? Advanced Machine Language (AML) – detects new and
evolving threats, pre-execution
? Memory Exploit Mitigation – blocks zero-day exploits
against vulnerabilities in popular software.
? Behavior Monitoring – monitors and blocks file that exhibit
? Global Intelligence Network (GIN) – the world’s largest
civilian threat intelligence network informed by 175 million
endpoints and 57 million attacks sensors across 157
countries. The data collected is analyzed by more than a
thousand highly skilled threat researchers to provide unique
visibility and cutting edge security innovations against threats.
? Reputation Analysis – determines safety of files and
websites using artificial intelligence techniques in the cloud
and powered by the GIN
? Emulator – Uses a lite-sandbox to detect polymorphic
malware hidden by custom packers.
? Intelligent Threat Cloud’s rapid scan capabilities using
advanced techniques such as pipelining, trust propagation,
and batched queries has made it unnecessary to download
all signature definitions to the endpoint to maintain a high
level of effectiveness. Therefore, only the newest threat
information is downloaded, reducing the size of signature
definition files by up to 70%, which in turn reduces
? Secure Web Gateway Integration – New programmable
REST APIs make integration possible with existing security
infrastructure including Secure Web Gateway, orchestrating
a response at the endpoint to quickly stop the spread
? Antivirus – scans and eradicates malware that arrives
on a system.
? Firewall and Intrusion Prevention – blocks malware before
it spreads to the machine and controls traffic.
? Application and Device Control – controls file, registry,
and device access and behavior; also offers whitelisting and
? Power Eraser – an aggressive tool, which can be triggered
remotely, to address advanced persistent threats and remedy
? Host Integrity – ensures endpoints are protected and
compliant by enforcing policies, detecting unauthorized
changes, and conducting damage assessments with the
ability to isolate a managed system that does not meet your
? System Lockdown – allows whitelisted applications (known
to be good) to run, or block blacklisted applications (known
to be bad) from running.
In addition, only SEP allows IT security teams to tune the level
of detection and blocking to optimize protection and gain
enhanced visibility into suspicious files for each customer
environment as shown in Figure 4. This tunable security
called Intensive Protection is made available with a new cloud
console that integrates automatically with the on-premises SEP
Manager and provides an easy workflow to blacklist suspicious
files or whitelist any false positives.
DETECTION AND RESPONSE (EDR)
Symantec Advanced Threat Protection: Endpoint provides
incident investigation and response utilizing the integrated
EDR capabilities in SEP. It can be deployed within an hour to
expose advanced attacks with precision machine learning,
behavioral analytics and threat intelligence minimizing false positives and helps ensure high levels of productivity for
security teams. Symantec’s EDR capabilities allow incident
responders to quickly search, identify and contain all impacted
endpoints while investigating threats using on-premises and
cloud-based sandboxing. In addition, continuous recording of
system activity supports full endpoint visibility and real-time
? Detects and Exposes – Reduce time to breach discovery
and quickly expose scope.
? Investigates and Contains – Increase incident responder
productivity and ensure threat containment.
? Resolves – Rapidly fix endpoints and ensure threat does
? SEP Deception1
plants deceptors (i.e. baits) to expose
hidden adversaries and reveal attacker intent and tactics
via early visibility, so that the information can be used to
enhance security posture. SEP Deception features accurate
and insightful detection while delivering fast time to value.
Joint Symantec Endpoint Protection and Symantec Managed
Security Services customers benefit from 24x7 real-time
SEP Deception monitoring and response by a global team of
experts. Symantec is the only endpoint protection platform
vendor offering deception.
? Uses lures and baits for proactive security to expose and
? Determines attacker intent to improve security posture.
? SEP Hardening is a cloud delivered advanced application defense
solution that provides comprehensive protection for applications
by isolating suspicious apps and shielding trusted ones. Unlike
point products from other application isolation vendors, SEP
Hardening, in combination with SEP, delivers unprecedented
efficacy against malware and suspicious applications. In
addition, SEP Hardening maintains high employee productivity
by fully supporting standard employee workflows.
? Comprehensive application security by minimizing the
? Unprecedented visibility by discovering and categorizing
all endpoint applications.
? Fastest speed to value by leveraging SEP’s single agent