IDS and IPS Buyers Guide: Symantec Endpoint Protection shields devices using reputation technology to identify threats

Symantec Data Center Security uses a combination of host-based intrusion detection (HIDS), intrusion prevention (HIPS) and least privilege access control.
By Ephraim Schwartz
07:03 AM
Share
IDS and IPS Buyers Guide Symantec

Protecting the network is only one task of a modern IDS and IPS solution. But what if an attack gets passed the perimeter and lands at the device sitting on an end-user’s desk?

Symantec, a household name to end users, offers its own unique version of IDS and IPS security to enterprise-level organizations that have a special focus on the end user.

Symantec Endpoint Protection shields—you guessed it—end points while Symantec Data Center Security offers built-in IPS. Data Center Security uses a combination of host-based intrusion detection (HIDS), intrusion prevention (HIPS) and least privilege access control.

Using HIPS system administrators can restrict application and OS behavior, allowing only the behavior that’s known to be safe across data centers and endpoints. It accomplishes this feat by tracking over 1400 actions a program can take. It then correlates the behavior and if it figures out that the behavior is suspicious the file is blocked.

Symantec uses reputation-based technology which tracks a file’s reputation so it can identify suspicious files. The system, says Don Baker, senior Product Marketing Manager, leverages the data from a worldwide civilian threat intelligence network.

This network consists of telemetry data coming from 175 million endpoints and 57 million attack sensors in 175 countries. Derived from this intelligence network, the reputation technology identifies file reputation by analyzing key file attributes such as how often a file has been downloaded, how long a file has been there and where it is being downloaded from.

Pricing Model: Endpoint Protect and Data Center Security solutions are offered as perpetual licenses.

Read our reviews of leading security specialists latest tools: 

⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new

Fortinet provides multi-threat protection through a single device integrated network

IBM Security offers a threat protection solution using both hardware and software integration

Juniper Networks uses static and dynamic inspection to manipulate files to detect malware

Damballa Failsafe looks for patterns of suspicious activity with machine learning

Helpful advice on planning your purchase of IDS and IPS tools: