Hi Moshik -
Endpoint Security 10.x is a relatively new release. The ENS 10.0 release was focused primarily at the Small / Medium Business segment and is available through ePO Cloud. ENS 10.1, the first enterprise focused release is currently in a closed beta test.
I would recommend contacting your Intel Security sales team and working them around gathering more information about ENS 10.1 and potentially POC'ing it in your environment.
I'm also interested in customers having installed version 10.1 in an Enterprise environment.
We have issues with all patches released in 2015 (VSE patch 5 and patch 6, HIPS patch 5 and patch 6) and after a discussion with an engineer I had the feeling that the development teams stopped working on the VSE 8.8 and HIPS 8 versions but are focusing on ENS 10.1.
I'm also still not convinced to go to ENS 10.1 because HIPS is still not integrated completely (only FW is part of ENS 10 and not the most important IPS part).
So please share your experience with ENS 10.1 if rolled-out in an Enterprise environment.
I have rolled out to my company, so far i think its a great product, the performance impact is huge, from boot times, to scanning while idle, there are many great new aspects that are more user friendly.
There moving away from HIPS IPS because TIE provides the same protection in a sense, and the security connected route is where the shift is going, and to be honest if you were using the default HIPS rules, you are not getting much protection or losing it.
Thanks for the feedback and the positive impact you have experienced.
Can you give some indications on the total number of devices you have protected.
I'm also concered about the migration of all the exclusions we have defined over the years. We created very strict policies but the result is that we have a lot of them.
Did you have a similar environment ?
McAfee also states that with ENS 10 exclusions are no longer needed. Is this something you can confirm.
About HIPS I'm not convinced yet that TIE is solving this. We created a lot of own rules and these rules are my main defence at this moment. The default rules in HIPS are good to start but will not catch the nasty stuff.
TIE is still to limited in the number of filetypes it protects so at this moment certainly not a replacement for HIPS.
We also had a lot of issues with the prerequisites for VSE and HIPS. Both patch 5 and 6 are very buggy and prevented us to install TIE.
That is why I'm looking at ENS10 where I hope the integration is more included from design but that leaves me with still the old HIPS aside the new suite where we are concerned about the compatibility between the FW from ENS 10 and the IPS part from HIPS 8.0
If I read between your comment I supose you didn't install HIPS 8 aside ENS10. Is that correct ? Did you test it ?
only in the 50 range now in the testing phase, the migration is extremely easy for VSE, all the policies, exclusions, and assignments migrate seamlessly. We manage more than 15000 endpoints so wider test segments will give me more information, but from what I've seen thus far, the access protection rules have been modified but your custom one's still are migrated as well.
Obviously not the case with HIPS, but like you said you can have them running side by side which I still have on half of my deployment. What happens is that ENS recognizes and disables its firewall, and exploit prevention piece, and lets HIPS stay enabled. Performance of host IPS is not affected from what I've seen.
So they do work concurrently, but obviously every environment is different, and suggest you at least test out, in my case I was having a lot of issues with high CPU usage with windows 10 machines among others. In terms of network usuage, cpu usuage, boot times ENS has boosted all of these from my testing something user friendly in performance and security like this has not been common among their suite of products until now.
We looked at ENS 10 months ago and didn't continue with it so the exect setup is not something I have a lot of experience with. I did already have some discussions with McAfee.
What I remeber is that a lot of the access protection rules are stripped out and are considered to be covered by hips.
Normally user defined rules in access protection was also stripped.
It is good to hear that the migration of the policies and assignments is working properly. In 2014 McAfee stated that they wouldn't create a migration scenario for policies to ENS 10. So they are comming back on the statement that no exclusions are needed in ENS 10 ;-).
It is good to hear that the performance is boosted and I agree with your last line ;-).