Symantec Endpoint Protection Overview
Symantec Endpoint Protection, developed by Broadcom Inc., is a comprehensive security software suite designed to protect laptops, desktops, servers, and other endpoints from a wide range of threats. This solution integrates multiple layers of defense to safeguard networks against known and unknown threats, ensuring robust security across the entire attack chain.
What it Does
Symantec Endpoint Protection is a client-server solution that combines traditional virus protection with advanced threat protection mechanisms. It proactively secures client computers against various types of malware, including viruses, worms, Trojan horses, adware, rootkits, zero-day attacks, and mutating spyware. The software is engineered to protect networks before, during, and after an attack, reducing the risk of exposure and enhancing the overall security posture of the organization.
Key Features and Functionality
Layered Defense Approach
Symantec Endpoint Protection employs a holistic security approach that covers multiple stages of the attack chain: incursion, infection, infestation and exfiltration, and remediation and inoculation. Here are some key components of this approach:
- Web and Cloud Access Protection: Controls network traffic over all ports and protocols, ensuring secure internet access regardless of the user’s location.
Threat Detection and Prevention
- Intrusion Prevention/Firewall: Blocks threats as they travel through the network, preventing command and control setup and known network and browser-based malware attacks.
- Behavioral Analysis: Helps stop the spread of infection by analyzing and responding to suspicious behavior.
- Exploit Prevention: Uses machine learning and other technologies to prevent exploits and malware attacks.
Control and Management
- Device Control: Manages and controls the use of devices such as USB drives to prevent unauthorized data transfer.
- Application Control: Allows administrators to control which applications can run on the network, reducing the risk of malicious software execution.
- Host Integrity: Ensures that endpoints comply with predefined security policies and configurations.
Advanced Security Mechanisms
- Endpoint Detection and Response (EDR): Integrated EDR capabilities enable the detection, response, and blocking of targeted attacks and advanced persistent threats without the need for additional agents.
- Deception: Uses lures and baits (such as fake files, credentials, and network shares) to expose and delay attackers, providing early visibility into malicious activities.
- Active Directory Security: Defends against lateral movement and domain admin credential theft by controlling the attacker’s perception of an organization’s Active Directory resources.
Centralized Management
- Centralized Management Console: Provides a single console for managing all endpoint security, offering real-time threat visibility and flexible deployment options (on-premises, cloud-managed, and hybrid models).
Intelligence and Analytics
- Global Intelligence Network (GIN): Leverages one of the world’s largest civilian cyber intelligence networks to deliver real-time threat information, threat analytics, and comprehensive threat blocking data.
- Machine Learning and AI: Utilizes machine learning and artificial intelligence to optimize security decisions, automate security configuration, and provide adaptive protection tailored to the organization’s specific needs.
Additional Protections
- Antivirus and Antispyware: Protects against traditional malware threats.
- Web Security and Email Security: Safeguards against web-based and email-borne threats.
- Data Loss Prevention: Helps prevent sensitive data from being leaked or stolen.
- Sandboxing and File Reputation Analysis: Analyzes files in a sandbox environment to determine their safety and reputation.
Symantec Endpoint Protection is designed to provide low maintenance and high-powered security, making it an efficient and effective solution for protecting endpoints in various environments, including laptops, desktops, tablets, mobile devices, and servers.