Endpoint security technology developer Symantec on Wednesday introduced the integration of its Symantec Endpoint Protection software with some new features and add-ons via a common API. The company said this would broaden its protection capabilities and be significantly easier to deploy.
The new integrated offering, dubbed Endpoint Security for the Cloud Generation, is taking advantage of several recent acquisitions and organic R&D projects to integrate five technologies into a single-agent architecture, said Sri Sundaralingam, head of product marketing of enterprise security products for the Mountain View, Calif.-based security vendor.
Endpoint Security for the Cloud Generation's single-agent integration makes endpoint protection easy to deploy and manage at scale, especially for customers of Symantec Endpoint Security, or SEP, Sundaralingam told CRN.
"It uses the same management as SEP," he said. "If a customer already uses SEP, there's no need to deploy and manage the new capabilities separately. Time to market is rapid. There's no need to deploy multiple agents or management consoles. And there's no extra training needed for administrators."
Endpoint Security for the Cloud Generation includes SEP 14.1, an update to version 14.0 introduced last November, Sundaralingam said.
SEP 14.1 includes Intensive Protection, a new capability that takes advantage of machine learning to help prevent what Sundaralingam called "grey area" activities.
"Grey area activities are activities in an application or file behavior which may look weird, but which are legitimate and if turned off could impact productivity," he said. "Intensive Protection allows the customer to 'dial up' the detection threshold and provide additional information to Security Operations Center personnel to respond appropriately to a suspicious application or file behavior. Out of the box, SEP 14.1 includes the best-optimized configuration of Intrusion Protection, but customers can change it."
Endpoint Security for the Cloud Generation also includes deception at scale, an emerging technology more often found in networking security offerings, Sundaralingam said.
"When customers deploy deception with endpoint protection, it includes fake files and registries that attackers will hopefully attack, causing them to think they have control of the environment," he said. "But we are really just delaying them while the SOC (security operations center) looks at the attack, sees what vulnerability is being exploited, and determines the response."
Also included is Endpoint Detection and Response, a new technology based on Symantec's Advanced Threat Protection 3.0. Sundaralingam said that Endpoint Detection and Response sees attacks that get past the deception layer to give security operations centers a chance to respond to advanced threats.