Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Insight™ and SONAR

Created: 15 Oct 2013 • Updated: 18 Oct 2013 | 2 comments
Language Translations
Mithun Sanghavi's picture
+9 9 Votes
Login to vote

What Is Symantec Insight™ and SONAR

Symantec Insight™ is a cloud-based security technology that identifies new, mutating threats as soon as they are created. It uses the file’s age, frequency, location, and anonymous telemetry data to look for rapidly changing encryption and mutating codes. Insight is able to detect threats rapidly and accurately.

Symantec Online Network for Advanced Response (SONAR) proactively detects new threats based on their behaviors. Enhancing detection for zero-day threats, it complements Insight by working together to monitor and stop previously unknown malware.

Symantec Insight™ and SONAR offer an intelligent and innovative security approach that can detect malware as soon as it appears. Powering Symantec Endpoint Protection 12, these technologies create the fastest and most effective endpoint protection security solution – built for both physical and virtual environments – to stop malware from compromising your network.

Why signature-based security is not enough for today’s organizations

Mutating malware

Due to vast improvements in technology and greater access to malware toolkits, malware is mutating rapidly, finding new ways to encroach on organizations’ security. Signature-based antivirus solutions are only as effective as their latest signature definitions. Hence organizations require a solution that can detect and block new malware almost as soon as it is created, based on age, security rating, and how they can be associated with threats.

Mutating malware

Due to vast improvements in technology and greater access to malware toolkits, malware is mutating rapidly, finding new ways to encroach on organizations’ security. Signature-based antivirus solutions are only as effective as their latest signature definitions. Hence organizations require a solution that can detect and block new malware almost as soon as it is created, based on age, security rating, and how they can be associated with threats.

  •  Distribution via social engineering: They induce unsuspecting employees to download or open links that appear to be from trusted partners or colleagues
  • Customized attacks: They exploit security loopholes and tailor their tools, such as zero-day vulnerability exploits, viruses, worms and rootkits
  • Long-term campaigns: They avoid detection by attacking slowly over long periods of time, remaining undetected as they continue towards their objective 
  • Focused and targeted: They’re aimed at organizations with valuable technology or intellectual property, targeting distinct individual systems instead of the “spray and pray” methods of phishing scams 
  • Higher aspirations: APT attackers are often well-funded, analyzing information to look for greater opportunities instead of simply selling that information quickly.
 
Check this Factsheet (as attached) on Symantec Insight™ and SONAR for more..

Comments 2 CommentsJump to latest comment

Mick2009's picture

If SEP 12.1 is already deployed without these optional Insight and SONAR components, it is still possible to add them and enhance your organization's security.

How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations
http://www.symantec.com/docs/TECH90936

 

Additional information may be found in:

Symantec Endpoint Protection – Best Practices
http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

 

With thanks and best regards,

Mick

0
Login to vote
Mick2009's picture

Anoterh good link- Symantec's microsite and its video provide an excellent introduction: Insight / Reputation-Based Security. 

With thanks and best regards,

Mick

0
Login to vote