Symantec Endpoint Protection
The Most Complete Endpoint Security Solution for the Cloud Generation

Features & Benefits:

Protect endpoints from all attack vectors at industry leading efficacy with a single agent architecture

• Defend against ransomware and other emerging threats with multilayered protection that fuses signatureless technologies like advanced machine learning, behavior analysis and exploit prevention with proven protection capabilities like intrusion prevention, reputation analysis and more
• Gain enhanced visibility into suspicious files via tunable protection to make better policy decisions
• Use deception techniques to expose hidden adversaries and determine their intent to improve security posture
• Shield commonly used applications against vulnerability exploits and isolate suspicious applications from malicious activity

Realize integrated cyber defense at scale

• Detect threats anywhere and respond with SEP by integrating with network security infrastructure such as web and email gateways
• Integrate with EDR for incident investigation and response leveraging the same SEP agent
• Integrate with existing IT infrastructure for automation and orchestration with open-APIs

Enable business with a high-performance, lightweight solution

• Optimize content update frequency for endpoints with network bandwidth constraints without compromising security efficacy
• Boost performance with a lightweight agent and virus definition sets that require minimal network bandwidth usage (70% less compared to SEP12)
• Speed detection with advanced design techniques and patented real-time cloud lookup that delivers faster scanning times (15% faster compared to SEP12)

Additional Features:

Protect Endpoints from all Attack Vectors at Industry Leading Efficacy with a Single Agent Architecture

PREVENTION

SEP protects endpoints regardless of where attackers strike on the attack chain as show in Figure 3. SEP’s security efficacy leads the industry as validated by third parties. This level of prevention is only possible with a combination of core technologies and new, leading-edge technologies.

Figure 3.

SIGNATURELESS TECHNOLOGIES

• Advanced Machine Language (AML) – detects new and evolving threats, pre-execution.
• Memory Exploit Mitigation – blocks zero-day exploits against vulnerabilities in popular software.
• Behavior Monitoring – monitors and blocks file that exhibit suspicious behaviors.

ADVANCED CAPABILITIES

• Global Intelligence Network (GIN) – the world’s largest civilian threat intelligence network informed by 175 million endpoints and 57 million attacks sensors across 157 countries. The data collected is analyzed by more than a thousand highly skilled threat researchers to provide unique visibility and cutting edge security innovations against threats.
• Reputation Analysis – determines safety of files and websites using artificial intelligence techniques in the cloud and powered by the GIN.
• Emulator – Uses a lite-sandbox to detect polymorphic malware hidden by custom packers.
• Intelligent Threat Cloud’s rapid scan capabilities using advanced techniques such as pipelining, trust propagation, and batched queries has made it unnecessary to download all signature definitions to the endpoint to maintain a high level of effectiveness. Therefore, only the newest threat information is downloaded, reducing the size of signature definition files by up to 70%, which in turn reduces bandwidth usage.
• Secure Web Gateway Integration – New programmable REST APIs make integration possible with existing security infrastructure including Secure Web Gateway, orchestrating a response at the endpoint to quickly stop the spread of infection.

CORE CAPABILITIES

DETECTION AND RESPONSE (EDR)

Symantec Advanced Threat Protection: Endpoint provides incident investigation and response utilizing the integrated EDR capabilities in SEP. It can be deployed within an hour to expose advanced attacks with precision machine learning, behavioral analytics and threat intelligence minimizing false positives and helps ensure high levels of productivity for security teams. Symantec’s EDR capabilities allow incident responders to quickly search, identify and contain all impacted endpoints while investigating threats using on-premises and cloud-based sandboxing. In addition, continuous recording of system activity supports full endpoint visibility and real-time queries.

Symantec EDR:

• Detects and Exposes – Reduce time to breach discovery and quickly expose scope.
• Investigates and Contains – Increase incident responder productivity and ensure threat containment.
• Resolves – Rapidly fix endpoints and ensure threat does not return.
• Enhances Security Investments – Pre-built integrations and public API’s.

DECEPTION

SEP Deception¹ plants deceptors (i.e. baits) to expose hidden adversaries and reveal attacker intent and tactics via early visibility, so that the information can be used to enhance security posture. SEP Deception features accurate and insightful detection while delivering fast time to value. Joint Symantec Endpoint Protection and Symantec Managed Security Services customers benefit from 24x7 real-time SEP Deception monitoring and response by a global team of experts. Symantec is the only endpoint protection platform vendor offering deception.

SEP Deception:

• Uses lures and baits for proactive security to expose and delay attackers.
• Determines attacker intent to improve security posture.
• Delivers deception at scale to simplify deployment and management.

ADAPTATION

SEP Hardening is a cloud delivered advanced application defense solution that provides comprehensive protection for applications by isolating suspicious apps and shielding trusted ones. Unlike point products from other application isolation vendors, SEP Hardening, in combination with SEP, delivers unprecedented efficacy against malware and suspicious applications. In addition, SEP Hardening maintains high employee productivity by fully supporting standard employee workflows.

SEP Hardening:

• Comprehensive application security by minimizing the attack surface.
• Unprecedented visibility by discovering and categorizing all endpoint applications.
• Fastest speed to value by leveraging SEP’s single agent architecture.

Figure 5. How SEP Deception works?

Enable Business with a High-performance, Lightweight Solution

Large and/or frequent content updates take up bandwidth, reduce endpoint performance, and compromise productivity. Optimizing content updates and delivering better detection of threats is a win-win. These capabilities reduce the IT team’s burden for scheduling frequent security updates. And end users do not have the hassle of security updates impacting productivity.

SEP 14 delivers better protection with better performance and lower bandwidth requirements. Symantec consistently scores at the top in 3rd party performance tests including Passmark Software’s Enterprise Endpoint Security Performance Benchmark tests for Windows 7 and Windows 10.

Significant performance increases within SEP include:

• Reducing content update sizes by 70%²
• Delivering 15% faster detection scan times²

Compared to emerging vendors, SEP offers less endpoint complexity by bundling multiple capabilities in a single, lightweight agent. Attempting to match Symantec endpoint security capabilities would require multiple emerging vendors, multiple solutions, and certainly multiple agents.

¹ Consulting services are required to configure and deploy the SEP Deception feature. ² Gains from SEP 12 to SEP 14.

System Requirements:

Client Workstation and Server System Requirements

Manager System Requirements

SEP Hardening Supports the Following Operating Systems:

Documentation:

Download the Symantec Endpoint Protection 14 Datasheet (PDF).