Symantec Endpoint Protection is designed to stop threats with multilayered protection, regardless of the chosen attack vector. It integrates with existing infrastructure through a single, lightweight agent that offers high performance without compromising productivity. While Symantec has a cloud-managed solution, we spent time looking at their on-premises version.
The solution provides a variety of security protection measures that leverage advanced machine learning, including memory exploit mitigation, reputation analysis, deception, intrusion prevention, application and device controls, and more. It also incorporates full endpoint capture IOC hunting threat attribution, and file detonation of files by leveraging sandbox technology.
Four pillars of security breakdown this product into: deepest protection to defend against all attack vectors and methods, broadest coverage to protect all endpoints, modern management to extend security with modern management and an integrated architecture to achieve superior operational efficiencies.
Application isolation prevents the exploitation of vulnerabilities, including zero-day attacks. The advanced application control bolsters this protection by minimizing the attack surface and using application whitelisting. Advanced application control functionalities include smart auto-generation of application execution rules, comprehensive application discovery and risk assessment and the continuous tracking of application drift.
The product design is structured around delivering visibility and control to give analysts the tools they need to protect enterprises from sophisticated threats. A task-oriented approach increases the productivity of administrators by providing designated workflows to simplify every job. Organizations can set a large number of policies and further customize them for a truly flexible product and tailored granularity.
Installation and setup would greatly benefit from more explicit documentation. Please note, we were not provided with a Linux installer, so that has been excluded from this review.
The on-premises dashboard differs from the cloud-based option, also not included in this review, and functions sufficiently but could benefit from an aesthetic redesign for a more intuitive experience. The interface felt a little clunky, and we believe some minor changes could be made for a better user experience.
After putting it through our testing, all the expected detections populated. We were pleased to see this product efficiently block malicious processes, but would have liked to see more information about events following detection.
Tested by Tom Weil