Symantec Endpoint Protection (SEP) uses the following core features to protect against known and unknown threats.
Symantec Endpoint Protection Symantec Endpoint Protection
For the datasheet on Symantec Endpoint Protection, see: Symantec Endpoint Protection 14
To get complete protection for the computers in your network, enable all protections always.
For more information, see:
What types of attacks do Symantec Endpoint Protection technologies protect against?
Symantec Endpoint Protection
Phase 1: Incursion
During the incursion phase, hackers typically break into the organization's network using target attacks such as social engineering, zero-day vulnerabilities, SQL injection, targeted malware, or other methods.
Symantec Endpoint Protection
Intrusion Prevention/Firewall (Network Threat Protection)
: Analyzes all incoming traffic and outgoing traffic and offers browser protection to block such threats before they can be executed on the computer. The rules-based firewall and browser protection protect against web-based attacks. See:Managing intrusion prevention
Managing firewall protection
Application Control
: Controls the file access and registry access and how processes are allowed to run. See:About application control, system lockdown, and device control
Setting up application control
Device Control
: Restricts the access to select hardware and controls what types of devices can upload or download information. See:Managing device control
Memory Exploit Mitigation
: Neutralizes zero-day exploits like Heap Spray, SEHOP overwrite, and Java exploits in popular software that the vendor has not patched. See:Hardening Windows clients against memory tampering attacks with a Memory Exploit Mitigation policy
Phase 2: Infection
In targeted attacks, hackers typically break into the organization's network using social engineering, zero-day vulnerabilities, SQL injection, targeted malware, or other methods.
Symantec Endpoint Protection
Memory Exploit Mitigation
: Detects malware.File reputation analysis (Insight)
: Based on the artificial intelligence that uses Symantec's global intelligence network. This advanced analysis examines billions of correlated linkages from users, websites, and files to identify and defend against rapidly mutating malware. By analyzing key attributes (such as the origin point of a file download), Symantec can accurately identify whether a file is good or bad and assign a reputation score all before the file arrives on the client computer.See:Managing Download Insight detections
Advanced machine learning
: Analyzes the trillions of examples of the good files and bad files that are contained in a global intelligence network. Advanced machine learning is a signatureless technology that can block new malware variants at the pre-execution. See:How does Symantec Endpoint Protection use advanced machine learning?
High-speed emulation
: Detects hidden malware using polymorphic custom packers. A scanner runs each file in milliseconds in a lightweight virtual machine that causes threats to reveal themselves, improving both the detection rates and performance. See:How does the emulator in Symantec Endpoint Protection detect and clean malware?
Malware Protection
: Uses signature-based antivirus and file heuristics to findand eradicate malware on a system to protect against viruses, worms, Trojans, spyware, bots, adware, and rootkits. See:Managing scans on client computers
About the types of scans and real-time protection
Behavioral Analysis
: Uses machine learning to provide zero-day protection, stopping new and unknown threats by monitoring nearly 1,400 file behaviors while they execute in real time to determine file risk. See:Managing SONAR
Adaptive Protection
:Uses the behavioral analysis engine and global threat telemetry and expertiseto reduce your attack surface by managing potentially risky behaviors that trusted applications perform.See:Blocking Living Off the Land (LOTL) attacks with Adaptive Protection
Phase 3: Infestation and Exfiltration
Data exfiltration is the unauthorized transfer of data from a computer. Once the intruders control these target systems, they may steal intellectual property or other confidential data. Attackers use captured information for analysis and further exploitation or fraud.
Intrusion Prevention/Firewall
: Block threats as they travel through the network.Behavioral Analysis
: Helps stop the spread of infection.
Phase 4: Remediation and Inoculation
Symantec Endpoint Protection
Power Eraser
: An aggressive tool, which can be triggered remotely, to address advanced persistent threats and remedy tenacious malware. See:What you should know before you run Power Eraser from the Symantec Endpoint Protection Manager console
Host Integrity
: Ensures that endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments. Host Integrity then isolates a managed system that does not meet your requirements. See:How Host Integrity works
System Lockdown
: Allowsapplications (that are known to be good) to run, or blocks the applications (known to be bad) from running. In either mode, System Lockdown uses checksum and file location parameters to verify whether an application is approved or unapproved. System Lockdown is useful for kiosks where you want to run a single application only. See:Configuring system lockdown
Cloud Secure Web Gateway Integration
: Uses programmable REST APIs to make integration possible with Secure Web Gateway, to help quickly stop the spread of infection at the client computer.EDR Console Integration
.Symantec Endpoint Protection
is integrated withSymantec EDR
and is designed to detect, respond, and block targeted attacks and advanced persistent threats faster by prioritizing attacks. EDR (Endpoint Detection and Response) capability is built intoSymantec Endpoint Protection
, which makes it unnecessary to deploy other agents. See:Configuring system lockdown
What types of attacks do Symantec Endpoint Protection
The following table displays which types of Symantec Endpoint Protection
Attack | Advanced machine learning | Heuristics | Intrusion Prevention | Network Protection | Policy lockdown |
|---|---|---|---|---|---|
Zero-day | √ | √ | √ | √ | |
Social engineering | √ | √ | √ | √ | √ |
Ransomware | √ | √ | √ | √ | |
Targeted attack | √ | √ | √ | √ | |
Advanced persistent threat | √ | √ | √ | ||
Drive-by download | √ | √ |
What is Symantec Endpoint Protection?
Content feedback and comments
