Symantec Expands Endpoint Security With Deception Technology

Symantec updates its endpoint protection portfolio with new deception capabilities and a mobile security product based on technology acquired from Skycure.

Symantec Endpoint Protection

Symantec announced an updated portfolio of endpoint security products on Oct. 25 that it is positioning as a next generation security platform for the cloud generation.

Among the new and updated products in the Endpoint Security for the Cloud Generation portfolio is the Symantec Endpoint Protection (SEP) platform 14.1 release which now benefits from the addition of deception technology that detects and decoys stealthy attacks. Symantec is also adding new hardening capabilities to SEP that aims to prevent zero-day exploits and provide improves application isolation. Another part of the expanded portfolio is the new SEP Mobile application which builds on technology that Symantec acquired from Skycure in July 2017 

"Our new endpoint solution is exactly what our customers have been asking for – best of breed capabilities, integrated into a single agent, to help them streamline, lower costs and effectively combat advanced threats, malware and ransomware," Mike Fey, Symantec president and COO stated. "More importantly, these technologies are not simply integrated—they lead going toe-to-toe against their standalone counterparts in the industry." 

Sri Sundaralingam, Head of Product Marketing for Enterprise Security Products at Symantec explained to eWEEK, that Endpoint Security for the Cloud Generation is a lightweight agent supported on desktop computers running Windows, macOS and Linux as well as iOS and Android mobile devices.

Sundaralingam added that desktop devices are protected by the SEP 14.1 single agent and management system that can be used to roll out advanced endpoint protection, deception, integrated detection and response (EDR) and hardening without deploying additional agents or management systems. Mobile devices in contrast are protected by the SEP Mobile app for iOS and Android as well as a cloud-based management system. 

Deception Technology

With deception technology, the basic idea is to have some form of decoy or fake service that attracts and tricks attackers. Sundaralingam noted that deception technology can be used by Security Operations Center (SOC) personnel to learn about attacker tactics and improve security posture. Unlike the SEP Mobile technology which came to Symantec by way of acquisition, the deception technology that Symantec is integrating into SEP 14.1 was an organic development.

"Deception technology is in-house innovation based on Symantec’s 15 plus years of endpoint security expertise," Sundaralingam said. "With deception technology on the endpoint, customers can deploy an additional tool or layer of security to detect stealthy attacks."

There are multiple deception vendor technologies in the market today including TrapX, Illusive, Attivo and Acalvio that offer competitive products. Sundaralingam commented that Symantec's deception technology is differentiated in that there is no need for additional agents or network components. 

"Customers can leverage deployed SEP agents with the existing SEP management system to quickly deploy deception and add an additional layer to improve security architecture," Sundaralingam said. 

In addition to the deception capabilities, SEP 14.1 also provides new hardening features to help protect against zero-day threat risks. Sundaralingam said that SEP 14.1 with hardening, allows customers to automatically assess risk level and classify applications as well as isolate suspicious applications and restrict those applications to run in a tightly controlled environment.

Though multiple new capabilities in SEP are driven by a single agent, Symantec has still managed to keep the agent small.

"Symantec’s SEP 14.1 single agent architecture is lightweight and uses 15 percent less CPU compared to previous versions," Sundaralingam said. "We have reduced network bandwidth usage by 70 percent for content updates compared to previous versions, due to extensive use of signatureless technologies." 

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.