In February 2014, the Commerce Department's National Institute of Standards and Technology (NIST) created the Framework for Improving Critical Infrastructure Cybersecurity 1.0 (the "Framework"). The Framework was designed to help organizations plan for and address cybersecurity threats.
Table: Cybersecurity core functions describes how Symantec Endpoint Detection and Response can help your organization with cybersecurity preparedness, detection, and response.
Table: Cybersecurity core functions
Perform an internal assessment of your organization to identify your potential risks and security goals. Develop a risk management strategy based on your business needs.
Symantec EDR's network control point analyzes incoming data streams while they travel through the network. Symantec EDR uses this information to create events and generate incidents to help you find potential threats in your environment. When you configure Symantec EDR to use the inline block operation mode, Symantec EDR blocks access to the files and external computers that it detects are malicious. You can further control the files and websites that Symantec EDR blocks or doesn't block through Blacklist and Whitelist policies.
Symantec EDR may be unable to block 100% of malicious detections, such FTP file downloads.
When you integrate the Symantec EDR network control point with SEP and Email Security.cloud, the Synapse cloud service can correlate events from each product to give you a comprehensive picture of threats to your network, endpoints, and email system.
Symantec EDR shows the threats that it detects on the Dashboard and in the Incident Manager. You can also view all the events that have occurred in your organization chronically.
Use Symantec EDR to search for indicators of compromise (IOC) and to find artifacts. Symantec EDR can search for these items in the Symantec EDR database and on your endpoints. If you enable the endpoint activity recorder, it can also search within the endpoint's activity recorder.
Symantec EDR can automatically send you notifications when incidents are created. It can also log events to syslog so that you can import them into your security information and event management (SIEM) system.
Symantec EDR provides the one-click containment and remediation capability that works across endpoints, network, and email control points. For example, you can delete a malicious file from an endpoint or isolate a breached endpoint.