![]() You can install it by watching a video on YouTube, but for the implementation design, expertise is required. ![]() It offers flexible management and deployment options. They provide support for the whole product and not just a component. Symantec is comparatively a much more mature solution, and their support is also very good. I found Java files to be a big problem with that solution. They don't do any technical evaluation of file structure or file behavior. When they get the file hash, in the back end, they would run a script, scan it, and then give a report based on the virus total. ![]() Based on what I was told, it decided that based on the virus total. It would capture so many files, which Symantec doesn't do, and mark them as harmful or not. One was for protection and one was for recording the incident on EDR. It had endpoint protection and EDR, and two agents were installed on the system. The way they design their solutions is very important, and now, they have GIN, which is very important. They all are investing their time, money, and people to enhance productivity, but Symantec has been there from the start. ![]() No product is bad because they are coming after so much R&D. I got a chance to work with other products, such as Carbon Black, Palo Alto, and McAfee. It also allows you to auto-manage policies, and IPS and IDS are also already there. There is a tool called Active Directory Defense to stop an attacker from taking control of a user. It detects credential theft and stops intrusion, which is something no other vendor is currently providing. All these are a part of its attack prevention capabilities. It also protects Active Directory. It reduces the attack surface. There is a component for breach assessment, device control, application control, behavior analysis, and isolation. It has various components that help you at various stages: pre-attack, attack, breach, and post-breach. You can choose the policies that you want. There are around 7,000 SCSC policies, and of course, you are not going to enable all of them. It allows you to choose the policies that you want to implement. Sometimes, when you connect your mobile to any other wifi, such as free wifi or hotspot, if there is anything malicious, it can stop the traffic. Symantec provides protection based on the analysis of your application, its behavior, and the type of data being sent and received. Most of the time, you don't know what's installed on these devices, which is the biggest threat to the environment. Nowadays, people bring their own devices. If you have a breach in your environment, you have to contact them to find out what exactly is happening. They would check its footprint on every system. The Threat Hunter team is very good and professional. Your system is infected but nobody knows how many systems are affected after you. For example, you clicked on a link that copied malware on a system. Their Threat Hunter team helps out to know what exactly happened and the type of breach. With threat analysis, we could see that the system was protected but the bad guy had already passed through or gotten inside the network. There was an attempt to copy a file, which was blocked. If any file other than the required file is being executed, it will detect that and protect the system from that. Recently, a bank had a breach. If you install Symantec, it will see the behavior of the file. When you open the PDF file, in the background, the script starts, but nobody knows that. Another example would be that you download a PDF file, and this PDF file has a built-in script. This proactive approach or IPS is a part of it. If any file is misbehaving, Symantec Endpoint Security can handle it. They need to be identified based on behavior. So, you don't have a signature for those files. For example, with ransomware or zero-day threats, you don't have any already-known bad files. The baseline of their products would always be the same, and with the evolving threats, they are also changing the technology. Symantec is a known name in the market for endpoint and server security. With its behavior forensic, advanced threat hunting, integrated response, and Threat Hunter capabilities, it provides good control over security and improves the security posture.
0 Comments
Leave a Reply. |