Symantec Endpoint Detection and Response

Keep attacks from turning into breaches

Detect, isolate, and eliminate intrusions across all endpoints using AI, automated incident generation, and unparalleled threat intelligence.

Register for the Webinar Download the eBook

Stop Attacks from Becoming Breaches

Expose stealthy attacks with cloud-delivered analytics, advanced AI, and anomaly detection.

  • Detect file-less and targeted attacks including PowerShell exploits, lateral movement, command and control activity, and suspected breaches.
  • Enhance visibility and response with continuous and on-demand recording of endpoint activity.
  • Correlate incursions across endpoint, network, and email termination points.
  • Deploy Endpoint Detection and Response (EDR) across Windows, macOS, and Linux devices via the SEP single agent or a dissolvable client.

Read the White Paper

Simplify Investigations and Threat Hunting

Detect and expose attackers in your environment—no new agent required.

  • Detect and expose suspicious activity, and prioritize incidents, using machine learning and behavioral analytics.
  • Identify endpoints that have unusual software, build discrepancies, and unpatched systems.
  • Detect persistent threats with forensic analysis of in-memory processes, files, and OS objects.
  • Collect data directly from endpoints via real-time queries.

Download the Data Sheet

Resolve, Remediate, and Restore Devices in Minutes

Contain and respond to threats with SEP-integrated Endpoint Detection and Response (EDR)

  • Investigate and contain suspicious events using advanced sandboxing, blacklisting, and quarantining.
  • Gain visibility into attack history by continuously recording activity, and retrieving endpoint process dumps.
  • Seal off potentially compromised endpoints during investigation with endpoint isolation.
  • Delete malicious files and associated artifacts on all impacted endpoints.

Read the Report

Automate Detection and Response with Cloud-Based EDR Tools

Quickly detect anomalous software, network, and user activity that standout when attackers operate in your environment.

  • Extensive built-in playbooks automate the skills and best practices of skilled cyber security investigators.
  • Enhance investigator skills with playbook views that illustrate expert hunting and investigation procedures.
  • Transform large amounts of cyber data into actionable results with risk-scored results.
  • Understand the contextual relationship between unrelated data types with visual link analysis.
  • Expose memory-based attacks and conduct forensic investigations.

Free Trial Read the White Paper

Outsource Detection and Response Activities to Symantec Partners

Aggressively hunt threats and respond to incidents.

  • Symantec partner-delivered Managed Detection and Response Services.
  • 24 x 7 incident triage and investigation.
  • Managed threat hunting for small, medium and large enterprises.
  • Executive and detailed reporting including findings and work performed.
  • Deployment, upgrades, maintenance and expert configuration of Symantec EDR.

Integrate with your Current Stack for Less Complexity

Use prebuilt apps for popular SIEM, security orchestration, and ticketing solutions

  • Easily extend ticketing, orchestration, and service automation workflows into existing processes with ServiceNow and Phantom apps.
  • Visualize EDR data alongside other security information using prebuilt SIEM apps for Splunk and IBM QRadar.
  • Use public APIs to smoothly integrate EDR with other security products.

Learn More

Industry Recognition

16 Years Running, a Leader in Gartner Magic Quadrant*
Learn More

Symantec named a market leader in Next-Generation Endpoint Security
Learn More

Symantec is the top leader in Radicati MQ for Advanced Persistent Threat Protection
Learn More

Discover Our Community

View the latest product discussions in our forums.

Learn More

Need help?

Technical support and more.

Learn More

Related Products

Endpoint Protection Versions Supported

  • Symantec Endpoint Protection 14, 14.1
  • Symantec Endpoint Protection 12.1 RU6 MP7
    (Recorder only supported with ATP: Endpoint for SEP 14 and above)

Appliance Specifications

Server Specifications

  8880-30 8840* VMWare ESXi
Form Factor 2U Rack Mount 1U Rack Mount Virtual Machince
CPU 2 x Intel Xeon E5-2697 v4, 2.3 Ghz, 18 Core, 145 W Intel Xeon E3-1270 v5, 3.6 Ghz, 4C/8T, 80W 12 CPUs
Memory 192 GB 32 GB 48 GB
Hard Drive RAID 10. 4 x 300 GB 15K SAS, RAID 10. 4 x 1.8 TB 10K SAS 2 x 1 TB 7.2K RPM NLSAS, 12 Gbps 2.5" (400-ALUN) 500 GB (should be extended for an additional 1 TB to support Endpoint Activity Recording)
Network Interface Card 4 x 1 Gigabit Ethernet Ports, 4 x 10 Gigabit Ethernet Ports with Bypass 2 x 1 Gigabit Ethernet Ports, 2 x 10 Gigabit Ethernet Ports with Bypass 2 x 1 Gigabit Ethernet Ports
Power Supply 2 x 750W Redundant Power Supply 2 x 350W Redundant Power Supply n/a

Cloud Based Endpoint Detection and Response Requirements

Browser UI Requirements

  • Version 2.9 depends on Silverlight and requires Microsoft Internet Explorer 11 or later
  • Version 3.0 also supports Mozilla Firefox 26 or later and Google Chrome 32 or later

Collection Server Requirements (Data Vault)

  • Windows 7 through Windows server 2016
  • Virtual support for VMware, HyperV

Endpoint Requirements

  • Windows XP and higher
  • macOS High Sierra, Sierra, El Capitan, Yosemite
  • Redhat Linux 7.0 and higher, 32 and 64-bit versions
  • CentOS, Mint, Cinnamon, 32 and 64-bit versions

Download the Data Sheet

Buy Via Partner Buy Via Partner Free Trial