Friday, 14 December 2012

System Center 2012 Endpoint Protection Cookbook Review

The publisher of the Service Manager Cookbook that I was a co-author on have a variety of different cookbooks also on the topic of System Center 2012. 
One of these is the cookbook for Endpoint Protection which is a component of the System Center 2012 suite and delivered and managed by System Center 2012 Configuration Manager.

I've never been the fastest of readers and I mentioned a while back I'd post a review on this.

If you’ve had experience in the past with either Forefront Endpoint Protection, Microsoft Security Essentials or the new built in Windows Defender in Windows 8 then you may recognise the interface for SCEP, but instead of it being a standalone product like previous versions, this release is heavily integrated into ConfigMgr.  This provides you a single pane of glass approach to both settings and compliance management and AV/Malware security.


The Book
Author: Andrew Plue
Reviewers: Nicolai Henriksen (SCCM MVP), Matthew Hudson (SCCM MVP) and Stephan Wibier

The book is broken down into the following chapters:
  • Chapter 1 - Getting Started with Client-Side Endpoint Protection Tasks
    Provides a number of recipes for performing tasks at the local client level, such as forcing a definition update or modifying the SCEP client policy.
  • Chapter 2 - Planning and Rolling Installation
    This will walk you through some of the considerations you will need to make before deploying SCEP, as well as showing you how to enable the SCEP role on your SCCM server.
  • Chapter 3 - SCEP Configuration
    This will show you recipes for performing essential tasks, such as configuring SCEP policies and alerts, as well as walking you through the process of setting up SCEP's reporting features.
  • Chapter 4 - Client Deployment Preparation and Deployment
    This includes a number of recipes to assist you with every step of client deployment from preparation to actually deploying the clients.
  • Chapter 5 - Common Tasks
    This covers a number of day-to-day tasks that every SCEP administrator will need to know how to do it correctly in order to keep SCEP healthy and your Endpoints protected from malware.
  • Chapter 6 - Management Tasks
    This covers important high level tasks, such as using policy templates, merging polices, and responding to SCEP alerts.
  • Chapter 7 - Reporting
    This takes a deep dive into the reporting capabilities offered with SCEP. You will be shown how to execute reports, as well as provide access to reports. You will also be shown how to create your own custom reports.
  • Chapter 8 - Troubleshooting
    This provides you with some tools to assist you with the time-consuming effort of troubleshooting an anti-malware product. The recipes in this chapter will help you deal with Definition Update issues, as well as how to approach false positives.
  • Chapter 9 - Building an SCCM 2012 Lab
    This is a great chapter for anyone who has not yet taken the plunge on SCCM 2012. There is just a single recipe in the chapter that will show you the quickest down-and-dirty method for standing up an SCCM 2012 server in a lab environment. This is vital to anyone considering deploying SCEP, because with the total integration of SCEP with SCCM 2012, you can't experience SCEP without an SCCM environment.
Also the Appendix includes some really good info around integrating SCEP with Operations Manager (SCOM) for monitoring, some information around the version of Endpoint Protection used with Intune (Microsoft’s cloud based device management solution) and some deployment checklists which are useful.

While I’ve been using Configuration Manager for years, SCEP has always been something that I’ve only lightly touched on as it’s been something that I would do the initial planning and setup for and then had over to the customers security teams to manage longer term.

Being able to have a complete reference guide to hand that not only validates and refreshes my installation approach but then expands on the longer term configuration and management is great.

For those attempting to put this in from scratch it’s ideal as it can accelerate your deployment and hopefully avoid you making some common mistakes that could be costly in the long run.

Little nuggets throughout such as the MpCmdRun.exe usage for remote/local admin tasks are so cool and open up avenues such as creating ConfigMgr packages to restore files from quarantine quickly in case of mistakenly captured files.

As always, you can order the book in 'dead tree' format from Amazon here or in Kindle format from here.

There’s also the option of purchasing from Packt directly and I’d recommend signing up for their library (free signup) where you can mange/download your purchases in various formats and while you’re there, why not purchase the Service Manager Cookbook too!

No comments: