Content

Symantec Symantec Endpoint Protection 14.2

Symantec Endpoint Protection is designed to stop threats with multilayered protection, regardless of the chosen attack vector. It integrates with existing infrastructure through a single, lightweight agent that offers high performance without compromising productivity. While Symantec has a cloud-managed solution, we spent time looking at their on-premises version.

The solution provides a variety of security protection measures that leverage advanced machine learning, including memory exploit mitigation, reputation analysis, deception, intrusion prevention, application and device controls, and more. It also incorporates full endpoint capture IOC hunting threat attribution, and file detonation of files by leveraging sandbox technology.

Four pillars of security breakdown this product into: deepest protection to defend against all attack vectors and methods, broadest coverage to protect all endpoints, modern management to extend security with modern management and an integrated architecture to achieve superior operational efficiencies.

Application isolation prevents the exploitation of vulnerabilities, including zero-day attacks. The advanced application control bolsters this protection by minimizing the attack surface and using application whitelisting. Advanced application control functionalities include smart auto-generation of application execution rules, comprehensive application discovery and risk assessment and the continuous tracking of application drift.

The product design is structured around delivering visibility and control to give analysts the tools they need to protect enterprises from sophisticated threats. A task-oriented approach increases the productivity of administrators by providing designated workflows to simplify every job. Organizations can set a large number of policies and further customize them for a truly flexible product and tailored granularity.

Installation and setup would greatly benefit from more explicit documentation. Please note, we were not provided with a Linux installer, so that has been excluded from this review.

The on-premises dashboard differs from the cloud-based option, also not included in this review, and functions sufficiently but could benefit from an aesthetic redesign for a more intuitive experience. The interface felt a little clunky, and we believe some minor changes could be made for a better user experience.

After putting it through our testing, all the expected detections populated. We were pleased to see this product efficiently block malicious processes, but would have liked to see more information about events following detection.

 Tested by Tom Weil

Product title
Symantec Symantec Endpoint Protection 14.2

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds