Story image

Symantec announces new endpoint response tools

31 Jan 2019

Cybersecurity company Symantec has announced a new managed endpoint detection and response (MEDR) service and enhanced EDR 4.0 technology.

These advancements improve attack discovery and incident response using AI-driven analytics and automation to quickly discover and stop sophisticated cyber attacks.

Enterprise IT and Security Ops teams are increasingly challenged to investigate and respond to advanced and emerging threats with available resources and staff. 

Symantec’s MEDR service harnesses the power of EDR 4.0 to improve incident response, threat hunting and forensics, giving teams investigation expertise and threat intelligence from a team of Symantec SOC analysts.

Symantec MEDR detects attacks and examines suspicious activity for faster incident validation and response.

A combination of Symantec EDR 4.0, the SOC technology platform, and the Global Intelligence Network, allows Symantec analysts to provide 24x7 expertise.

Managed threat hunting, remote investigations, and endpoint containment enable security teams around the world to stay ahead of threats.

Features include:

  • Industry- and region-specific analysts provide 24x7 coverage across six global SOCs.
  • Managed threat hunting provides detection for zero-day and unknown threats.
  • Industry best practices including MITRE ATT&CK framework help to quickly identify critical indicators of attack.
  • Rapid containment of compromised endpoints using pre-authorised measures.
  • Custom and emerging threat reports, business reviews, and 24x7 coverage.

“Many customers can’t find enough cybersecurity experts to meet demand. Our MEDR service provides access to Symantec’s SOC analysts and machine learning techniques to reduce the burden on staff and shrink the time it takes to investigate incidents,” says Symantec enterprise products EVP and GM Art Gilliland.

“For organisations with robust security response teams, EDR 4.0 is now available on any device, anywhere, before or after an attack occurs to provide comprehensive detection and response.” 

Symantec’s EDR 4.0 continuously updates AI-driven detection engines using threat research from Symantec’s elite team of researchers and global telemetry from 175 million endpoints to train analytics to detect new attack patterns.

EDR 4.0 is now available on any device, anywhere, before or after an attack. 

New features include: 

  • Advanced attack detections to help thwart “living off the land” fileless attacks.
  • Automated playbooks to quickly initiate investigations.
  • MITRE ATT&CK framework enrichment to expose gaps in the attack lifecycle.
  • Advanced pre- and post-breach comprehensive EDR tools.
  • Flexible deployment options for Symantec Endpoint Protection (SEP) and non-SEP endpoints for macOS, Linux, and Windows.

“Many organisations are struggling with threat detection and incident response because of both the volume and sophistication of attacks and an expanding attack surface. They also face many challenges including the volume of alerts and a continued reliance on manual processes,” says Jon Oltsik ESG senior principal analyst. 

“With a critical shortage of skilled investigators available, security teams need smart tools and services that can help them deal with the scale and speed of the modern threat environment, making it easier to identify and fix impacted endpoints.

“To improve IR processes, cybersecurity professionals must eschew legacy approaches and embrace the right tools and services,” Oltsik says.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.