Symantec on Tuesday announced significant improvements to its endpoint security offering, including new Endpoint Protection features, and the launch of a Managed Endpoint Detection and Response (MEDR) service.
According to Symantec, the updates made to Endpoint Protection should help organizations reduce the attack surface by allowing only whitelisted applications to run, improve risk assessment and app discovery, and prevent stealthy attacks.
The whitelisting capabilities are part of Symantec Endpoint Application Control, which automatically generates application-specific rules, continuously tracks apps, and provides comprehensive application discovery.
Symantec Endpoint Application Isolation restricts apps to safe and authorized activities. It can not only prevent attackers from carrying out malicious actions, but also ensure that hackers don’t tamper with good applications, the cybersecurity giant said.
The new capabilities also include a smart VPN designed to protect users when surfing the web through risky mobile connections and Wi-Fi. Named Cloud Connect Defense, it should provide an extra layer of protection for Windows 10 users, Symantec said.
The last new product is a result of Symantec’s acquisition of Javelin Networks. Threat Defense for Active Directory is designed to prevent hackers from exploiting AD to access critical systems. It does this by using AI, obfuscation and forensics techniques to prevent credential theft and lateral movement.
These products can be acquired as add-ons for Symantec Endpoint Protection or as part of new suites.
Symantec also unveiled a Managed Endpoint Detection and Response (MEDR) service that should help organizations quickly discover attacks and respond to them. The service uses EDR 4.0 technology, which includes new features for detecting attacks that involve living-off-the-land and fileless elements, automated playbooks for quick investigations, and new EDR tools.
“Many customers simply can’t find enough cyber security experts to meet demand. Our MEDR service provides access to Symantec’s elite SOC analysts and advanced machine learning techniques to reduce the burden on staff and shrink the time it takes to investigate incidents,” explained Art Gilliland, EVP and GM of Enterprise Products at Symantec. “For organizations with robust security response teams, EDR 4.0 is now available on any device, anywhere, before or after an attack occurs to provide comprehensive detection and response.”