Enabling the full-protection stack is the first step in defending against web-based attacks, unpatched vulnerabilities, drive-by downloads, mutating malware, and suspicious file behavior. For maximum effectiveness and efficiency, activate Network Threat Protection, the Intrusion Prevention System (IPS), Firewall, Antivirus, Insight and SONAR. Symantec Security Response has recommendations on enabling high-security vs. high performance vs balanced settings in our tech write-up: Security Response recommendations for Symantec Endpoint Protection 12.1 settings
Learn more about Insight
Reduce the possible points of infection by restricting the applications allowed to run, the devices allowed to connect, and the actions a system can perform. Highly-sensitive or single-use endpoints (eg. point-of-sale, ATM or embedded) can significantly reduce the risk exposure by enabling policies that effectively reduce the attack surface. Learn more about running SEP on single-use endpoints.
Read the tech brief: Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of-Sale Devices
Get the most out of your Symantec Endpoint Protection product by improving its default settings. Only a few setting changes can make a big improvement to your security. Protect Against Advanced Persistent Threats: Configuration Guidelines
Attacks have moved to the browser . It’s critical that attackers not be able to use Microsoft® Internet Explorer, or Adobe® Reader/Acrobat/Flash vulnerabilities to get on a system. Use each vendor’s auto update or software distribution tools to install patches as soon as they become available.
The simplest method for distributing malware is hidden inside files being shared on peer-to-peer (P2P) networks. Create and enforce a no-P2P policy, including home usage of a company machine. Enforce the policy at the gateway and, using SEP’s optional Application and Device Control (ADC) component, at the desktop.
Learn more about using Symantec Endpoint Protection’s Application Control to block P2P at the desktop
Stop Conficker/Downadup and other network based worms from jumping from USB keys and network drives without changing company polices on Open Shares. Learn more
Vendors like Microsoft and Apple periodically release hotfixes, service packs and security patches to correct known defects in their operating systems. Many threats function by exploiting known vulnerabilities for which patches are available. Computers with all manufacturer patches applied are invulnerable to these threats.
Protect your machines from attacks hidden in PDF files by hardening Adobe Reader. Learn more about using the enhanced security settings available in Reader.
Worms love to spread via networked drives. Unless there is a strong business requirement, close mapped drives. If possible limit permissions to read-only rather than read-write.
Catching threats before they get to the desktop can be done with effective mail and web security scanning. Check that you have a mail security solution which updates frequently to detect the latest bad sender IPs, spam and malware threats at the mail gateway. Consider implementing a web security solution that will protect your organization against Web 2.0 threats, including malicious URLs and malware.
Antivirus signatures are released multiple times a day and IPS content roughly on a weekly basis or as needed. If possible, take advantage of these updates or at least update machines that are frequently infected.
Administrators sometimes deploy SEP with only the traditional signature-based AntiVirus component. The additional optional components (Network Threat Protection, Intrusion Prevention System, Application and Device Control, Proactive Threat Protection) greatly enhance SEP’s ability to defend against today’s sophisticated threats. SEP 12.1’s Insight technology is particularly effective against the very latest threats for which no AntiVirus signatures yet exist. Unless there is a compelling reason to, each of these additional components should be deployed throughout the organization. For more details, see
How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations.
Symantec Endpoint Protection’s Application and Device Control is a power tool that can be used to stop a specific file, block peer-to-peer (P2P) network use or protect critical files and registry entries.
Most malware attacks use social engineering. Education can be highly effective in stopping them. Your users don’t need to be security experts. Today, just remembering four things can keep them protected.
Symantec provides multiple resources to keep you up-to-date on the latest security threats: knowledge base articles, Security Response blogs, Symantec Connect, and the Internet Security Threat Report.
Featured postings to these sources