Introduction to Symantec Endpoint Architecture

?--> Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities

--> Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware.?

--> Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.

Architectural components

Symantec Endpoint Protection contains the following main architectural components that work together to protect your company from security threats:

1) Symantec Endpoint Protection Manager?

--> Symantec Endpoint Protection Manger is also known as SEPM

--> The Symantec management server that manages events, policies, and client registration for the client computers that connect to your company's network

--> The management server software provides secure communication to and from the client computers and the console

--> SEPM manages all the endpoint components which simplifies endpoint administration

--> SEPM admin uses web console/ native console to access Symantec Endpoint Protection Manager

--> You can also install a remote console and use it to log on to the management server from any computer with a network connection

2) Symantec Endpoint Protection database?

--> The database stores security policies and events and is installed with Symantec Endpoint Protection Manager

--> The embedded database or Microsoft SQL Server database that stores all configuration, updates, and reporting information

--> SQL Server is recommended for larger organizations with 5000+ computers

--> Symantec Endpoint Protection Manager communicates with either a local or remote Microsoft SQL Server database

3) Symantec Endpoint Protection client

--> This is the Software/agent that is deployed to the Windows, Mac, and Linux computers in your network

--> The client monitors your security policies and automates your policy compliance

--> The Symantec Endpoint Protection enables a client to download content from the management server

--> The client downloads policies and?content from the Symantec Endpoint Protection Manager?

--> The Symantec Endpoint Protection client runs on Windows, Mac, and Linux machines

4) Symantec Endpoint Live Update Server

--> LiveUpdate Administrator downloads definitions, signatures, and other content from an internal LiveUpdate server and distributes the updates to client computers

--> We can also make Symantec Endpoint Production Manager as Live Update Server which will download all the content updates from Symantec

--> You can use an internal LiveUpdate server in very large networks to reduce the load on the Symantec Endpoint Protection Manager

--> Live Update Server connects to symantec cloud and downloads all the content updates.

--> You should also use the internal LiveUpdate server if your organization runs multiple Symantec products that also use LiveUpdate to update client computers

5) Group Update Provider (GUP)

-->?The Group Update Provider helps to distribute content updates within the organization, particularly useful for groups at remote locations with minimal bandwidth.

-->?Organizations that have a lot of clients may want to use Group Update Providers (GUPs) for Windows clients?

-->?GUPs reduce the load on the management server and are easier to set up than an internal Live Update server

--> We can make some of the SEP Clients as Group Update Provider for all the other clients in the remote location

#security #endpointsecurity #symantec