Symantec Revs Endpoint Controls, Debuts Managed Detection and Response

Vendor unveils spiffy, updated tools to harden client devices — and a new detection and response service for when bad stuff happens despite them

Symantec on Tuesday rolled out a series of improvements to its endpoint protection portfolio and introduced a new managed service for endpoint detection and response (MEDR) powered by its enhanced EDR 4.0 technology. While the former bolsters whitelisting, sandboxing, VPN, and anti-exploitation controls, the latter concedes that hackers will do just that — hack — and aims to minimize damage by making incident detection and response faster and more effective.

The Lowdown:  Symantec is rolling the endpoint protection improvements into its integrated Cyber Defense Platform with the stated goal of delivering coordinated, adaptive endpoint defense that even undermanned, underfunded security teams can manage. The new MEDR offering targets the same resource-strapped user environment, offering a managed service for complex, big-ticket functions like threat hunting, forensics, remote investigations, and attack containment.

The Details:  Features of Symantec’s expanded endpoint portfolio include:
• Endpoint Application Control — a whitelisting tool that minimizes attack surface by allowing only known, good applications to run. The soluton also uses automatic rule generation and auto discovery to make it manageable in the often chaotic real world of endpoints.
• Endpoint Application Isolation — for the apps that aren’t on the whitelist, a solution to isolate unknown software and restrict its behavior.
• Endpoint Cloud Connect Defense — a policy-based VPN that provides additional controls for devices on unknown Wi-Fi and carrier networks.
• Endpoint Threat Defense for Active Directory — a product of Symantec’s November 2018 acquisition of Javelin Networks, a tool that adds post-exploit controls to thwart malicious behavior like credential theft and lateral movement.

The new MEDR service, meanwhile, is highlighted by:

• 24×7 coverage across six global SOCs with industry- and region-specific security analysts.
• Managed threat hunting to unearth zero-day and undiscovered threats.
• Use of MITRE ATT&CK framework to identify critical indicators of compromise.
• Pre-authorized response methods to speed containment of compromised endpoints.
• Custom and emerging threat reports.

The Buzz:  On the subject of the improved endpoint controls:

“Stopping today’s most sophisticated threats requires integrated layers of security which make it difficult for attackers to operate,” said Art Gilliland, executive vice president and general manager of enterprise products at Symantec. “By incorporating advanced protection and hardening innovations into our endpoint portfolio, we help minimize the attack surface and make it more challenging to penetrate and move laterally across networks, an important part of an integrated cyber defense strategy.”

And on the topic of new managed EDR capabilities:

“Many customers simply can’t find enough cyber security experts to meet demand. Our MEDR service provides access to Symantec’s elite SOC analysts and advanced machine learning techniques to reduce the burden on staff and shrink the time it takes to investigate incidents,” said Gilliland. “For organizations with robust security response teams, EDR 4.0 is now available on any device, anywhere, before or after an attack occurs to provide comprehensive detection and response.”