Network security

Symantec: Endpoint Protection [product overview]

Graeme Messina
October 31, 2018 by
Graeme Messina

Introduction

Symantec Endpoint Protection is an award-winning platform that allows organizations to lock down the security of their networks on user-based equipment such as laptops and desktop systems. These endpoints are the most vulnerable section of a network, so having a security solution that protects both users and infrastructure is critical.

At this point you are probably wondering how Symantec Endpoint Protection helps to protect you from malware and virus attacks, so we’ll look at some features and give you a quick overview.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Symantec Endpoint Protection helps to defend against ransomware and other up-and-coming threats by providing a multilayered protection system. It integrates machine learning, behavior analysis and intrusion detection to create a well-rounded endpoint protection system. These combined elements give you increased vision on your network, especially where suspicious files are concerned.

A tunable protection slider helps you to make policy changes on the fly from one control point, which speeds up threat response times for you and your users. Symantec Endpoint Protection also uses advanced deception techniques to help fool hidden attackers into revealing themselves, allowing you to take immediate action to mitigate the damage that they could potentially cause.

Other features that are available include vulnerability protection for commonly exploited applications, an integrated EDR for incident investigation, as well as a response leveraging system. All of this is capped off with open APIs that allows you to integrate Symantec Endpoint Protection with your pre-existing IT infrastructure, which enables automation processes and wider system orchestration.

All of this is accomplished via Symantec Endpoint’s Multi-layered Prevention System, which includes:

  • Network and Firewall Prevention
  • Memory Exploit Mitigation
  • Reputation Analysis
  • Advanced Machine Learning
  • Emulator
  • Antivirus
  • Behavior Monitoring
  • Application and Device Control.

Key Features

Let’s take a few moments to elaborate a little on each of the above points and explore what each feature does.

Network and Firewall Prevention: These are features that allow the application to block malware before it gets a chance to infiltrate your computer system and spread across the network.

Memory Exploit Mitigation: This lets your computer system block zero-day exploits that are found in some of the most popular software applications, providing you with blanket protection from hidden threats.

Reputation Analysis: This system takes the collective knowledge of the Symantec community and ranks the threat in accordance with the combined reputational assessment of the collective. This means that the more badly-rated a threat is, the more restricted it will be.

Advanced Machine Learning: One of the great benefits of using machine learning as part of the platform is its ability to find and notify users of pre-execution threats. This allows massive amounts of data to be sifted through intelligently and stops malware before it becomes a problem.

Emulator: A virtual machine uses custom packers to detect malware that is hidden away, meaning that a native OS doesn’t need to be infected before it is detected by the endpoint.

Antivirus: This element scans, cleans and removes malware and viruses as they are detected within a system, something that Symantec has been doing for a very long time.

Behavior Monitoring: This monitors and blocks files that are acting suspiciously on a computer system, minimizing the chances of infection on a computer that is running Symantec Endpoint Protection.

Application and Device Control: This lets users control access to files, the Windows registry and devices on a system, and can blacklist or whitelist specific actions accordingly.

SecurityIQ Awareness Education

Symantec Endpoint Protection also integrates with InfoSec’s very own, on-demand training solution, SecurityIQ. This is an innovative product that alerts users to potential training that is linked to the current threat that Symantec Endpoint Protection has detected. This event-driven solution takes a micro-learning approach to cybersecurity and creates bite-sized training for your users when they need it the most, and with the most relevant training materials available.

The REST API is used to communicate between SecurityIQ and Symantec Endpoint Protection and is quick and easy to implement. For those interested in trying out this unique training tool, you can register for a live demo here

Conclusion

Symantec Endpoint Protection is a combination of multiple different technologies that work together to keep computer systems safe and secure on networks and the Internet. When you consider how many services run in the background, the Symantec Endpoint Protection agent is surprisingly lightweight and responsive, giving users access to all of the features that make this such a formidable defense against malware, viruses, hackers, Trojans and more.

If you then integrate Symantec Endpoint Protection with SecurityIQ, InfoSec’s very own critical reinforcement tool, you have a secure environment with on-demand training that helps to train your users and shape behavior, which is your company’s first and greatest line of defense.

 

Sources

SecurityIQ by InfoSec Institute Integrates with Symantec Endpoint Protection, Marketwatch

SecurityIQ Overview, InfoSec Institute

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Symantec Endpoint Protection 14, Symantec

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.