Symantec's New Single-Agent Security Platform Integrates Deception, Mobile Threat Detection And Much More

Endpoint security technology developer Symantec on Wednesday introduced the integration of its Symantec Endpoint Protection software with some new features and add-ons via a common API. The company said this would broaden its protection capabilities and be significantly easier to deploy.

The new integrated offering, dubbed Endpoint Security for the Cloud Generation, is taking advantage of several recent acquisitions and organic R&D projects to integrate five technologies into a single-agent architecture, said Sri Sundaralingam, head of product marketing of enterprise security products for the Mountain View, Calif.-based security vendor.

Endpoint Security for the Cloud Generation's single-agent integration makes endpoint protection easy to deploy and manage at scale, especially for customers of Symantec Endpoint Security, or SEP, Sundaralingam told CRN.

[Related: Symantec To Boost Mobile Security Capabilities With Plan To Acquire Skycure]

"It uses the same management as SEP," he said. "If a customer already uses SEP, there's no need to deploy and manage the new capabilities separately. Time to market is rapid. There's no need to deploy multiple agents or management consoles. And there's no extra training needed for administrators."

Endpoint Security for the Cloud Generation includes SEP 14.1, an update to version 14.0 introduced last November, Sundaralingam said.

SEP 14.1 includes Intensive Protection, a new capability that takes advantage of machine learning to help prevent what Sundaralingam called "grey area" activities.

"Grey area activities are activities in an application or file behavior which may look weird, but which are legitimate and if turned off could impact productivity," he said. "Intensive Protection allows the customer to 'dial up' the detection threshold and provide additional information to Security Operations Center personnel to respond appropriately to a suspicious application or file behavior. Out of the box, SEP 14.1 includes the best-optimized configuration of Intrusion Protection, but customers can change it."

Endpoint Security for the Cloud Generation also includes deception at scale, an emerging technology more often found in networking security offerings, Sundaralingam said.

"When customers deploy deception with endpoint protection, it includes fake files and registries that attackers will hopefully attack, causing them to think they have control of the environment," he said. "But we are really just delaying them while the SOC (security operations center) looks at the attack, sees what vulnerability is being exploited, and determines the response."

Also included is Endpoint Detection and Response, a new technology based on Symantec's Advanced Threat Protection 3.0. Sundaralingam said that Endpoint Detection and Response sees attacks that get past the deception layer to give security operations centers a chance to respond to advanced threats.

Endpoint Security for the Cloud Generation also includes hardening, which Sundaralingam described as the ability to know which applications are "good apps" and protect them while locking down suspect applications, which may also include applications not approved for use in a business.

For example, Sundaralingam said certain Microsoft applications include macros, which can be very useful to the user but which can also be exploited in security attacks. "We can put the good apps in a 'castle' to closely monitor that certain features and capabilities are not used for an attack," he said.

Also included is Symantec's new SEP Mobile, based on Symantec's July acquisition of Skycure, which offered agent-based security software for iOS and Android devices to protect against malicious apps, unpatched vulnerabilities, and unprotected Wi-Fi networks. The software uses machine learning and behavioral analysis to detect threats and is designed to take action if it detects suspicious activity.

"Our goal with SEP Mobile is to provide the same level of protection for iOS and Android devices as we do for Microsoft and Linux devices," Sundaralingam said. "These mobile devices are more and more facing the same attacks. We want to give customers the ability to protect whatever devices they use, and give the same level of protection 'modern devices' as we give to traditional devices."

Outside of the Endpoint Security for the Cloud Generation, Symantec also introduced a couple other technologies to enhance security.

Both SEP and SEP Mobile are getting integrated network protection thanks to technology coming from Symantec's 2016 acquisition of Blue Coat Systems, which focused on the development of networking and cloud security.

The company also introduced EDR Cloud, also known as Endpoint Detection and Response Cloud. While EDR is integrated with SEP, EDR Cloud brings the same capabilities to non-Symantec users, Sundaralingam said.

Symantec is a channel-led company, with a base of over 300,000 SEP customers worldwide.

"For channel partners, Endpoint Security for the Cloud Generation offers new capabilities that can be deployed with both new and existing customers," Sundaralingam said. "Partners also get service opportunities to bring these new capabilities to their customers."

SEP 14.1 includes the deception at scale capability at no extra charge. Hardening and SEP Mobile are options, as are EDR and EDR Cloud, he said.