Here the integration with the new EDR product (Advance Threat Protection or ATP 3.0) comes into play to help with incident response. ![]() If a deceptor triggers and alerts the security team, it means that a breach has already occurred. “It means,” continues Sundaralingam, “we provide a multi-level defense against ransomware and zero-day day attacks, and we improve the customer’s overall security posture.” “The defenders can then neutralize the attack, and include new understanding in their security posture to block any similar type of attack in the future.” Symantec is the first of the traditional endpoint security vendors to integrate deception with their endpoint product. “The security team can learn through watching what the adversaries are doing - how they are trying to manifest their malware,” explains Sri Sundaralingam, head of product marketing at Symantec. ![]() The idea is to attract the adversary, slow him down on a wild goose chase, and alert the security team to his presence. The deceptors are designed to look valuable to an adversary who succeeds in accessing the system but they contain nothing of consequence. It is the deployment of deceptors - or decoy files, folders and registries - within the environment. The key features announced this week include the addition of deception and device hardening in SEP 14.1 together with integration with a new version of Symantec Endpoint Detection and Response, and integration with the new Mobile Threat Defense originally acquired with the purchase of Skycure in July 2017.ĭeception is new to SEP. The stated purpose is to provide end-to-end protection for endpoints in a single agent. The latest version of Symantec Endpoint Protection, SEP 14.1, adds new capabilities to the signatureless machine learning malware detection SEP product it introduced last year, and integrates with other Symantec security solutions.
0 Comments
Leave a Reply. |