Given the amount of malware that seems to be getting by cybersecurity defenses, there’s naturally a lot of frustration these days when it comes to IT security. In fact, some have even argued that trying to defend endpoints and network perimeters has become impossible.
Symantec today moved to counter that argument via an update to Symantec Endpoint Protection (SEP) software that adds capabilities such as deception technology, mobile threat defense, endpoint detection and response (EDR), hardening and machine learning algorithms to better defend endpoints.
Sri Sundaralingam, head of product marketing for enterprise security products for Symantec, says the 14.1 release of SEP makes use of lighter weight agent software to enable Symantec to deliver a more robust set of cybersecurity defenses to the endpoint without increasing the total amount of processing horsepower needed to be devoted to security software.
Sundaralingam says that as the first line of defense, endpoint security is more relevant than ever because attacks such as ransomware typically target endpoint vulnerabilities. To combat those threats more effectively, Symantec is now making greater use of technologies that don’t depend on signatures to identify attacks, including end-user behavior analytics and machine learning algorithms, says Sundaralingam.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Other significant new capabilities, adds Sundaralingam, include deception technology that creates a “false” environment for cybercriminals to penetrate. Once the attack on that environment commences, IT security professionals can then analyze that attack to put countermeasures in place before other endpoints are compromised, says Sundaralingam. To facilitate that process, Symantec is now also providing EDR playbooks that can be employed to investigate incidents using known best practices, says Sundaralingam.
Symantec with this release is also adding mobile security technology based on software is gained via the acquisition of Skycure last summer. Finally, SEP 14.1 also provides hardening capabilities designed to isolate anomalies that are indicative of a zero-day attack.
Collectively, Sundaralingam says, all these capabilities also reduce the amount of security software IT organizations need to deploy on the endpoint, thereby reducing the total cost of IT security at a time when many organizations are complaining about the percentage of the overall IT budget that needs to be devoted to IT security.
“It creates an opportunity to consolidate vendors,” says Sundaralingam.
Sundaralingam says Symantec continues to work on integrating its endpoint software with the network perimeter security software it gained with the acquisition of Blue Coat last year. In the meantime, IT organizations should remember that every cybersecurity threat countered at the endpoint is one less potential issue that will need to be resolved at the network perimeter or, worse yet, inside the data center.