The industry has been racing to fix Meltdown and Spectre, but aside from writing custom SQL queries or by manually checking each system, how do we face the daunting challenge of determining what systems have the compatible Eraser Engine and which ones do not?
The industry has been racing to fix Meltdown and Spectre, but aside from writing custom SQL queries or by manually checking each system, how do we face the daunting challenge of determining what systems have the compatible Eraser Engine and which ones do not?

.

Meltdown and Spectre are critical enough vulnerabilities that need to be patched quickly, however, many organizations using Symantec Endpoint Protection continue to struggle identifying whether they have the right Eraser Engine version updates installed to protect their systems.

 

If you applied that security update to systems in your network running SEP, it is possible your systems experienced a Blue Screen (BSOD) STOP error MEMORY_MANAGEMENT (0x1a) because the Microsoft patch conflicts with Symantec’s ERASER (Expanded Remediation And Side Effect Repair) engine.

 

Essentially, this means that your systems will be vulnerable to any Meltdown/Spectre attacks until:

1. The SEP Eraser Engine is updated to version 117.3.0.358 or greater

2. The Windows Security Updates have been applied

 

Customers who use SOLVE for SEP are able to quickly and efficiently create dashboards to report on their entire SEP deployment displaying what systems were ready for the Meltdown/Spectre Security Update and which systems needed the Eraser Engine updated first.

.

Here is an example of a SOLVE dashboard we were able to build in less than 30 minutes using live data, so we can keep track of the progress instantly.

 

We divided the dashboard by region for the Americas, Europe, and Asia. On the left, we used donut charts to show the Eraser Engine version distribution. On the right side, we used number boards to display the systems that were running a version of the Eraser Engine older than the compatible version required (117.3.0.358).

 

SOLVE dashboards are interactive, so we are able to perform detailed drill-downs on each slice of the donut chart and on the number board in order to get a complete list of the systems. SOLVE for SEP has an integrated scheduler which allows our customers to submit the details to a ticketing system on a regular basis for the appropriate staff to resolve. One of our large enterprise customers explained,

“With SOLVE for SEP, we can now ‘see’ our data and it has saved us countless hours of manual research!”

.

Detailed drill-down in SOLVE for SEP
Here is a sample of the detailed drill-down

 

In order to determine the full magnitude of Spectre/Meltdown and prioritize remediation, it is important to have actionable intelligence and comprehensive real-time visibility across the environment to identify and inventory all known and unknown endpoints to improve your security posture.

 

Stay tuned for future updates, recommendations, and best practices related to Meltdown and Spectre, and for information about how SOLVE can help.

Advanced Reporting for

Symantec Endpoint Protection (SEP)


What if you could get more out of the Symantec Endpoint Protection data you already have?

x

x

Get more with SOLVE for SEP – comprehensive, real-time visibility with limitless drill-downs and detailed reporting for your SEP environment.

x

New Functionality:

  • Dashboards*:
    • System Health Check: overall infrastructure review
    • Upgrade Progress: project status as well as detailed errors for each machine
    • License Seat Count: remove duplicates and deleted agents. Only count agents with the most recent timestamps
    • SEP Deployment Status: view the status of the SEP agent deployments done via SEPM
    • Group Profile Serial Tracking: determine which agents the policies have applied to the group they reside in an which do not
  • Track SEP component details on all machines, and status of each
    • On/Off, not installed, off by policy, malfunctioning, not reporting
  • Outbreak Assistance
    • Easy, simple tracking: deleted, quarantined or left alone
  • Ease tedious, manual investigations

 

*The new dashboards that will be included in the next release are as follows:

Global Status

  • ThreatCon Level
  • Latest AV Definitions
  • Latest SONAR Definitions
  • Latest IPS Definitions
  • SEP Definition Distribution Status
  • AV Currency Status (Visual of clients out of date by number of days)
  • Agent Group Profile Serial Tracking
  • Agents Missing AV Definitions
  • Agents with Corrupt Definitions
  • GUPS with Out of Date AV Definitions

 

Global Protection Status (Status of components: On/Off, Not Installed, Off by Policy, Malfunctioning, Not Reporting)

  • AV Engine Status
  • Auto-Protection Status
  • Sonar Status
  • Network IPS Status
  • Download Protection Status
  • Memory Exploit Mitigation Status
  • Proactive Threat Protection Status
  • Network Firewall Status

 

Agent Version Distribution

  • SEP Client Versions (Drill down rollup table)
  • SEP Agent Version Distribution (Donut chart)

 

Client Events

  • Agent System Events
  • Agent Security Events
  • Agent Behavior Events
  • Agent Packet Events (Top 10)
  • Agent Traffic Events (Top 10)

 

Server Events

  • Server Client Logs
  • Server System Logs
  • Server Policy Logs

 

Licensing

  • Total License Count
  • Total Licenses Consumed
  • Total Licenses Available
  • Licensed Products & Seat Count
  • License Table by Expiration Date

 

 

SOLVE
SOX compliance with SOLVE for SEP

 

SOLVE provides information about SEP intrastructure(s) in user-friendly web dashboards with an array of pre-defined content. SOLVE provides access to any dataset in the SEP database, allowing for unrivaled visualization of SEP data with drill down capabilities from key baselines and metrics in real time.

Unique in its ability to report because it connects directly to your SEP database, SOLVE digests and analyzes all the data in your environment, completely eliminating the need to copy data and install new hardware. SOLVE is easy to configure, fast to implement and friendly to all users.

Tailor your window into your SEP environment to determine very quickly what is working and what needs your immediate attention. SOLVE can drill all the way down to specific asset details of full event data and configuration data allowing you to perform comprehensive investigations into events and areas of interest in seconds – all within a single interface.

Additionally, the highly customizable interface allows administrators to modify the view and presentation of the data to best suit their needs.

 

Get more with SOLVE for SEP – comprehensive, real-time visibility with limitless drill-downs and detailed reporting for your SEP environment.

Contact Conventus for your free trial and see your SEP data differently.