Symantec this week announced new products and enhancements to its network endpoint security lineup. The first is focused on managed endpoint detection and response (MEDR) and enhanced EDR 4.0, and the second on endpoint protection and hardening capabilities.
The introductions are best seen in the broader landscape. Last October, Symantec sought to rebound from sagging fortunes with products aimed at securing workloads on Amazon Web Service (AWS) and Microsoft Azure, and extending the capabilities of its cloud access security broker (CASB) technology. Symantec was facing sinking enterprise revenues, an internal investigation of its financial disclosures, and the need to broaden its image beyond being a provider of legacy firewalls.
Now, the company is moving on the endpoint front. Its initiative started with acquisitions in November of Javelin Networks and Appthority. At least one capability introduced this week – security for active directory – builds on the Javelin acquisition.
Analysts noted that Symantec’s goal is to help enterprises help themselves.
“The most precious asset now is not firewalls, endpoint security, DDoS protection, or any other product technology,” Frank Dickson, IDC’s Research Vice President for Cybersecurity Products, told SDxCentral in an email. “It is people. Qualified cybersecurity professionals are scarce and expensive. The announcements by Symantec are primarily geared toward helping organizations with that issue. Enhanced EDR tools make cybersecurity professionals more efficient and effective. MDR services are essentially cybersecurity staff augmentation, allowing organization to offload some tasks to focus on higher level security operations.”
MEDR and EDR 4.0
MEDR and EDR 4.0 use artificial intelligence-driven analytics and automation to recognize and stop cyberattacks. The MEDR service combines EDR 4.0, Symantec’s Global Intelligence Network, and its security operations center (SOC) to provide constant oversight.
The EDR is at the core of the managed service. “Customers can search for indicators of compromise as well as leverage the artificial intelligence capabilities of the tool to identify emerging threats,” explained Sri Sundaralingam, head of product marketing for Symantecs’s Enterprise Security Products division. “Once infected endpoints are identified, customers can also take remediation actions to stop the spread and also clean-up and restore infected endpoints.”
The MEDR provides industry- and region-specific analysis that relies on six global SOCs, managed threat hunting for detection of zero-day and unknown threats, a framework to identify attack indicators, use of pre-authorized steps to rapidly contain compromised endpoints, and a variety of reports and other data.
The firm says that EDR 4.0 uses input from research and telemetry provided by 175 million worldwide endpoints to update its AI-based detection engines. It can identify and thwart “living off the land” fileless attacks and automates playbooks to initiate investigations quickly. There are deployment options for Symantec Endpoint Protection (SEP) and non-SEPs for Windows, Linux, and MacOS.
The starting price for Symantec EDR is $50 per device for a one-year subscription. Managed options are available when the EDR product is purchased, according to Sundaralingam.
IDC’s Dickson said that the managed service is the bigger story. “Symantec has a history of offering managed services,” he noted. “However, this service bundles product and services into a ‘one throat to choke’ solution that provides compelling value to organizations, especially in the small and mid-market.”
Advanced Protection and Hardening
Separately, Symantec announced new endpoint protection and hardening capabilities. The advances only allow known and good applications to run, enhance application discovery and risk assessment, and prevent stealth attacks.
Dickson thinks that the additions won’t get the fanfare of other announcements – but that they are important. “Advanced protection and hardening essentially takes a different approach to security,” he wrote. “Instead of detecting malicious activity, the features make the endpoint a much ‘harder’ target. These are new, unique, and differentiating.”