Symantec today announced the next version of Symantec Endpoint Protection. This release, version 12.1, will ship later this year. You can sign up for the beta at http://go.symantec.com/sep12beta/ .
Long in coming, this release is a major milestone. On the face of it, that statement is odd; after all, SEP is mature product and its feature set hasn't at a fundamental level, changed. It is still offers the critical elements of endpoint security, - malware protection, access control, device control, application control, firewall and IPS. It “kinda, sorta” looks like nothing has changed.
Well, don't believe it. There are countless new features in this release, and in subsequent blog posts I will dive into them. The real change, however, is under the covers and in the test results. SEP 12 is built on a powerful new stack of security technologies – which not only offer state-of-the-art protection, but which also position SEP to continue to provide great protection in a world with hundreds of millions, even billions of unique malicious programs.
Last year, Symantec identified 286 million different pieces of malware. Think about scanning each of the thousands of scanable objects on your computer for any one of 286 million malware signatures. Ok, the problem isn’t really that bad – that 286,000,000 figure represents mostly minor variants of a much smaller number of malware samples. But still, we are talking about over 10 million virus signatures.
Powered by Insight, SEP knows the reputation of up to 70% of the executables on your system – which means it need not scan those files unless they have changed. By reputation, I don’t just mean that we can identify bad files with signatures in the cloud (which, by the way, is the secret sauce behind McAfee’s Artemis/ Global Threat Intelligence technology). Insight does has something unique, well, 2 things. First, for every file we track (over 2.5 billion files), we have a security rating. Second, WE TRACK 2.5 BILLION FILES – 31 MILLION NEW FILES EVERY WEEK. Sorry for shouting, but that is a huge database. It is large enough that we can derive the context and the associations of the file – its "reputation" if you will, with great confidence. We are tracking the presence, age and security rating of nearly every executable on the internet. No-one else can do that. It is not even close.
Insight isn’t the only new security feature in SEP. The other half of the story is Sonar.
Sonar is an AI driven driven technology that tracks file behaviour in real time. Where older generations of heuristic scanners ran on file open/close/modify and on periodic scans, Sonar runs all the time – watching file behaviours and rating them on over 400 attributes.
The other big change in SEP is its enhanced support for virtualization. I look into the new virtualization technology in a later post.
You can see how effective SEP is in latest detection and performance test reports. We have posted them on the SEP Beta page - http://go.symantec.com/sep12beta/ . Take a look.