Can EDR be integrated with a Cloud + On-premises (Hybrid) SEPM policy?
Article ID: 224597
Updated On:
Products
Endpoint Security Complete
Endpoint Protection
Endpoint Detection and Response
Issue/Introduction
You have successfully integrated the SEPM in the SES console and the SEPM is configured in a hybrid-managed mode.
Environment
For a successful hybrid deployment, SEPM and the agents must be version 14.3 RU1 or later.
Cause
A Symantec Endpoint Protection Manager has been integrated with the SESC cloud console in hybrid-managed mode. The following conditions are also present:
- The hybrid-managed SEPM and all of its groups are listed and viewable in the cloud console under Devices > Device Groups > Group Hierarchy
- In policies under the Detection and Response policy (either the default or a customized copy) you are able to apply the policy to the Device Groups for the hybrid-managed SEPM
- Under Devices > Managed Devices > the Devices Filter list shows that no endpoints have Detection and Response enabled in the SEPM groups. They only show that the devices are disabled
Example:
Resolution
When choosing between a on-premise, fully cloud managed, and a hybrid-managed configuration please note the following:
- The Symantec Endpoint Protection Manager controls more options on the client
- The cloud-managed client provides fewer options. However, Symantec adds new features in Symantec Endpoint Security in monthly refreshes
- Hybrid-managed SEPMS DO NOT have the ability to utilize the the Detection and Response policy in their groups
- If the application of the Detection and Response policy is required in your SEPM's environment:
- An on-premise EDR appliance must be integrated with the SEPM OR,
- The SEPM managed endpoints must be migrated to the SES cloud console so they are fully cloud managed agents
- If the application of the Detection and Response policy is required in your SEPM's environment:
Feedback
Yes
No
Powered by
