![]() Building, deploying and managing policies is straightforward with its own comprehensive set of menus. Like most products of its type, SEP is policy-driven. Drilling down further we found detailed information about an event we were analyzing. It keeps the landing page from becoming cluttered without sacrificing completeness. This is where we found the graphs we expected on the landing page. We selected the monitors from the sidebar menu. When a threat occurs, Exploit Mitigation is triggered. ![]() This dashboard is no-nonsense and everything you need to know at first glance is readily at hand, including a summary from Symantec Security Response (Symantec's threat center feed). We dropped into the landing page as we usually do and were presented with plenty of opportunities for drill-down, and were presented with a limited number of the graphs that we usually expect to see. For example, you could set it up to prevent communication with the TOR network. The intrusion prevention can be customized to prevent specific IPs from interacting with the protected enterprise. ![]() The behavior analysis engine is called SONAR and it watches for suspicious activity. ![]() The emulator is a sandbox for detecting malware with encryption. First, the firewall really looks both ways so it not only provides intrusion prevention, it also acts as a DLP device. A couple of these merit special discussion. These engines are network firewall and intrusion prevention, application and device control, memory exploit mitigation, reputation, file attributes (advanced machine learning), emulation, real-time file scanning and behavior analysis. SEP can export in Syslog format for input to SIEMs or other tools that consume Syslogs. It provides cross-platform support (Windows, Mac and Linux). The product actually is a tightly integrated suite of powerful engines, each with its own particular task. SEP Cloud also is offered as an option for a pure cloud-based deployment. SEP is centrally managed by an on-premises server. Symantec Endpoint Protection (SEP) is an endpoint security platform that can use an agent on physical devices or can run in a hybrid agentless/agent-based mode for VDI environments.
0 Comments
Leave a Reply. |