Symantec is ramping up its endpoint defense offerings with myriad updates to its endpoint security portfolio and a new Managed Endpoint Detection and Response (MEDR) service that leverages its new EDR 4.0 to improve on incident response, threat hunting, and forensics.
MEDR is made up of Symantec EDR 4.0, the SOC technology platform, and the Global Intelligence Network. Its capabilities, which include industry- and region-specific analysts across six global SOCs and managed threat hunting, are intended to help decrease the burden on security teams as endpoint threats grow in size, number, and complexity. EDR 4.0 pulls threat research from Symantec's telemetry to detect new attack patterns and zero-day threats.
"With a critical shortage of skilled investigators available, security teams need smart tools and services that can help them deal with the scale and speed of the modern threat environment, making it easier to identify and fix impacted endpoints," said ESG senior principal analyst Jon Oltsik, in a statement on today's releases.
Both Symantec MEDR and EDR 4.0 are now available on any device before or after an attack, for detection and response. Also available today are multiple endpoint security updates to its Integrated Cyber Defense Platform, which address application, cloud, and Active Directory.
Security portfolio updates include endpoint application control, which only allows known and good applications to run; endpoint application isolation, which ensures applications are limited to authorized behavior; endpoint cloud connect defense, which uses a policy-based smart VPN to defend against risky networks; and endpoint threat defense for Active Directory, which helps ensure attackers on domain-connected endpoints can't exploit AD to view critical assets.