Symantec Endpoint Security Overview
Symantec Endpoint Security, now part of Broadcom’s cybersecurity portfolio, is a comprehensive solution designed to protect endpoints, including laptops, desktops, tablets, mobile devices, and servers, from a wide range of cyber threats. This solution is engineered to provide unified, cloud-based management, simplifying the process of protecting, detecting, and responding to advanced threats.
Key Features and Functionality
Unified Protection
- Single Agent: Symantec Endpoint Security uses a single agent to manage multiple security functions, including attack surface reduction, attack prevention, breach prevention, and Endpoint Detection and Response (EDR). This agent supports all major operating systems, including Windows, Mac, Linux, Windows S Mode, Android, and iOS.
Attack Surface Reduction
- Device Control: Restricts access to hardware devices such as USB, infrared, and FireWire devices to prevent unauthorized data transfer and reduce the risk of threats.
- Application Control: Assesses the risk of applications and allows only known good applications to run, thereby reducing the attack surface.
- Breach Assessment: Continuously probes Active Directory for domain misconfigurations, vulnerabilities, and persistence using attack simulations to identify and mitigate risks.
Attack Prevention
- Intrusion Prevention/Firewall: Analyzes incoming and outgoing traffic to block web-based attacks and protect against network threats. This includes browser protection and rules-based firewall capabilities.
- Memory Exploit Mitigation: Neutralizes zero-day exploits in popular software, protecting against memory-based attacks such as Heap Spray and SEHOP overwrite.
- Malware Prevention: Combines pre-execution detection, sandboxing, and signature-based methods to block new and evolving threats. This includes advanced machine learning, file reputation analysis, and behavioral monitoring.
Detection and Response
- Endpoint Detection and Response (EDR): Provides sophisticated attack analytics, behavior forensics, automated investigation playbooks, and proactive threat hunting to contain and resolve persistent threats in real time.
- Behavioral Analysis (SONAR): Monitors file behaviors in real time to determine file risk and stop new and unknown threats.
- High-Speed Emulation: Detects hidden malware using a lightweight virtual machine, improving detection rates and performance.
Advanced Technologies
- Artificial Intelligence (AI) and Machine Learning: Uses AI-guided security management and advanced machine learning to analyze trillions of examples of good and bad files, blocking new malware variants at pre-execution.
- Global Intelligence Network (GIN): Leverages one of the world’s largest civilian cyber intelligence networks to deliver real-time threat information, threat analytics, and comprehensive threat blocking data.
Management and Integration
- Single Console: Offers real-time threat visibility and a unified management interface for all endpoint security functions, supporting on-premises, cloud-managed, and hybrid deployment models.
- Integration with Third-Party Applications: Integrates with Microsoft Graph, Open C2, and other Symantec solutions through Symantec ICDx, enhancing the overall security posture.
Additional Protections
- Network Connection Security: Identifies rogue Wi-Fi networks, utilizes hotspot reputation technology, and delivers a policy-driven VPN to protect network connections and support compliance.
- Active Directory Security: Provides defense against Active Directory attacks and misconfigurations, ensuring the integrity of the directory services.
Symantec Endpoint Security is designed to provide a holistic security approach, protecting the entire attack chain from incursion to remediation and inoculation. This comprehensive solution ensures that endpoints are protected against known and unknown threats, maintaining the integrity and security of the network.