This articles describes the differences between Symantec Endpoint Protection Small Business Edition (SEP SBE), both the Cloud and On-premises versions and Symantec Endpoint Protection Enterprise Edition (SEP).

SEP SBE Cloud Features

SEP SBE On Premises Features

SEP Enterprise Features

*Supports Server Core installations for Windows Server 2008/2008 R2/2012/2012 R2

SEP SBE Cloud Features

Features of the Cloud Managed Implementation of SEP SBE

Cloud Managed Endpoint Service Portal (CMES Portal):

The CMES Portal is stored on Symantec servers and accessed at https://hostedendpoint.spn.com. It is the centralized portal for managing all policies, computer status updates, definitions, and client software updates, this takes the place of the Symantec Endpoint Protection Manager (SEPM) in previous versions and On Premises installations. Relocating this management component to the cloud allows for fewer necessary resources locally in the environment.

• Clients require a stable internet connection to activate, receive policy changes and update definitions
• Clients installed on workstations automatically update the protection software installed
  • Note: Server installations are not automatically updated
• The Home tab is an easy to read summary page of the following features:
  • Computers Health status showing all systems as either Green, Yellow, or Red
  • A news alert window with the newest information regarding services and features 
  • Security summary windows that notify administrators of the latest virus infections, firewall detections, and intrusion attempts on the network
  • A quick tasks option is shown for the most commonly used tasks
  • A latest threats window to educate administrators about the names of the most detected viruses globally and the local environments' current protection against them

Computer Management:

The Computers tab located in the top navigation bar will have all computers and groups created listed in an easy to read format. This allows administrators to manage computers and groups by role, location, duty, etc.

• The default view show all systems currently with the Cloud SEP SBE installed
• The Group section is on the left and allows for creating groups based on whatever criteria are desired for administration of the environment
• The computer tab also has separate list views of all computers considered to be in “good health”, “computers that need attention”, and computers that are considered “At Risk” and need immediate attention

Policy Management:

The Policies tab located on the navigation bar gives administrators a way to customize Symantec settings to environmental or individual computer requirements. This tab gives allows for the ability to customize schedules and settings for SEP SBE clients.

• The systems policy allows for customizing proxy settings and LiveUpdate scheduling
  • Note: LiveUpdate scheduling is for product updates only, definition updates cannot be scheduled in the Cloud version of SEP SBE
• The Endpoint Protection policy has several options available for customizing settings to needs of users, software and the environment.
• Computer Protection Control: Allows for customization of what protection technologies are active on clients
• USB Device Control: Allows mass storage devices to only be used with password approval, makes them read only or blocks access to them altogether
• Web Protection: Allows control over our internet security components, which include Browser Protection, Safe Surfing, and Download Intelligence
• Network Protection: The Smart Firewall and Intrusion Prevention components administrators can customize to ensure applications can communicate properly and remain protected
• Local Update Host: This allows a machine to be configured to provide definition and content updates to the computers on the same subnet and location reducing internet bandwidth usage
• A easy to set-up scan schedule 

User Management:

The users tab found in the CMES Portal allows the primary account administrator to manage all other users. Permissions and contact information for new and existing admins can be modified from this tab.

• Add administrators and users who can receive alerts and change settings on the portal
• Create customized alert preferences for each individual administrator based on threats, services, or general alerts

Reporting:

The CMES Portal offers reporting to help keep you informed on the security status of the computers in your environment.

• Available on-demand or can be scheduled and emailed to administrators
• Available in PDF, HTML, and XML formatting
• General reports and Endpoint specific reports are available
  • General Reports:
    • Alert History
    • Security Audit
    • Computer Status Summary
  • Endpoint Protection Reports:
    • Firewall History
    • Risk Detection
    • Security Overview

Subscriptions:

The Subscriptions tab allows you to add more services if you need or to extend the services you already have. It also is where you will download the On-Premise Manager.

• Easily extend or buy more license seats through the CMES Portal
• Download the On-Premise version of Small Business Edition through the portal
• Easily add newly acquired serial numbers with a click of a button

SEP SBE On Premises Features

Features of the On Premises Implementation of SEP SBE

Symantec Endpoint Protection Manager (SEPM):

On Premises implementations of SEP SBE utilize the SEPM, run locally on one of the machines in the environment to distribute definitions, software updates, policies, and provide central management for the security of the environment.

On Premises Reports:

SEP SBE has the ability to offer reporting on a wide range of categories that will keep you informed about the current status of systems in your environment and events that have occurred.

• Audit: Displays information about the policies that clients and locations use currently
• Compliance: Displays information about the compliance status of your network. These reports include information about Enforcer servers, Enforcer clients, Enforcer traffic, and host compliance
• Computer Status: Displays information about the operational status of the computers in your network, such as which computers have security features turned off. These reports include information about versions, the clients that have not checked in to the server, client inventory, and online status
• Network Threat Protection: Displays information about intrusion prevention, attacks on the firewall, and about firewall traffic and packets
• Risk: Displays information about risk events on your management servers and their clients. It includes information about TruScan proactive threat scans
• Scan: Displays information about antivirus and antispyware scan activity
• System: Displays information about event times, event types, sites, domains, servers, and severity levels

Policies:

The SEPM offers separate policies for each security component. These policies offer slightly more options, though most businesses don't change the default settings.

Virus and Spyware Protection Policy

• Customizable schedule so full and active scans can be run at a convenient time
• Allows customization of end user interaction with the scheduled scan
• Download Insight sensitivity can be changed
• Customized scan and Auto-Protect settings for Macs
• Limited ability to disable end-user notifications of threats
• Limited adjustments to email security
• Early Launch Anti-Malware protection for Windows 8 systems
• Customized Mac settings for scan times and Auto-Protect

The Firewall for On Premises implementations of SEP SBE comes with a default policy that offers a great level of protection, while allowing most common types of communication. There are times when rules need to be written so programs can communicate properly, to facilitate this the firewall policy has an easy rule wizard that configures the firewall component to open the ports and communications protocols to meet program needs.

Firewall Policy

• Easy Firewall rule wizard is built into the policy
• Choose between blocking and allowing connections
• A pre-configured list of the most commonly used ports and protocols
• Pre-made rules for a variety of commonly used VPN protocols
• Easily activate/deactivate rules with a simple check box

Network Intrusion Prevention automatically detects and blocks network attacks. Browser Intrusion Prevention automatically detects and blocks browser attacks.

Intrusion Prevention Policy:

• Keeps a log of blocked attacks and threats
• A simple three step wizard assists to create exceptions for any program or system that gets detected by Intrusion Prevention

Exceptions allow SEP SBE to ignore particular files, usually for performance reasons. Many programs, such as SQL, require some exceptions in order to work efficiently with Anti-Virus software.

Exceptions Policy:

• Separate Windows and Mac Exceptions
• Mac file and folder exceptions available
• A variety of different Windows OS exceptions are available including: applications, extensions, file, folder, web domain, and tamper protection

Computer Management:

The computers tab located in the On-Premise Manager is where every computer can be viewed and centrally managed. Some of the features include:

• Customized group creation based on role or location
• Ability to set different policies for each group
• See the current status, definition date and health of every computer
• Update definitions, run scans, and restart individual computers or entire groups remotely
• Search for a specific computer or a group of computers that match a certain requirement
• The ability to determine some basic network information remotely, like the IP address and the logged in user

Administration Section:

The Admin tab is for the primary administrator. The ability to control licensing, server settings, and add/manage additional users is available in this tab.

• Add additional administrator accounts to oversee the manager
• Accounts can be full access or limited to specific abilities
• Adjust the email, proxy, and password settings for the server
• Add/remove and purchase new licenses

SEP Enterprise Features

Features of the Enterprise version of SEP

Unrivaled Security : 

Stops targeted attacks and advanced persistent threats with layered protection at the endpoint.

• Network Threat Protection analyzes incoming data streams and proactively blocks threats
• Insight™ reputation analysis separates files at-risk from safe files for faster more accurate detection
• SONAR™ behavioral analysis monitors application behavior in real-time and stops targeted attacks and zero-day threats
• Strong antivirus, antispyware and firewall protection

Blazing Performance: 

Optimized for strong performance in both physical and virtual environments

• Insight technology only requires scanning of at-risk files, reducing scan time by up to 70%
• Reduced client size with smaller memory footprint for embedded systems or VDI
• Reduced network load with flexibility to control number of network connections and bandwidth

Smarter Management:

Singular management console across physical and virtual platforms with granular policy control.

• Single high performance agent with single management console for Windows, Mac, Linux, virtual machines and embedded systems
• Support for remote deployment and client management for Windows and Mac
• Granular policy control with system lockdown, application and device control and location awareness

Key Benefits:

• Layered protection to keep endpoints safe from mass malware, targeted attacks and advanced persistent threats
• Superior threat protection backed by the world’s largest civilian threat intelligence network
• Performance so fast it won’t impact user productivity
• Ease of use with a single client and management console across both physical and virtual platforms
• Flexibility to adjust polices based on users and location