Symantec Endpoint Security Complete

Proactive endpoint defense with pre-attack surface reduction capabilities based on advanced policy controls and technologies continuously scan for vulnerabilities and misconfigurations across applications, Active Directory, and devices. With attack surface reduction defenses in-place, many attacker tactics and techniques cannot be leveraged on your endpoint estate.

• Vulnerability Remediation enhances your security posture by providing visibility and intelligence into vulnerabilities and their associated risk.

DOWNLOAD THE VULNERABILITY REMEDIATION DATA SHEET >

• Breach Assessment continuously probes Active Directory for domain misconfigurations, vulnerabilities, and persistence using attack simulations to identify risks.
• Device Control specifies block or allow policies on different types of devices that attach to client computers, such as USB, infrared, and FireWire devices.
• App Isolation & App Control allows only known good applications to run, shields known-good applications to prevent attackers from exploiting application vulnerabilities, and isolates unknown apps.

READ THE APP ISOLATION WHITE PAPER >

READ THE APP CONTROL WHITE PAPER >

Multilayer attack prevention immediately and effectively protects against file-based and fileless attack vectors and methods. Machine learning and artificial intelligence use advanced device and cloud-based detection schemes to identify evolving threats across device types, operating systems, and applications. Attacks are blocked in real-time to maintain endpoint integrity and avoid negative impacts.

• Malware Prevention combines signature-based methods (file and website reputation analysis and antivirus scanning) and pre-execution detection and blocking of new and evolving threats (advanced machine learning, sandboxing to detect malware hidden in custom packers, and suspicious file behavioral monitoring and blocking).
• Exploit Prevention blocks memory-based zero-day exploits of vulnerabilities in popular software.
• Intensive Protection enables fine-grained tuning of the level of detection and blocking separately to optimize protection and gain enhanced visibility into suspicious files.
• Network Connection Security identifies rogue Wi-Fi networks and utilizes hotspot reputation technology and delivers a policy-driven VPN to protect network connections and support compliance.

• Intrusion prevention and firewall blocks known network and browser-based malware attacks using rules and policies and prevents command and control setup with automated domain IP address blacklisting.
• Deception uses lures and baits – fake files, credentials, network shares, cache entries and endpoints - to expose, determine attacker intent and tactics, and delay attackers through early visibility.

READ THE DECEPTION WHITE PAPER >

• Active Directory Security defends the primary attack surface for lateral movement and domain admin credential theft by controlling the attacker’s perception of an organization’s Active Directory resources - from the endpoint - using unlimited obfuscation (fake asset and credential creation). With obfuscation, the attacker gives themselves away while interacting with “fake assets” or attempting use of domain admin credentials on Active Directory’s perception.

LEARN MORE ABOUT ACTIVE DIRECTORY SECURITY >

• Auto-managed policies, based on advanced AI and ML, uniquely combines indicators of compromise and historical anomalies to continuously adapt endpoint policy thresholds or rules and keep them up to date and aligned with the current risk profile of your organization.

READ THE AI GUIDE MANAGEMENT WHITE PAPER >

Symantec combines endpoint detection and response (EDR) technologies and unmatched security operations center (SOC) analyst expertise, giving you the tools necessary to quickly close out endpoint incidents and minimize attack impacts.  Integrated EDR capabilities, in a single-agent architecture, precisely detect advanced attacks, provide real-time analytics, and enable you to actively hunt threats and pursue forensic investigations and remediation.

• Targeted Attack Analytics provides precise detections from time tested Targeted Attack Analytics used by Symantec’s 3,000 researchers, based on global activity of the good and the bad, across all enterprises that comprise our telemetry set. Real-time incidents are generated—with a detailed analysis of the attacker, techniques, impacted machines, and remediation guidance.
• Advanced Threat Hunting tools are provided in Symantec EDR including built-in playbooks that encapsulate the best practices of skilled threat hunters, anomaly detection, process memory analysis, risk-scored recording of endpoint activity, and continually updated endpoint behaviors that detect advanced attack techniques.
• Integrated Response takes direct action on the endpoint to remediate – retrieving files, deleting files, isolating endpoints and blacklisting. Symantec EDR supports automatic submission of identified suspicious files to sandboxing for complete malware analysis including exposing malware that is VM-aware.
• Expert SOC Investigator is a 24x7 forensics investigation and threat hunting service that employs Symantec SOC analysts to actively detect stealthy attacks and expertly examine suspicious activity. These analysts use Symantec Endpoint Detection and Response (EDR) coupled with machine learning analytics and Symantec Global Intelligence Network correlation.

LEARN MORE ABOUT EDR >