Focus on Virus
RE: Symantec AV reporting metrics. Jun 19 2006 03:57PM
Howe, Paul H (paul howe nwa com)
Hmmm... If your management does not trust the patch fro 10.1, why do they trust the patch for 8.1?

> -----Original Message-----
> From: Serge Vondandamo [mailto:serge.vondandamo (at) wanadoo (dot) fr [email concealed]]
> Sent: Sunday, June 18, 2006 1:15 AM
> To: 'Ted Senn'
> Cc: focus-virus (at) securityfocus (dot) com [email concealed]; 'sekure'
> Subject: RE: Symantec AV reporting metrics.
>
>
> I forgot to add that,
>
> I have up to 6000 Clients located WW (Europe, Americas, APAC,
> and Middle-east).
>
> Thanks,
> Serge
>
> -----Message d'origine-----
> De : Serge Vondandamo [mailto:serge.vondandamo (at) wanadoo (dot) fr [email concealed]]
> Envoyé : dimanche 18 juin 2006 08:11
> À : 'Ted Senn'
> Cc : 'focus-virus (at) securityfocus (dot) com [email concealed]'; 'sekure'
> Objet : RE: Symantec AV reporting metrics.
>
> All,
>
> Thank you for your pointers.
>
> I have tried the manual process but it doesn't give good
> metrics for my audience (CTO, CSO, CIOs, IT Managers).
>
> I have tried to convince IT folks to upgrade to 10.1 so I can
> use the reporting module but no one want to upgrade to a
> vulnerable version of the AV.
>
> They don't believe in the patch provided by Symantec since I
> am not able to test it and provide a technical report - patch
> the app and try to exploit the vulnerability and report.
>
> Please, could you help me on the following?
>
> 1. Do you have a screenshot of the reporting module? Graphs,
> type of metrics it can provide, etc?
>
> 2. Do you know how I can patch 10.1 and test the
> effectiveness of the patch?
>
> Thanks,
> Serge
>
>
> -----Message d'origine-----
> De : Ted Senn [mailto:ted.senn (at) zurichna (dot) com [email concealed]]
> Envoyé : vendredi 9 juin 2006 15:58
> À : serge.vondandamo (at) wanadoo (dot) fr [email concealed]
> Cc : focus-virus (at) securityfocus (dot) com [email concealed]; 'sekure'
> Objet : RE: Symantec AV reporting metrics.
>
> Installing the reporting server is the start. Unless you
> have a small number of clients I would recommend a separate
> system. The reporting server is somewhat CPU intensive in my
> experience.
>
> Each AV server will need to have reporting agents installed
> on them. However for testing you can set up the reporting
> server and only those AV servers that you want to test with
> would need the reporting agents installed. You will need the
> SAV 10.1 SSC to configure the agents
>
> Yes 10.1 needs to be maintenance patched to 10.1.0.400 and
> point patched to 10.1.0.401
>
>
> Ted Senn
> Security Engineer
> Distributed Security
> 847-605-6837
>
>
> "Serge Vondandamo"
>
> <serge.vondandamo@ To: "'Ted Senn'"
> <ted.senn (at) zurichna (dot) com [email concealed]>
> wanadoo.fr> cc:
> <focus-virus (at) securityfocus (dot) com [email concealed]>, "'sekure'" <sekure (at) gmail (dot) com [email concealed]>
> Subject: RE:
> Symantec AV
> reporting metrics.
> 06/08/2006 09:26
>
> PM
>
>
>
>
>
>
>
>
>
> Thanks Ted,
>
> If I understand, I just need to install the 10.1 and the
> reporting server in one of my primary and that is it?
>
> Is there any eval version of it? I will like to test it on my
> lab first. BTW, is the 10.1 affected by the recent Symantec
> products vulnerability?
>
> Thanks,
> Serge
>
> -----Message d'origine-----
> De : Ted Senn [mailto:ted.senn (at) zurichna (dot) com [email concealed]]
> Envoyé : mardi 6 juin 2006 14:24
> À : serge.vondandamo (at) wanadoo (dot) fr [email concealed]
> Cc : focus-virus (at) securityfocus (dot) com [email concealed]; 'sekure'
> Objet : RE: Symantec AV reporting metrics.
>
> I am running Reporting server without any problem on version
> 10, and 9 servers. The agent installs and reports back to
> the reporting server. You may need a special group with 10.1
> for the reporting server only, but the reporting will work
> with the lower version AV servers ( agent will not install on
> NT systems)
>
>
> Ted Senn
> Distributed Security
>
>
> "Serge Vondandamo"
>
> <serge.vondandamo@ To: "'sekure'"
> <sekure (at) gmail (dot) com [email concealed]>
> wanadoo.fr> cc:
> <focus-virus (at) securityfocus (dot) com [email concealed]>
> Subject: RE:
> Symantec AV reporting metrics.
> 06/05/2006 03:30
>
> PM
>
>
>
>
>
>
>
>
>
> Sekure and all,
>
> Thanks but we don't have version 10.1 and unfortunately, I
> have to find a way to report with the versions we have. I may
> suggest to upgrade but that will not be possible now - IT Ops
> folks and other IS Managers will be difficult to convince -
> given the heavy IT Governance and change process we have in place.
>
> We currently have version 8 in few sites, version 9 and 10 in
> the majority of the sites.
>
> Paul, your pointers are more than welcome!!!
>
> Thanks,
> Serge
>
>
>
> -----Message d'origine-----
> De : sekure [mailto:sekure (at) gmail (dot) com [email concealed]]
> Envoyé : lundi 5 juin 2006 20:51
> À : Serge Vondandamo
> Cc : focus-virus (at) securityfocus (dot) com [email concealed]
> Objet : Re: Symantec AV reporting metrics.
>
> Symantec Corp AV 10.1 has a reporting server module, which
> provides pretty pictures for lots of these metrics.
>
> On 6/3/06, Serge Vondandamo <serge.vondandamo (at) wanadoo (dot) fr [email concealed]> wrote:
> > All,
> >
> > I have been tasked to develop Symantec AV reporting metrics. The
> > metrics should help provide visual information (graphs, tables, etc)
> to
> > Senior management on weekly, monthly, quarterly and annual basis per
> region
> > and WW if needed.
> >
> > I am focusing on providing the followings:
> >
> > - Number of AV clients per region,
> > - Number of AV engines, versions, per region,
> > - Information on AV defs per region, frequency of updates,
> versions of
> > AV definitions, age of AV definitions (i.e. two weeks old,
> two months
> > old,
> very
> > old, etc).
> > - Status of AV clients per region - i.e. auto-protect enabled or
> disabled,
> > threat found, old definitions, etc.
> > - Any other information that will be useful for big boss not
> > interested
> on
> > technical data.
> >
> >
> > I am looking for pointers, idea and suggestion from those who have
> already
> > done so; I will not try to re-invent the wheel ;)
> >
> > Thanks for your inputs.
> >
> > Regards,
> > Serge Vondandamo, HND, CISSP, CCNA.
> >
> >
> >
>
>
>
>
>
>
>
>
> ******************* PLEASE NOTE *******************
> This E-Mail/telefax message and any documents accompanying
> this transmission may contain privileged and/or confidential
> information and is intended solely for the addressee(s) named
> above. If you are not the intended addressee/recipient, you
> are hereby notified that any use of, disclosure, copying,
> distribution, or reliance on the contents of this
> E-Mail/telefax information is strictly prohibited and may
> result in legal action against you. Please reply to the
> sender advising of the error in transmission and immediately
> delete/destroy the message and any accompanying documents. Thank you.
>
>
>
>
>
>
>
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus