About the types of threat protection that Symantec Endpoint Protection provides
|Article:HOWTO55272|||||Created: 2011-06-29|||||Updated: 2011-12-16|||||Article URL http://www.symantec.com/docs/HOWTO55272|
Symantec Endpoint Protection uses state-of-the-art protection to integrate multiple types of protection on each computer in your network. It offers advanced defense against all types of attacks for both physical systems and virtual systems. You need combinations of all the protection technologies to fully protect and customize the security in your environment. Symantec Endpoint Protection combines traditional scanning, behavioral analysis, intrusion prevention, and community intelligence into a superior security system.
Table: Layers of protection describes the types of protection that the product provides and their benefits.
Table: Layers of protection
Virus and Spyware Protection protects computers from viruses and security risks, and in many cases can repair their side effects. The protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans. Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.
Virus and Spyware Protection detects new threats earlier and more accurately using not just signature-based and behavioral-based solutions, but other technologies.
Network Threat Protection
The firewall allows or blocks network traffic based on the various criteria that the administrator sets. If the administrator permits it, end users can also configure firewall policies.
The Intrusion Prevention System (IPS) analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer. Intrusion Prevention also monitors outbound traffic and prevents the spread of worms.
Proactive Threat Protection uses SONAR to protect against zero-day attack vulnerabilities in your network. Zero-day attack vulnerabilities are the new vulnerabilities that are not yet publicly known. Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions. Zero-day attacks may be used in targeted attacks and in the propagation of malicious code. SONAR provides real-time behavioral protection by monitoring processes and threats as they execute.
Application and Device Control monitors and controls the behavior of applications on client computers and manages the hardware devices that access client computers.
See Managing SONAR.
SONAR examines programs as they run, and identifies and stops malicious behavior of new and previously unknown threats. SONAR uses heuristics as well as reputation data to detect emerging and unknown threats.
Application Control controls what applications are allowed to run or access system resources.
Device Control manages the peripheral devices that users can attach to desktop computers.
Figure: An overview of protection layers shows the categories of threats that each type of protection blocks.
Article URL http://www.symantec.com/docs/HOWTO55272