What is our primary use case?
We have a public zone that is a mix of intranet and public service. We have to ensure that none of the hosts are compromised and that nothing impacts the integrity of the servers. This is our primary use case.
Next, we have to protect data that is stored inside of Docker containers. In developing features, they are outside to an extent, so these have to be brought up in a secured form. This means that we had to create split architectures. Also, we needed something that allowed us to integrate the identity mapping and ensure a certificate-based review. The advantage in the field is that they have a template and a certificate broker. The broker wraps the application around that certificate, which can be put into the firewall security policy.
For example, if one of the programmers comes out with a new code review, which is not wrapped on our stack, then I will not allow him to put that into the code. It first has to be checked into the repository, signed, and then put back into the system.
The advantage to this is that the integrity of the person who created it, and the person who modifies it, are all approved as part of the audit entry. Because it is worked on by a lot of people, and there are millions of lines of code that are changed using this mechanism, we need to know who made what change. The code review team is integrating, but they have to rely on the integrity of the system. So, the snapshot mechanism and the ability to integrate that along with the Docker capabilities is something that is very important to us.
We have also used the Firewall and IPS components, as well as the capability for monitoring the integrity of files.
How has it helped my organization?
We have been building on this solution. For example, it did not handle the Docker security previously. It had been related to the protection of the host. We did not worry about new features or functionality. Instead, we focused on what works the best, and how to prevent the problems that occur right now.
For example, we had a situation where one of the previous Apache web services was being changed, without me knowing who was doing it. Using this solution we were able to identify the process, and it was happening because of rules that were not being followed in that city.
What is most valuable?
The most valuable feature is that the protection of the hard disk security is built in, so it is a ready-to-use product. The monitoring in the management console allows us to find out what is going wrong, and it gets reports even before the user reports it.
Having it in advance of the user is important because it takes time to comprehend. Once we know what is going on and who is doing it, we can act accordingly. We have created our own workflow mechanism as an outcome of this, and we can update the identity and provisioning if any modifications need to be done.
What needs improvement?
There is plenty of room for improvement with this product, and it could start with platform metrics. We are changing certain platforms in terms of preparing them for the system to support it. We always want legacy platforms, or those which need virtual protection or host protection, to be supported no matter how old they are.
We want the speed at which content is delivered to be improved, but not at the cost of complicating the product or reducing its stability.
For how long have I used the solution?
What do I think about the stability of the solution?
The product is stable. From a stability side, if something does go wrong then we should be getting reports in some form.
What do I think about the scalability of the solution?
The product is scalable, but the manageability of the solution across many thousands of servers is becoming complex. It is difficult to monitor and manage, so it is a concern. As the solution scales, I would like a simpler way of managing it.
We do plan to increase the use of the product. The number of hosts and applications are increasing, so our usage is going up.
How are customer service and technical support?
The support from Symantec is fantastic.
Which solution did I use previously and why did I switch?
Previously we had a situation where for Windows we were using one product, and then in the next, we were using something else. There were different mechanisms for different products.
We had a Unix team, a Linux team, and a Windows team. From a simplification standpoint, because we have standardized on this solution, everybody's learning curve has shortened.
How was the initial setup?
The most recent version was pretty simple, although we had our own hiccups and issues related to it. It is based on the environment, and ours has dependency challenges.
Generally, it takes time and diligence to set it up, but it is worth the effort.
Our deployment was done in stages. We have mission-critical servers, critical servers, and business servers. We started with the least critical, which is the business servers. From there we moved to the critical, and then on to the mission-critical. Those were also broken into different groups.
The business servers, where we had to learn the most, took us more than four months. For the critical servers, a lot of the work had been done, and they took us one to two weeks. The mission-critical servers are being set up now. It happens gradually because of our operational dependency.
What about the implementation team?
We did the implementation and deployment ourselves, with help from Symantec support.
What was our ROI?
ROI is very difficult to explain. The quantification done by one of our colleagues was that we have already seen ROI based on independence. We have not reduced manpower, the number of servers has gone up, but the number of incidents has tricked down to single digits. We now know what is happening and what is going wrong.
Which other solutions did I evaluate?
We had many other options to choose from, but none of them have the depth of coverage that Symantec has. We read reviews from different people, and we went ahead with it based on these.
What other advice do I have?
We have several versions of the solution installed, and the version that we install depends on the compatibility with our platforms. We have an old release installed, and we have other editions installed, but that is not because of the product. It is because we can't have the same version for everything.
Our environment is made up of equipment acquired at different times. Some parts are two years old, while other components are the latest version. Now, we have different versions to handle everything.
The implementation becomes picky, but it does its job.
The vendor has not been focused on new features. Rather, they are keeping up with the newer platforms and newer versions that have been coming out. There have been times in the past when the products did not keep up with the code, and the product had lost its importance. The pace at which they were delivering was quite slow. Now, however, the changes are happening faster. As newer operating systems are coming up, the platform is being updated, which has made it rich enough to include the same security that you would expect for all versions.
Performance has never been an issue for this product. We have not found anything that is smaller than this. The question to ask is whether there is ease of use and whether there is platform coverage. This product works on Linux, Unix, and Windows, which is important because you want to use the same product for the whole data center.
Over time, we have seen this solution become less complex and easier to use.
I would rate this solution a nine out of ten.