Endpoint Protection

Hello,

I need some clarification on the EDR and SEP integration. As explained in this article below, EDR engine is included in SEP version 14 RU1 and newer. 

https://knowledge.broadcom.com/external/article/170436/endpoint-detection-and-response-engine-u.html  

But if you use the on-premises version of SEP then this cannot do anything unless you forward the events to EDR server, correct? Otherwise the SEPM console cannot show much information related to EDR?

And the other thing, if you use Symantec Endpoint Security 15, I saw here on last page https://docs.broadcom.com/doc/endpoint-security-en that there is EDR in the cloud console. Does it mean if you are using SES 15 you don't need separate EDR server and all EDR related events and information can be seen in the cloud console?

If you are strictly on-prem SEP, then you will need the EDR server for processing of the events.

If you have our SES Complete product, both cloud and on-prem EDR is included. If you have the original SEP Cloud (which is going away) or SES Enterprise, EDR is not included.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom
------------------------------

Original Message:
Sent: 08-06-2020 11:55 AM
From: Stefan Karamihaylov
Subject: SEP and EDR

Hello,

I need some clarification on the EDR and SEP integration. As explained in this article below, EDR engine is included in SEP version 14 RU1 and newer.

https://knowledge.broadcom.com/external/article/170436/endpoint-detection-and-response-engine-u.html 

But if you use the on-premises version of SEP then this cannot do anything unless you forward the events to EDR server, correct? Otherwise the SEPM console cannot show much information related to EDR?

And the other thing, if you use Symantec Endpoint Security 15, I saw here on last page https://docs.broadcom.com/doc/endpoint-security-en that there is EDR in the cloud console. Does it mean if you are using SES 15 you don't need separate EDR server and all EDR related events and information can be seen in the cloud console?

Thanks for the update Kris, so if we move to the SES Complete then from the Integrated Cyber Defense Manager console we can see the EDR related information and no need for separate EDR server?
Original Message:
Sent: 08-06-2020 12:11 PM
From: Kris Gainsforth
Subject: SEP and EDR

If you are strictly on-prem SEP, then you will need the EDR server for processing of the events.

If you have our SES Complete product, both cloud and on-prem EDR is included. If you have the original SEP Cloud (which is going away) or SES Enterprise, EDR is not included.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-06-2020 11:55 AM
From: Stefan Karamihaylov
Subject: SEP and EDR

Hello,

I need some clarification on the EDR and SEP integration. As explained in this article below, EDR engine is included in SEP version 14 RU1 and newer.

https://knowledge.broadcom.com/external/article/170436/endpoint-detection-and-response-engine-u.html 

But if you use the on-premises version of SEP then this cannot do anything unless you forward the events to EDR server, correct? Otherwise the SEPM console cannot show much information related to EDR?

And the other thing, if you use Symantec Endpoint Security 15, I saw here on last page https://docs.broadcom.com/doc/endpoint-security-en that there is EDR in the cloud console. Does it mean if you are using SES 15 you don't need separate EDR server and all EDR related events and information can be seen in the cloud console?

We are going to move from SEP 14 on prem to SESC and will be wanting to use all the extra features including EDR and also Threat Defence for Active Directory.  Hoping I can move to total cloud based management.  Finding it very difficult to work out how it's all going to work together and if I need to have the SEPM server on prem still and go hybrid management etc....

Original Message:
Sent: 08-06-2020 12:47 PM
From: Stefan Karamihaylov
Subject: SEP and EDR

Thanks for the update Kris, so if we move to the SES Complete then from the Integrated Cyber Defense Manager console we can see the EDR related information and no need for separate EDR server?
Original Message:
Sent: 08-06-2020 12:11 PM
From: Kris Gainsforth
Subject: SEP and EDR

If you are strictly on-prem SEP, then you will need the EDR server for processing of the events.

If you have our SES Complete product, both cloud and on-prem EDR is included. If you have the original SEP Cloud (which is going away) or SES Enterprise, EDR is not included.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-06-2020 11:55 AM
From: Stefan Karamihaylov
Subject: SEP and EDR

Hello,

I need some clarification on the EDR and SEP integration. As explained in this article below, EDR engine is included in SEP version 14 RU1 and newer.

https://knowledge.broadcom.com/external/article/170436/endpoint-detection-and-response-engine-u.html 

But if you use the on-premises version of SEP then this cannot do anything unless you forward the events to EDR server, correct? Otherwise the SEPM console cannot show much information related to EDR?

And the other thing, if you use Symantec Endpoint Security 15, I saw here on last page https://docs.broadcom.com/doc/endpoint-security-en that there is EDR in the cloud console. Does it mean if you are using SES 15 you don't need separate EDR server and all EDR related events and information can be seen in the cloud console?

@NathanO That's the hard part. I personally cannot say which way is better for your environment, but I will say that we engineer the hybrid so that customers can migrate to cloud at their own pace. 

Also, with SESC, everyone forgets about getting that data out and into SIEMs and data lakes. Symantec Integrated Cyber Defense Exchange (ICDx) is also included with any of our endpoint choices, it's free. If you are interested in checking it out, take a look here: https://docs.broadcom.com/doc/icdx-partner-en. If you want to download it and you don't see it in your download on the Broadcom Support page, reply here.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom
------------------------------

Original Message:
Sent: 08-06-2020 07:07 PM
From: Nathan Oldfield
Subject: SEP and EDR

We are going to move from SEP 14 on prem to SESC and will be wanting to use all the extra features including EDR and also Threat Defence for Active Directory.  Hoping I can move to total cloud based management.  Finding it very difficult to work out how it's all going to work together and if I need to have the SEPM server on prem still and go hybrid management etc....

Original Message:
Sent: 08-06-2020 12:47 PM
From: Stefan Karamihaylov
Subject: SEP and EDR

Thanks for the update Kris, so if we move to the SES Complete then from the Integrated Cyber Defense Manager console we can see the EDR related information and no need for separate EDR server?
Original Message:
Sent: 08-06-2020 12:11 PM
From: Kris Gainsforth
Subject: SEP and EDR

If you are strictly on-prem SEP, then you will need the EDR server for processing of the events.

If you have our SES Complete product, both cloud and on-prem EDR is included. If you have the original SEP Cloud (which is going away) or SES Enterprise, EDR is not included.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-06-2020 11:55 AM
From: Stefan Karamihaylov
Subject: SEP and EDR

Hello,

I need some clarification on the EDR and SEP integration. As explained in this article below, EDR engine is included in SEP version 14 RU1 and newer.

https://knowledge.broadcom.com/external/article/170436/endpoint-detection-and-response-engine-u.html 

But if you use the on-premises version of SEP then this cannot do anything unless you forward the events to EDR server, correct? Otherwise the SEPM console cannot show much information related to EDR?

And the other thing, if you use Symantec Endpoint Security 15, I saw here on last page https://docs.broadcom.com/doc/endpoint-security-en that there is EDR in the cloud console. Does it mean if you are using SES 15 you don't need separate EDR server and all EDR related events and information can be seen in the cloud console?