Endpoint Threat Defense for Active Directory

 View Only
Back to discussions
Expand all | Collapse all

Threat Defense for AD and SESC

  • 1.  Threat Defense for AD and SESC

    Posted Aug 05, 2020 12:19 AM
    We are about to go down the path of moving from SEP 14 with SEPM on prem to SESC.  I was hoping to move to SESC with the cloud based management.

    However after reading the documentation for TDfAD it requires a SEPM server.  So does that mean I can run Hybrid or do I have to stay on-prem only for the SESC?   I can't see any mention in the docs about integrating with the cloud based SES management.

    Thanks
    Nathan


  • 2.  RE: Threat Defense for AD and SESC

    Broadcom Employee
    Posted Aug 14, 2020 02:02 AM
    TDAD only supports on prem today.  ICDM integration will be done in phases and we expect TDAD to be fully supported in ICDM around March 2021.
    Original Message


  • 3.  RE: Threat Defense for AD and SESC

    Posted Aug 14, 2020 02:13 AM
    Thanks Carlos

    So if I setup laptops to be cloud managed, so that we get telemetry while they are out of the office, does that mean when they are in the office they won't be able to participate in the Threat Defence for Active Directory protection?
    Original Message


  • 4.  RE: Threat Defense for AD and SESC

    Broadcom Employee
    Posted Aug 14, 2020 12:18 PM
    if it is hybrid sep, onprem and Icdm, then they could use standalone TDAD deployment to cover all endpoints until icdm version comes out next March.   Or they could install both versions, but would have 2 consoles.
    Original Message


  • 5.  RE: Threat Defense for AD and SESC

    Posted Aug 15, 2020 12:45 AM
    @Carlos Krystof I'm confused now :D   So a laptop registered directly with the cloud console and not SEPM can still be covered by the TDAD?  I thought the endpoints had to be managed by SEPM for TDAD to be applied to them? ​
    Original Message


  • 6.  RE: Threat Defense for AD and SESC

    Broadcom Employee
    Posted Aug 15, 2020 12:23 PM
    There are 2 versions of TDAD - integrated (primary version) and standalone (legacy version).   An endpoint can only belong to 1 of them. 
     It sounded like the client is using a hybrid for SEP -  14.3 on prem and ICDM.  IF so, you could cover everything TDAD with standalone, or you could do a hybrid if the AD groups are setup correctly. TDAD integrated for anything covered by SEP14.3 and TDAD standalone for anything covered by ICDM.
    Original Message


  • 7.  RE: Threat Defense for AD and SESC

    Posted Aug 15, 2020 06:15 PM

    Well that's news to me.  Why is this info not made clear anywhere. Or if it is I haven't found it. 


    ideally I'd like to get rid of sepm on prem and move everything to cloud managed. 

    I have never setup any integration with AD with the on prem sepm. 


    but I was under the impression if it did that I would lose the tdad ability. 


    I'm waiting to hear back about the training courses but I really need to get up to speed on this very quickly.  And the doco is ok but it doesn't seem to cover scenarios and big picture.  It describes each option etc. 

    so how do I setup the TDAD standalone?


    Original Message


  • 8.  RE: Threat Defense for AD and SESC

    Posted Aug 16, 2020 10:30 PM
    But it seems that the standard version stops at TDAD 3.5, because there is an integrated version of TDAD 3.5.1 on the authorized download page but there is no standard version.
    And TDAD 3.5.1 is not compatible with SEPM14.3MP1, while TDAD 3.5.1 and SEPM 14.3 are compatible.

    ------------------------------
    Taiwan KeepSafe
    ------------------------------

    Original Message


  • 9.  RE: Threat Defense for AD and SESC

    Posted Aug 16, 2020 10:43 PM
    This just gets more ridiculous!
    Original Message


  • 10.  RE: Threat Defense for AD and SESC

    Broadcom Employee
    Posted Aug 19, 2020 05:37 PM
    Where did you find this inaccurate information?
    And TDAD 3.5.1 is not compatible with SEPM14.3MP1, while TDAD 3.5.1 and SEPM 14.3 are compatible.

    Accurate info below:
    TDAD 3.5.1 is the release that coincides with SEPM14.3MP1.  TDAD3.5.0 released with SEPM14.3 and was removed from the download portal, as there was a significant bug that was resolved in SEPM14.3MP1.
    TDAD 3.5.0_Standalone is still available in the download portal.  We have not released the next version of this product, but expect to in September, although I don't know the version number it will have. 

    All documentation was updated in August, if you look at the Support page you will see Standalone specific documentation including install guide.  

     If you remove your on-prem SEP, you will need to use the standalone product until it is supported in ICDM.  TDAD in the cloud (ICDM) is projected to be released in Q2 2021.

    I do not have any information on a projected date for a training course.

    If I missed any other question, please respond again.
    Original Message


  • 11.  RE: Threat Defense for AD and SESC

    Posted Aug 19, 2020 09:06 PM
    The TDAD 3.5.1 is not compatible with SEPM14.3MP1, that was actually from my lab. When I upgrade TDAD from 3.5.0 to 3.5.1 and SEPM upgrade from 14.3 to 14.3MP1, the configuration of the SEPM on TDAD was lost connect, even re-configure it. The error is account or password was not correct. The same time, an error something like "site replication version is not correct" was show on SEPM.
    Original Message


  • 12.  RE: Threat Defense for AD and SESC

    Broadcom Employee
    Posted Aug 20, 2020 09:50 AM
    I am sorry to hear that.  In the release notes for TDAD 3.5.1 , It states: 
     "For the new Threat Defense for AD 3.5.1 endpoint functionality to be active, you must first upgrade SEPM to 14.3 MP1
    and then upgrade the SEP agents. The SEP agents can be upgraded either through the SEPM auto-push function or
    through the manual package deployment. After the SEP agents are upgraded the new new Threat Defense for AD policy
    can be applied from the Threat Defense for AD console."
    If you upgraded TDAD before SEPM, I am not sure the consequences.  You may want to open a Support Ticket, or try to reset the username and password that is giving you the error.  I can tell you that the functionality is working as designed in my Labs.
    Original Message