Symantec Endpoint Protection

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Symantec Endpoint Protection
Symantec Endpoint Protection GUI, version 14
Symantec Endpoint Protection GUI, version 14
Developer(s) Symantec Corporation
Stable release
14 MP2 (Build 2415) / 2 June 2017; 48 days ago (2017-06-02)[1]
Operating system Windows, macOS and Linux
Platform IA-32 and x86-64
Type Anti-malware, intrusion prevention and firewall
License Trialware
Website symantec.com/business/endpoint-protection

Symantec Endpoint Protection, developed by Symantec, is a security software suite, which consists of anti-malware, intrusion prevention and firewall features for servers and desktops.[2] It has the largest market-share of any product for endpoint security.[3]

Version history[edit]

The first release of Symantec Endpoint Protection was published in September 2007 and named version 11.0.[4] Endpoint Protection is the result of merger of several security software products, including Symantec Antivirus Corporate Edition 10.0, Client Security, Network Access Control, and Sygate Enterprise Edition.[4] Endpoint Protection also includes new features.[4] For example, it can block data transfers to unauthorized device types, such as USB flash drives or Bluetooth devices.[4]

At the time, Symantec Antivirus Corporate Edition was widely criticized as having become bloated and unwieldy.[2] Endpoint Protection 11.0 was intended to address these criticisms.[2] The disk footprint of Symantec Corporate Edition 10.0 is 100 MB, whereas Endpoint Protection's is 20 MB.[2]

In 2009, Symantec introduced a managed service, whereby Symantec staff deploy and manage Symantec Endpoint Protection installations remotely.[5] A Small Business Edition with a faster installation process was released in 2010.[6] In February 2011, Symantec released version 12.0 of Endpoint Protection.[7] Version 12 incorporated a cloud-based database of malicious files called Symantec Insight.[7] Insight was intended to combat malware that generates mutations of its files to avoid detection by signature-based anti-malware software.[7] In late 2012, Symantec released version 12.1.2, which supports VMware vShield.[8]

A cloud-version of Endpoint Protection was released in September 2016.[9] This was followed by version 14 that November.[10] Version 14 incorporates machine learning technology to find patterns in digital data that may be indicative of the presence of a cyber-security threat.[10] It also incorporates memory exploit mitigation and performance improvements.[3]

Features[edit]

Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features.[11] According to SC Magazine, Endpoint Protection also has some features typical of data loss prevention software.[12] It is typically installed on a server running Windows, Linux, or macOS.[13] Version 14 is the only currently-supported release.[14]

Endpoint Protection regularly scans computers for security threats.[11] It is used to prevent unapproved programs from running,[11] and to apply firewall policies that block or allow network traffic.[15] It attempts to identify and block malicious traffic in a corporate network or coming from a web browser.[16] It uses aggregate information from users to identify malicious software.[12] Symantec claims to use data from 175 million devices that have installed Endpoint Security in 175 countries.[12]

Endpoint Protection has an administrative console that allows the IT department to modify security policies for each department,[11] such as which programs or files to exclude from antivirus scans.[12] It does not manage mobile devices directly, but treats them as peripherals when connected to a computer and protects the computer from any malicious software on the mobile device.[12]

Vulnerabilities[edit]

In early 2012, source code for Symantec Endpoint Protection was stolen and published online.[17] A hacker group called "The Lords of Dharmaraja" claimed credit, alleging the source code was stolen from Indian military intelligence.[18] The Indian government requires vendors submit source code of any computer program being sold to the government, to ensure that they are not being used for espionage.[17] In July 2012, an update to Endpoint Protection caused compatibility issues, triggering a Blue Screen of Death on Windows XP machines running certain third-party file system drivers.[19] In 2014, Offensive Security discovered an exploit in Symantec Endpoint Protection during a penetration test of a financial services organization.[20] The exploit in the Application and Device control driver allowed a logged-in user to get system access.[20] It was patched that August.[20]

Reception[edit]

According to Gartner, Symantec Endpoint Protection 14 is one of the more comprehensive endpoint security products available and regularly scores well in independent tests.[3] However, a common criticism is that customers are "fatigued" by "near constant changes" in the product and company direction.[3] SC Magazine said Enpoint Protection 14 was the "most comprehensive tool of its type . . . with superb installation and documentation."[12] The review said EndPoint Protection had a "no-brainer setup and administration," but it does have a "wart" that support fees are "a bit steep."[12]

Forrester said version 12.1 was the most complete endpoint security software product on the market, but the different IT security functions of the software were not well-integrated.[21] The report speculated the lack of integration would be addressed in version 14.[21] Network World ranked Symantec Endpoint Protection sixth in endpoint security products, based on data from NSS Labs testing.[22]

References[edit]

  1. ^ "Download the latest version of Symantec Endpoint Protection". Enterprise Technical Support. Symantec. 3 April 2017. 
  2. ^ a b c d Walsh, Lawrence (November 2007). "Troubled Waters". CSO Magazine. 6 (10). CXO Media. 
  3. ^ a b c d Ouellet, Eric; McShane, Ian; Litan, Avivah (30 January 2017). "Magic Quadrant for Endpoint Protection Platforms". gartner.com. Gartner. 
  4. ^ a b c d Messmer, Ellen (24 September 2007). "Symantec revamps endpoint security product". Network World. Retrieved 16 April 2017. 
  5. ^ Messmer, Ellen (23 June 2009). "Symantec unveils endpoint protection services". Network World. IDG. 
  6. ^ Moltzen, Edward (1 January 2010). "Security In 20 Minutes, Really". CRN. The Channel Company. 
  7. ^ a b c Messmer, Ellen (15 February 2011). "Symantec looks to protect users from mutating malware". Network World. IDG. 
  8. ^ Messmer, Ellen (3 December 2012). "Symantec releases first anti-malware software to work with VMware vShield security system". Network World. IDG. 
  9. ^ Kuranda, Sarah (13 September 2016). "Symantec Rolls Out New Cloud-Based Endpoint Protection Solution For SMBs". CRN. The Channel Company. 
  10. ^ a b Osborne, Charlie (1 October 2016). "Symantec launches endpoint protection solution based on artificial intelligence". ZDNet. CBS Interactive. 
  11. ^ a b c d Sarrel, Matthew (March 2008). "Security That’s All Business". PC Magazine. Retrieved 16 April 2017. 
  12. ^ a b c d e f g Stephenson, Peter (22 August 2016). "Symantec Endpoint Protection 14". SC Magazine. Haymarket Media Group. Retrieved 20 April 2017. 
  13. ^ Stephenson, Peter (1 August 2012). "Symantec Endpoint Protection 12 v12.1". SC Magazine. Haymarket Media Group. Retrieved 16 April 2017. 
  14. ^ "Released versions of Symantec Endpoint Protection". Enterprise Technical Support. Symantec. 16 March 2017. Retrieved 18 April 2017. 
  15. ^ "About the Symantec Endpoint Protection firewall". Enterprise Technical Support. Symantec. 28 October 2016. 
  16. ^ "How intrusion prevention works". Enterprise Technical Support. Symantec. 28 October 2016. 
  17. ^ a b Vijayan, Jaikumar (6 January 2012). "Symantec confirms source code leak in two enterprise security products". Computerworld. Retrieved 18 April 2017. 
  18. ^ Akhtar, Iyaz (6 January 2012). "That stolen Symantec source code? It's for older enterprise products". CNET. CBS Interactive. Retrieved 18 April 2017. 
  19. ^ Raywood, Dan (16 July 2012). "Symantec fixes 'blue screen of death' bug". SC Magazine UK. Haymarket Media Group. Retrieved 16 April 2017. 
  20. ^ a b c Kirk, Jeremy (5 August 2014). "Symantec patches privilege escalation flaws in Endpoint Protection". Network World. IDG. 
  21. ^ a b Sherman, Chris; McClean, Christopher; Schiano, Salvatore; Dostie, Peggy (19 October 2016). "The Forrester Wave: Endpoint Security Suites, Q4 2016". (Registration required (help)). 
  22. ^ "NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating". Network World. IDG. 15 February 2017. Retrieved 18 April 2017. 

External links[edit]