Symantec Endpoint Protection (SEP) delivers superior, multilayer protection to stop threats regardless of how they attack your endpoints. SEP integrates with your existing security infrastructure to provide orchestrated responses that address threats quickly. The single, lightweight SEP agent offers high performance without compromising productivity, so that you can focus on your business.
- Antivirus – Scans for and eradicates malware that arrives on a system.
- Firewall and intrusion prevention – Blocks malware before it spreads to the machine and controls traffic.
- Application and device control – Controls file, registry, and device access and behavior; also offers whitelisting and blacklisting.
- Power Eraser – An aggressive tool, which can be triggered remotely, to address advanced persistent threats and remedy tenacious malware.
- Host integrity – Ensures endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments; it can also isolate a managed system that does not meet your requirements.
- System lockdown – Allows whitelisted applications (known to be good) to run or blocks blacklisted applications (known to be bad) from running.
- Global Intelligence Network (GIN) – The world’s largest civilian threat intelligence network collects data from millions of attack sensors; that data is analyzed by more than a thousand highly skilled threat researchers to provide unique visibility into threats.
- Reputation Analysis – Determines safety of files and websites using artificial intelligence techniques in the cloud and powered by the GIN.
- Emulator – Uses a lightweight sandbox to detect polymorphic malware hidden by custom packers.
- Intelligent threat cloud – Rapid scan capabilities using advanced techniques such as pipelining, trust propagation, and batched queries has made it unnecessary to download all signature definitions to the endpoint to maintain a high level of effectiveness. Only the newest threat information is downloaded, reducing the size of signature definition files by up to 70 percent, which in turn reduces bandwidth usage.
- Roaming client visibility – Receives critical events from clients that are off the corporate network.
- Suspicious file detection – Enables IT security teams to tune the level of detection and blocking separately to optimize protection and gain enhanced visibility into suspicious files for each customer environment.
Endpoint Detection and Response (EDR)
Symantec Endpoint Detection and Response provides incident investigation and remediation using the integrated EDR capabilities in SEP. Cloud-based artificial intelligence, precision machine learning, behavioral analytics, and threat intelligence minimize false positives and ensure high levels of productivity for security teams. The security team can roll out the solution within an hour to expose advanced attacks. Symantec Endpoint Detection and Response capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using on-premises and cloud-based sandboxing. In addition, continuous recording of system activity supports full endpoint visibility and real-time queries.