the management console is unavailable.
The services cover Symantec's Antivirus, Endpoint Protection and Network Access Control products.
The competition among traditional antivirus vendors has grown fiercer in recent years, as signature-based detection has failed to keep with the criminally motivated threats of Web-based malware. McAfee Inc., Trend Micro Inc. and Sophos vie with Symantec for market share, based largely on claims of better detection/prevention and management technology.
With these complimentary services, Symantec is taking another tack, aiming higher up the corporate food chain, Kark said. Instead of targeting service line managers based on their technology, they're pitching a business message to executives.
"Most of these companies offer pretty similar products and services. Symantec is trying to change the game by getting to a higher level audience," Kark said. "If they get their message to that audience, they may have a little bit of a head start."