Symantec adds machine learning to Enterprise Endpoint Protection V14

Having just attended Symantec’s Partner Engage 2016 event I got to spent some quality time with Dr. Hugh Thompson, its chief Geek and Technology Officer and talk dirty about security.

What I have learned from this, and backed by numerous other discussions with some of the other doyens of cyber security, is that the bad guys are possibly better organised and better funded than anyone could imagine – it is big business.

They – organised cybercrime families to script kiddies - spew out tens to hundreds of thousands of spear phishing emails and the enterprise target does not stand a chance because someone will open an email and click on a link. And that is on top of millions of Advanced Persistent Threats and more.

Symantec has announced that its new Version 14 Enterprise Symantec Endpoint Protection (SEP) fuses traditional endpoint security (detect, correct, protect) technologies with advanced machine learning and memory exploit mitigation to deliver a multi-layered solution that can stop advanced threats and respond at the endpoint regardless of how the attack is launched.

{loadposition ray}

Symantec SEP has four key pillars and protection layers.

SYM SEP SEP

SYM SEP SEP1

“Symantec Endpoint Protection 14 is a major development in endpoint protection, delivering the latest innovations in endpoint security on a single platform,” said Nick Savvides, Manager, Cyber Security Strategy, Symantec, Asia Pacific and Japan. “Multi-layered protection, enabled by artificial intelligence, backed by the world’s largest and most powerful threat intelligence force, and powered by the cloud – this is the smartest choice in endpoint technologies. Symantec Endpoint Protection 14 is an essential element of an integrated cyber defense strategy that enterprises require to combat today’s advanced threats.”

Symantec Endpoint Protection delivers powerful protection in a lightweight package, building on industry-leading 99.9% efficacy, low false positives and a 70% reduced footprint over the previous generation through new advanced cloud lookup capabilities.

It is also powered by combined threat intelligence capabilities made possible by integrating Symantec and Blue Coat’s security telemetry creating the world’s largest GIN (global intelligence network) that combines threat telemetry from Symantec and its recent acquisition Blue Coat to take real time protection to the next level. , Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million web proxy users, and processes nearly eight billion security requests across these products each day. It only has to see the first spear phishing email (from all the emails it protects) or campaign to protect its customer ecosystem from it.

What is also impressive is It is also impressive that Blue Coat has added so much more to the Symantec offering beefing up its cloud, network, and analytics. As a journalist, I have a reasonable working knowledge of the enterprise “security stack,” and this appears to the most comprehensive offering.

SYM SEP stack

Thompson said that as enterprise moves to the cloud, and embraces BYOD and remote working the whole premise of security has changed. Following are some of his slides, that explain that transition.

In the beginning (well even now) most enterprises had an HQ data centre and used VPNs to connect remote offices to it. Any “cloud access” was handled through one pipe.

sym cLOUD

Then BYOD (personal and roaming devices) became popular and started to link via the Internet directly to the cloud and the HQ Data Centre. But the Internet is inherently insecure as it allows all manner of payloads (a text file with malware) to be encrypted and pass through the traditional security stack. The result is malware and more entering the HQ Data Centre, regional offices, personal devices and roaming devices.

SYM Cloud 1

The Symantec answer is to simply connect all devices to its cloud-based EndPoint Protection security stack to eliminate the possibility of cross infections and to protect all endpoints. It appears to have the right solution and being cloud based it is instantly available.

SYM Cloud 2