Data Sheet: Endpoint Security
Last year, we saw 317 million new malware variants, while targeted attacks and zero-day threats were at an all-time high. The threat environment is evolving quickly and given the size and complexity of today's networks, organizations are struggling to keep up. Symantec™ Endpoint Protection is designed to address these challenges with a layered approach to security at the endpoint. It goes beyond traditional antivirus to include firewall, Intrusion Prevention System (IPS) and advanced protection technologies powered by the world’s largest civilian threat intelligence network. Symantec Insight™ technology blocks rapidly-mutating malware and enables faster scan times, while SONAR™ stops zero-day threats by monitoring file behavior and blocking suspicious files while they execute. Granular policy settings such as application control and external media control provide an added layer of security. With a single management console and high-powered agent, Symantec Endpoint Protection delivers powerful protection at the endpoint without compromising performance.
Stops targeted attacks and advanced persistent threats with intelligent security and layered protection
Performance so fast your users won't know it is there
Single management console across physical and virtual platforms with granular policy control
Symantec™ Endpoint Protection 12.1.6 provides five layers of protection in one high performance agent all managed through a single console.
NETWORK | FILE | REPUTATION | BEHAVIOR | REPAIR |
FIREWALL AND INTRUSION PREVENTION |
ANTIVIRUS | INSIGHT | SONAR | POWER ERASER |
1) Network: Symantec’s network threat protection technology analyzes incoming data and blocks threats while they travel through the network before hitting endpoints. Rules-based firewall and browser protection are also included to protect against web-based attacks.
2) File: Signature-based antivirus and advanced file heuristics look for and eradicate malware on a system to protect against viruses, worms, Trojans, spyware, bots, adware, and rootkits.
3) Reputation: Symantec’s unique Insight™ correlates tens of billions of linkages between users, files, and websites to detect rapidly mutating threats. By analyzing key file attributes, Insight™ can accurately identify whether a file is good or bad and assign a reputation score, effectively protecting against targeted attacks while reducing scan overhead by up to 70 percent.
4) Behavior: SONAR™ leverages artificial intelligence to provide zero-day protection. It effectively stops new and unknown threats by monitoring nearly 1,400 file behaviors while they execute in real-time to determine file risk.
5) Repair: Power Eraser™ aggressively scans infected endpoints to locate advanced persistent threats and remove tenacious malware. Remote support enables the administrator to trigger the Power Eraser scan and remedy the infection remotely from the Symantec™ Endpoint Protection management console.
In addition to core protection technologies, Symantec™ Endpoint Protection 12.1.6 also provides granular policy controls, including:
1) Application Control: Allows you to control file and registry access and how processes are allowed to run. It also includes advanced system lockdown features, only allowing whitelisted applications (known to be good) to run, or blocking blacklisted applications (known to be bad) from running.
2) External Media Control: Allows you to restrict access to select hardware and control what types of devices can upload or download information. External media control can be combined with application control to offer more flexible control policies.
3) Host Integrity Checking & Policy Enforcement: Ensures endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments with the ability to isolate a managed system that does not meet your requirements.
Symantec™ Endpoint Protection protects your high-density virtual environment while maintaining performance levels superior to agentless solutions and providing end-to-end security visibility.
1) VMware vShield™ Integration: Allows higher virtual machine (VM) density and reduces I/O and CPU usage.
2) Virtual Image Exception: Whitelists files from a standard virtual machine image to optimize scanning.
3) Resource Leveling: Randomizes scan and update schedules to prevent resource utilization spikes.
4) Shared Insight™ Cache: Scans files once, shares the results between clients, and de-duplicates file scanning to reduce bandwidth and latency.
5) Virtual Client Tagging: Automatically detects and reports whether the client is running in a virtual environment, making it easier to set different policies for virtual machines.
6) Offline Image Scanning: Finds threats in offline VM images.
7) Scan Throttling for Virtualization: Detects disk load and reduces scan speed to prevent utilization spikes.