How Symantec Endpoint Protection technologies protect your computers
HOWTO101774
Last Updated April 24, 2019
Symantec Endpoint Protection's core protection against known and unknown threats uses a layered approach to defense. The comprehensive approach protects the network before, during, and after an attack. Symantec Endpoint Protection reduces your risk of exposure by providing tools to increase your security posture ahead of any attack.
To get complete protection for the computers in your network, enable all protections at all times.
Figure: How Symantec Endpoint Protection stops targeted attacks and zero-day threats with layered protection
What types of attacks do Symantec Endpoint Protection technologies protect against?
Symantec Endpoint Protection uses the following holistic security approach to protect your environment across the entire attack chain, using the following stages: incursion, infection, infestation and exfiltration, and remediation and inoculation.
Phase 1: Incursion
During the incursion phase, hackers typically break into the organization's network using target attacks such as social engineering, zero-day vulnerabilities, SQL injection, targeted malware, or other methods.
Symantec Endpoint Protection protects against attacks before they enter your system using the following technologies:
: Analyzes all incoming traffic and outgoing traffic and offers browser protection to block such threats before they can be executed on the computer. The rules-based firewall and browser protection protect against web-based attacks.
: Controls the file access and registry access and how processes are allowed to run.
See About application control, system lockdown, and device control.
: Restricts the access to select hardware and control what types of devices can upload or download information.
: Neutralizes zero-day exploits like Heap Spray, SEHOP overwrite, and Java exploits in popular software that the vendor has not patched.
See Hardening Windows clients against memory tampering attacks with a Memory Exploit Mitigation policy.
Phase 2: Infection
In targeted attacks, hackers typically break into the organization's network using social engineering, zero-day vulnerabilities, SQL injection, targeted malware, or other methods.
Symantec Endpoint Protection uses the following technologies to detect and prevent these attacks before they infect your system:
: Detects malware.
: Based on the artificial intelligence that uses Symantec's global intelligence network. This advanced analysis examines billions of correlated linkages from users, websites, and files to identify and defend against rapidly-mutating malware. By analyzing key attributes (such as the origin point of a file download), Symantec can accurately identify whether a file is good or bad and assign a reputation score all before the file arrives on the client computer.
: Analyzes the trillions of examples of the good files and bad files that are contained in a global intelligence network. Advanced machine learning is a signatureless technology that can block new malware variants at the pre-execution.
See How does Symantec Endpoint Protection use advanced machine learning?.
: Detects hidden malware using polymorphic custom packers. A scanner runs each file in milliseconds in a lightweight virtual machine that causes threats to reveal themselves, improving both the detection rates and performance.
See How does the emulator in Symantec Endpoint Protection detect and clean malware?.
: Uses signature-based antivirus and file heuristics to look for and eradicate malware on a system to protect against viruses, worms, Trojans, spyware, bots, adware, and rootkits.
: Leverages machine learning to provide zero-day protection, stopping new and unknown threats by monitoring nearly 1,400 file behaviors while they execute in real time to determine file risk.
See Managing SONAR.
Phase 3: Infestation and Exfiltration
Data exfiltration is the unauthorized transfer of data from a computer. Once the intruders control these target systems, they may steal intellectual property or other confidential data. Attackers use captured information for analysis and further exploitation or fraud.
Phase 4: Remediation and Inoculation
Symantec Endpoint Protection includes a single console and agent that offers protection across operating systems, platforms, and businesses of any size.
: An aggressive tool, which can be triggered remotely, to address advanced persistent threats and remedy tenacious malware.
: Ensures that endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments. Host Integrity then isolates a managed system that does not meet your requirements.
: Allows the whitelisted applications (known to be good) to run, or blocks the blacklisted applications (known to be bad) from running. In either mode, System Lockdown uses checksum and file location parameters to verify whether an application is approved or unapproved. System Lockdown is useful for kiosks where you want to run a single application only.
: Uses programmable REST APIs to make integration possible with Secure Web Gateway, to help quickly stop the spread of infection at the client computer.
. Symantec Endpoint Protection is integrated with Symantec Endpoint Detection and Response and is designed to detect, respond, and block targeted attacks and advanced persistent threats faster by prioritizing attacks. EDR (Endpoint Detection and Response) capability is built into Symantec Endpoint Protection, which makes it unnecessary to deploy additional agents.
What types of attacks do Symantec Endpoint Protection technologies protect against?
Table: What types of attacks does each Symantec Endpoint Protection technology protect against? displays which types of Symantec Endpoint Protection technologies protects against which types of attacks.
Table: What types of attacks does each Symantec Endpoint Protection technology protect against?
Legacy ID:
v97539434_v81626096
購読すると、この記事が更新されたときに更新内容が配信されます。ログインが必要です。
ご意見ありがとうございます。以下にコメントがある場合はお知らせください。(ログインが必要です)