Symantec hardens endpoint security, targeting advanced attacks
New offerings aim to reduce the endpoint attack surface by allowing only known good applications to run
Symantec has added new enhancements to its endpoint security portfolio, including a hardening of its defence capabilities.
Traditional endpoint security is effective at stopping malware, but sophisticated attackers are increasingly taking advantage of the complexity of endpoint environments, exploiting gaps to discover new paths to lucrative targets.
“The diversity and complexity of today’s heterogeneous endpoint environment creates multiple opportunities for cyber-attacks,” said Fernando Montenegro, senior analyst - information security, 451 Research. “The deployment of endpoint security software that brings together not only prevention and EDR, but also hardening technologies to further reduce the attack surface is more important than ever.”
These new offerings will help customers reduce the endpoint attack surface by allowing only known good applications to run, enhancing application discovery and risk assessment, and preventing stealthy attacks, the company said.
Symantec delivers these technologies through a single agent which is managed by an integrated cloud console, lowering deployment and management complexity.
Endpoint security portfolio updates include:
- Symantec Endpoint Application Control which defends against advanced attacks by only allowing known, good applications to run, thus minimising the attack surface. The whitelisting solution includes auto-generation of application-specific rules, application discovery, risk assessment, and continuous tracking of application drift – making it easy to deploy and manage in dynamic endpoint environments.
- Symantec Endpoint Application Isolation enables users to download and use any application safely by ensuring applications are restricted to safe and authorised behavior. Through enhanced visibility and intelligence, suspicious applications can be isolated to prevent any privileged operations that can harm the endpoint. Application isolation will also shield known good applications from tampering to stop attackers from exploiting potential vulnerabilities.
- Symantec Endpoint Cloud Connect Defense leverages a policy-based VPN to defend against risky Wi-Fi and carrier networks. This technology provides an additional layer of protection for Windows 10 devices.
- Symantec Endpoint Threat Defense for Active Directory helps ensure that malicious actors on domain-connected endpoints cannot exploit Active Directory to gain access to critical assets. Threat Defense for AD restricts post-exploit incursions by preventing credential theft and lateral movement with a combination of AI, obfuscation and forensics methodologies to contain these attacks automatically, in real-time. This new product follows the Javelin Networks acquisition.