Symantec Endpoint Protection

Last updated

Symantec Endpoint Protection
Developer(s) Broadcom Inc.
Stable release
14.3 RU7 (Build 9681) / 24 March 2023;8 months ago (2023-03-24) [1]
Operating system Windows, macOS and Linux
Platform IA-32 and x86-64
Type Anti-malware, intrusion prevention and firewall
License Trialware
Website www.broadcom.com/products/cyber-security/endpoint

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers. [2] It has the largest market-share of any product for endpoint security. [3]

Contents

Version history

The first release of Symantec Endpoint Protection was published in September 2007 and was called version 11.0. [4] Endpoint Protection is the result of a merger of several security software products, including Symantec Antivirus Corporate Edition 10.0, Client Security, Network Access Control, and Sygate Enterprise Edition. [4] Endpoint Protection also included new features. [4] For example, it can block data transfers to unauthorized device types, such as USB flash drives or Bluetooth devices. [4]

At the time, Symantec Antivirus Corporate Edition was widely criticized as having become bloated and unwieldy. [2] Endpoint Protection 11.0 was intended to address these criticisms. [2] The disk footprint of Symantec Corporate Edition 10.0 was almost 100 MB, whereas Endpoint Protection's was projected to be 21 MB. [2]

In 2009, Symantec introduced a managed service, whereby Symantec staff deploy and manage Symantec Endpoint Protection installations remotely. [5] A Small Business Edition with a faster installation process was released in 2010. [6] In February 2011, Symantec announced version 12.0 of Endpoint Protection. [7] Version 12 incorporated a cloud-based database of malicious files called Symantec Insight. [7] Insight was intended to combat malware that generates mutations of its files to avoid detection by signature-based anti-malware software. [7] In late 2012, Symantec released version 12.1.2, which supports VMware vShield. [8]

A cloud version of Endpoint Protection was released in September 2016. [9] This was followed by version 14 that November. [10] Version 14 incorporates machine learning technology to find patterns in digital data that may be indicative of the presence of a cyber-security threat. [10] It also incorporates memory exploit mitigation and performance improvements. [3]

Features

Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. [11] According to SC Magazine, Endpoint Protection also has some features typical of data loss prevention software. [12] It is typically installed on a server running Windows, Linux, or macOS. [13] As of 2018, Version 14 is the only currently-supported release. [14]

Endpoint Protection scans computers for security threats. [11] It is used to prevent unapproved programs from running, [11] and to apply firewall policies that block or allow network traffic. [15] It attempts to identify and block malicious traffic in a corporate network or coming from a web browser. [16] It uses aggregate information from users to identify malicious software. [12] As of 2016, Symantec claims to use data from 175 million devices that have installed Endpoint Security in 175 countries. [12]

Endpoint Protection has an administrative console that allows the IT department to modify security policies for each department, [11] such as which programs or files to exclude from antivirus scans. [12] It does not manage mobile devices directly, but treats them as peripherals when connected to a computer and protects the computer from any malicious software on the mobile devices. [12]

Vulnerabilities

In early 2012, source code for Symantec Endpoint Protection was stolen and published online. [17] A hacker group called "The Lords of Dharmaraja" claimed credit, alleging the source code was stolen from Indian military intelligence. [18] The Indian government requires vendors to submit the source code of any computer program being sold to the government, to ensure that they are not being used for espionage. [17] In July 2012, an update to Endpoint Protection caused compatibility issues, triggering a Blue Screen of Death on Windows XP machines running certain third-party file system drivers. [19] In 2014, Offensive Security discovered an exploit in Symantec Endpoint Protection during a penetration test of a financial services organization. [20] The exploit in the Application and Device control driver allowed a logged-in user to get system access. [20] It was patched that August. [20] In 2019, Ofir Moskovitch, a Security Researcher discovered a Race Condition bug which involves 2 Critical Symantec Endpoint Protection Client Core Components: Client Management & Proactive Threat Protection and directly results in Protection Mechanism Failure that can lead to a Self-Defense Bypass, aka "SEMZTPTN" - Symantec Endpoint Minimized Timed Protection. [21]

Reception

According to Gartner, Symantec Endpoint Protection 14 is one of the more comprehensive endpoint security products available and regularly scores well in independent tests. [3] However, a common criticism is that customers are "fatigued" by "near constant changes" in the product and company direction. [3] SC Magazine said Endpoint Protection 14 was the "most comprehensive tool of its type . . . with superb installation and documentation." [12] The review said EndPoint Protection had a "no-brainer setup and administration," but it does have a "wart" that support fees are "a bit steep." [12]

Forrester said version 12.1 was the most complete endpoint security software product on the market, but the different IT security functions of the software were not well-integrated. [22] The report speculated the lack of integration would be addressed in version 14. [22] Network World ranked Symantec Endpoint Protection sixth in endpoint security products, based on data from NSS Labs testing. [23]

Related Research Articles

<span class="mw-page-title-main">McAfee</span> American global computer security software company

McAfee Corp., formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company headquartered in San Jose, California.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">Gen Digital</span> Multinational software company

Gen Digital Inc. is a multinational software company co-headquartered in Tempe, Arizona and Prague, Czech Republic. The company provides cybersecurity software and services. Gen is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bangalore. Its portfolio includes Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is a Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a Slovak software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide, and its software is localized into more than 30 languages.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Check Point Integrity is an endpoint security software product developed by Check Point Software Technologies. It is designed to protect personal computers and the networks they connect to from computer worms, Trojan horses, spyware, and intrusion attempts by hackers. The software aims to stop new PC threats and attacks before signature updates have been installed on the PC. The software includes.

Webroot Inc. is an American privately-held cybersecurity software company that provides Internet security for consumers and businesses. The company was founded in Boulder, Colorado, US, and is now headquartered in Broomfield, Colorado, and has US operations in San Mateo and San Diego, and globally in Australia, Austria, Ireland, Japan and the United Kingdom.

<span class="mw-page-title-main">Sourcefire</span> American computer security company

Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.

<span class="mw-page-title-main">Microsoft Security Essentials</span> Discontinued antivirus product for Microsoft Windows

Microsoft Security Essentials (MSE) is an antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge. It replaces Windows Live OneCare, a discontinued commercial subscription-based AV service, and the free Windows Defender, which only protected users from spyware until Windows 8.

<span class="mw-page-title-main">Comodo Internet Security</span>

Comodo Internet Security (CIS) is developed and distributed by Comodo Group, a freemium Internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and website filtering.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

<span class="mw-page-title-main">Trend Micro Internet Security</span>

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats.

A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection, third-party identity management integration ., and SSL decryption

<span class="mw-page-title-main">Norton Security</span> Computer security suite by NortonLifeLock

Norton Security is a cross-platform security suite that provides subscription-based real-time malware prevention and removal in addition to identity theft protection and performance tuning tools. Other features include a personal firewall, email spam filtering, and phishing protection. It was released on September 23, 2014. In April 2019 it has been replaced by the Norton 360 brand.

Norton, formerly known as Norton by Symantec, is a brand of Gen Digital based in Tempe, Arizona. Since being acquired by the Symantec Corporation in 1990, Norton offers a variety of products and services related to digital security, identity protection, and online privacy. In 2014, Norton's parent company Symantec separated their business into two units. One was focused on security and the other was focused on information management; Norton was placed in the unit focused on security. The company originally provided utility software for DOS.

Forcepoint is an American multinational corporation software company headquartered in Austin, Texas, that develops computer security software and data protection, cloud access security broker, firewall and cross-domain solutions.

References

  1. "What's new for all releases of Symantec Endpoint Protection 14.x". Release versions, notes, new fixes, and system requirements for Endpoint Security and all versions of Endpoint Protection. [Symantec]. 17 November 2020.
  2. 1 2 3 4 Walsh, Lawrence (November 2007). "Troubled Waters". CSO Magazine. Vol. 6, no. 10. CXO Media.
  3. 1 2 3 4 Ouellet, Eric; McShane, Ian; Litan, Avivah (30 January 2017). "Magic Quadrant for Endpoint Protection Platforms". gartner.com. Gartner.
  4. 1 2 3 4 Messmer, Ellen (24 September 2007). "Symantec revamps endpoint security product". Network World. Retrieved 16 April 2017.
  5. Messmer, Ellen (23 June 2009). "Symantec unveils endpoint protection services". Network World . IDG.
  6. Moltzen, Edward (1 January 2010). "Security In 20 Minutes, Really". CRN . The Channel Company.
  7. 1 2 3 Messmer, Ellen (15 February 2011). "Symantec looks to protect users from mutating malware". Network World . IDG.
  8. Messmer, Ellen (3 December 2012). "Symantec releases first anti-malware software to work with VMware vShield security system". Network World . IDG.
  9. Kuranda, Sarah (13 September 2016). "Symantec Rolls Out New Cloud-Based Endpoint Protection Solution For SMBs". CRN . The Channel Company.
  10. 1 2 Osborne, Charlie (1 October 2016). "Symantec launches endpoint protection solution based on artificial intelligence". ZDNet . CBS Interactive.
  11. 1 2 3 4 "Symantec Endpoint Protection and the details for buyers to know". SearchSecurity. 8 February 2018. Retrieved 8 February 2018.
  12. 1 2 3 4 5 6 7 Stephenson, Peter (22 August 2016). "Symantec Endpoint Protection 14". SC Magazine. Haymarket Media Group . Retrieved 20 April 2017.
  13. Stephenson, Peter (1 August 2012). "Symantec Endpoint Protection 12 v12.1". SC Magazine. Haymarket Media Group . Retrieved 16 April 2017.
  14. "Released versions of Symantec Endpoint Protection". Enterprise Technical Support. Symantec. 16 March 2017. Retrieved 18 April 2017.
  15. "About the Symantec Endpoint Protection firewall". Enterprise Technical Support. Symantec. 28 October 2016.
  16. "How intrusion prevention works". Enterprise Technical Support. Symantec. 28 October 2016.
  17. 1 2 Vijayan, Jaikumar (6 January 2012). "Symantec confirms source code leak in two enterprise security products". Computerworld. Retrieved 18 April 2017.
  18. Akhtar, Iyaz (6 January 2012). "That stolen Symantec source code? It's for older enterprise products". CNET . CBS Interactive . Retrieved 18 April 2017.
  19. Raywood, Dan (16 July 2012). "Symantec fixes 'blue screen of death' bug". SC Magazine UK. Haymarket Media Group . Retrieved 16 April 2017.
  20. 1 2 3 Kirk, Jeremy (5 August 2014). "Symantec patches privilege escalation flaws in Endpoint Protection". Network World . IDG.
  21. "Symantec Endpoint Protection Vulnerability". YouTube.
  22. 1 2 Sherman, Chris; McClean, Christopher; Schiano, Salvatore; Dostie, Peggy (19 October 2016). "The Forrester Wave: Endpoint Security Suites, Q4 2016".
  23. "NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating". Network World . IDG. 15 February 2017. Retrieved 18 April 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.