How Symantec Adaptive Protection Marks a New Chapter in Security Defense

Enterprises across the globe are invested heavily in endpoint security to protect their endpoints. Despite the time and money spent, more breaches are happening today than ever before. Attackers have found blind spots and are exploiting them hourly. To address this challenge, security teams need to do more than plug a few holes. They need to consider an innovative approach to level up endpoint protection and maximize security overall.  We call this Adaptive Protection.

So, how can we all think about protection differently?

Symantec, a division of Broadcom, believes the answer lies in where we place our attention. Every customer environment is unique, yet today, most security technologies are delivered “dumbed down” to prevent and avoid false positives.  In addition, to get maximum protection, many vendors provide complex settings and configuration options. Tweaking them falls to the customer and if done incorrectly, the negative outcome is often disastrous. Alternatively, relying only on detection leads to diminishing returns -- and plenty of potential breaches.

Symantec focuses on protection that is preventative, flexible – and automatic. The key ingredient is machine learning built on Symantec’s decades of experience with large organizations working to automate the configuration of protection settings and deliver the highest level of custom protection with zero impact to productivity. Stronger protection also makes detection more efficient, allowing the SOC to only focus on a limited set of threats and not have to deal with alerts and issues that protection could have stopped.

Adaptive Protection automatically/continuously reduces the endpoint attack surface. Attackers can no longer create a single attack that works everywhere.  Adaptive Protection is custom to each enterprise, and adapts as your organization changes.  You have unique protection.  It forces advanced attackers to either adapt - at a huge cost to them, or to just give up on your organization.   Why spend the time when the bad guys can more easily hack another organization that has a “one-size-fits-all” endpoint security solution? Cyber criminals much prefer to write once – and infect every time – leveraging their nefarious economies of scale.

As we have reported on before, Symantec continues to see “Living-off-the-land” (LOTL) tactics—where attackers take advantage of native tools and services already present on targeted systems, allowing attackers to use these and other services to hide in plain sight.  Such things as PowerShell and Windows Management Instrumentation (WMI) have been used by both targeted attack groups and common cyber criminal gangs for some time now.  This is where Symantec Adaptive Protection excels and marks a new chapter in security.

Endpoint security vendors have a choice. They can ignore behavior that might be legitimate, thereby allowing malicious actors to live in the environment.  Or they can block the legitimate use of tools resulting in false positives.  Now there is a better way. Adaptive Protection watches these dual use tools, learns their usage, hardens endpoints and blocks suspect behavior – all automatically and on the fly. That also means fewer false positive alerts for SOCs to chase down and no impact to employee productivity.

I know Adaptive Protection works, but don’t take my word for it. Symantec scored 100 percent in protection and 91 percent in detection on the most recent 2020 Mitre Enginuity ATT&CK Evaluations. The assessment subjected the security offerings of 29 vendors to 174 detection tests and 10 prevention tests. None of Symantec’s other direct endpoint security competitors could match the Symantec Endpoint Security (SES) Complete platform’s high scores in both areas.

The best news is that Adaptive Protection is now included in SES Complete and we’re happy to show you how it works. No new modules and no agent updates are required. You can go here for more in-depth information.

Adaptive Protection is provided automatically to help you protect your organization’s digital assets. This is just the beginning of a new, robust capability. Stay tuned!