Symantecs Hamlet Promises All-Seeing, Single-Console Security

The company touts its Endpoint Protection 11.0-which combines the gamut of enterprise security technology into one integrated agent managed from one console-as unmatched in the market.

Symantec is drawing all the disparate security technologies that protect enterprise endpoints—network access control, application control, anti-virus, anti-spyware, desktop firewall, host and network intrusion prevention, and device control—into one integrated agent managed from one console, resulting in a product it says is matched by none on the market today when it comes to functionality.

The company plans to unveil Symantec Endpoint Protection 11.0 at its Symantec Vision show in Las Vegas on June 13 and will simultaneously make it available in a public beta version at The product includes proactive technologies designed to automatically analyze application behaviors and network communications to detect and actively block attacks. Symantec will also unveil Symantec NAC (Network Access Control) 11.0, which had been code-named Project Hamlet.

Symantec considers Endpoint Protection to be a significant step in its new enterprise security vision, dubbed "Security 2.0" when it was announced in October 2006.

Security 2.0 is built around the notion that efforts to defend corporate assets should no longer be seen in terms of applying software or services to individual problems, but should instead be focused on creating a backbone of high-level processes that drive security into every part of a companys operations, in particular Web-based business applications.

The goal is to shrink the administrative costs of managing a hodgepodge of endpoint security products. Symantec has purchased, over the past few years, much of the technology thats going into the all-under-one-umbrella product: Symantec acquired Veritas for storage and backup in 2004, Sygatefor mobile and networked computer security in 2005, and WholeSecurity in 2005 for its behavior-based protection and anti-phishing technology.

Feeding into these integrated technologies will be intelligence streaming from Symantecs Global Intelligence Network, composed of eight Symantec Security Response Centers, four Symantec Security Operations Centers, 120 million systems and more than 40,000 sensors deployed in 180 countries.

Symantec claims that Endpoint Protection will reduce the memory footprint by more than 80 percent by blending signature-based anti-virus with the new proactive threat detection technology. New features include enhanced anti-virus and anti-spyware technology for better real-time malware detection, blocking and remediation. It incorporates new deep-scanning technology from Veritas to find and remove rootkits that often evade detection.

The products new proactive threat protection uses behavioral scanning to reduce the rate of false positives. It also packages Proactive Threat Scan, courtesy of the Whole Security acquisition. The technology is designed to detect and block malware without signatures to prevent outbreaks before they happen.

/zimages/1/28571.gifeWEEK Labs calls out McAfee and Symantec for a lack of innovation. Click here to read more.

The update also includes device control for restricting access to devices including USB memory keys and backup drives in accordance with designated security policies. New network threat protection features include Generic Exploit Blocking, utilizing vulnerability-based IPS technology thats embedded at the network level, so that malware—including all variants of a given threat—can be blocked with a single signature before it enters the system.

Endpoint Protection also benefits from a new rules-based firewall acquired with Sygate. The firewall dynamically adjusts port settings to block threats from spreading, and inspects both encrypted and cleartext network traffic.

Symantecs other product announcement, NAC 11.0, is an optional module tightly integrated with Symantec Endpoint Protection to help customers discover and evaluate the status of endpoints, provision the appropriate network access and provide remediation capabilities to ensure that security policies and standards are met.

George Myers, director of Endpoint Security at Symantec, based in Cupertino, Calif., said the appeal of NAC 11.0 lies in the fact that its SNAC- (Symantec NAC)-ready, fitting into the Endpoint Protection umbrella and thus streamlining the number of endpoint agents users have to deal with, saving time and money.

"When you look at the competitive landscape of single-agent suites, once you get to multiple agents on the endpoint, the cost goes up," he said. "Managing [multiple agents] is tough. You have separate management consoles, you have different agent update timing. … What were offering to commoditize is to pull [that all] into one agent. [It means] not only a cost reduction but letting people who couldnt enter the NAC market enter, the barrier to entry being cost and complexity."

Symantec is targeting companies from SMBs (small and midsize businesses) all the way up to the enterprise, Myers said.

At this point, the chance to manage all of a business security from one centralized console is a common vendor pitch. McAfee, for one, is pushing its ePolicy Orchestrator 4.0, announced on June 11, as such a solution.

/zimages/1/28571.gifMcAfee launches an attack on Hamlet. Click here to read more.

Myers was giving briefings during the week before the Vision conference. At eWEEKs office, he went through a slide show that compared Endpoint Protection with competitive products A, B and C, which he said were McAfees Total Protection for Small Business, Trend Micros Antivirus Security and Microsofts Forefront.

He dismissed McAfees product as being unsuitable for the enterprise because it lacks device control or NAC in one bundle. The other two products firewalls, he said, are reactive in nature, not being able to proactively stop malware based on behavior, and lacking in rules flexibility when it comes to locking down an environment to the extent a user might want to.

Both Symantec Endpoint Protection and Symantec NAC 11.0 are expected to be available worldwide in September.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.