Symantec Endpoint Security on MacOS

The Mac is far from new to enterprises, but it has gained traction amid the rush to support employees working from anywhere. Managing Macs beyond firewalls, VPNs or other access control devices placed security teams in a bind when they were unprotected, unmanaged and unmonitored. Now Macs—even those of BYOD origin—can enjoy the same robust protections available across other enterprise endpoints even in hybrid work environments. 

That’s why Symantec is introducing new macOS agents—enhancing protection across these operating systems—with Symantec Endpoint Security Enterprise (SESE) and Symantec Endpoint Security Complete (SESC), 14.3 RU1. Providing support for Apple Big Sur (on Intel-based Macs), Symantec Endpoint Detection and Response (EDR) enables security incident handlers to improve visibility on the latest Apple macOS.   

The new version can be installed and managed from either the on-premises Symantec Endpoint Protection Manager or the Integrated Cyber Defense Manager (ICDm) cloud console. This agent release includes key innovations such as: 

• Behavioral analysis, which analyzes good and bad behaviors to prevent new and unknown threats on the macOS. 
• Consolidated Symantec Endpoint agent for macOS into a single version, with an updated user interface for both on-premises and cloud. 

Relying on the best protection platform

The Symantec agent--used by SEP, SES Enterprise, and SES Complete--enhances Apple macOS security and provides enhancements such as device control, network firewall and intrusion prevention to block threats from compromising the endpoint. 

The Symantec agent, powered by our heuristic and award-winning engine, prevents the latest ransomware and malicious documents from wreaking havoc in your enterprise. If you’re familiar with the on-premises version of SEP, and use Integrated Cyber Defense manager (ICDm), there’s no need to reinstall the agents.

Endpoint Detection and Response (EDR)

Since the introduction of cloud-based EDR for SES Complete in May, Symantec Agent for macOS both records events and forwards them to ICDm. These steps enable incident handlers to investigate incidents and events from Windows and macOS clients—acting on SES Complete recommended actions as needed. 

Now, with the release of the Mac agent, there is greater visibility into security incidents in the ICDm console. Incident handlers can dig deeper into an individual endpoint, looking for indicators of compromise such as what process was launched, files that were created, and other possibly unauthorized events. These are key steps toward surfacing and remediating problems, particularly when devices are off-premises and outside of firewalls and VPNs.

Big Sur and System Extensions

Kernel extensions (kexts) have been an integral part of security software accessing kernel functions, but poorly written kexts frequently cause kernel crashes. Apple recommended abandoning the use of kexts and we rewrote the main bulk of our technology for this reason. RU1 is the first release to use both system and network extensions and, as a result, we’re seeing improved CPU utilization and stability.    

What Else is Coming?

We delivered consolidation beyond just a single-agent for macOS which allows you to switch either to on-premises or cloud management. Many enterprise customers suffer from agent fatigue and Symantec helps reduce the number of required agents by consolidating Web Security Services, Application control and Threat Defense for Active Directory with SES Complete and other Symantec products into a single agent.

Enhancing protection is our main objective. With the introduction of Symantec Endpoint Framework in our previous release, we can easily plug in significant updates when they’re available. One example is the behavior-based technology in SEP 14.3 RU1. In a future product update, we will provide Mac support for URL-based reputation technology—available in this release for Windows. 

The recently introduced Apple M1 is the first ARM-based processor for the next generation of MacOS devices. As our customers evaluate these new devices, we will release a universal binary version of our Symantec agent for macOS to simplify deployment and management of both Intel and ARM-powered Macs. 

The single-agent, Symantec platform simplifies the protection of all enterprise endpoints, and uses AI to optimize security decisions. Together with a single console that provides real-time threat visibility, your Mac client will enjoy robust protection and reduce the stress on security teams charged with safely integrating them into hybrid, work-from-anywhere environments.