Can Symantec's new endpoint security products deceive hackers?

Published: October 31st, 2017

Symantec Corp. has introduced a fully-featured endpoint solution that adds new deception technology.

This new development is part of Symantec’s line of tools such as mobile threat defense, endpoint detection and response (EDR), hardening and intensive protection brought on by advanced machine learning.

The new deception technology will be built on the company’s Symantec Endpoint Protection platform as maybe the first solution to deliver these capabilities in a single agent for the cloud.

The strategy behind the new deception technology from Symantec’s standpoint is that as business evolves with the adoption of cloud and mobile technology, enterprises are working harder to protect employees across a diverse set of devices, while at the same time securing against new cyber threats. It is Symantec’s belief that the defense against attacks such as WannaCry and Petya has reaffirmed the need for a platform-centric approach that brings innovative security solutions across all devices, networks and applications to combat escalating threats.

The deception part, Symantec said, will be at scale. This means Symantec wants to turn the tables on attackers by bringing deception capabilities to endpoint protection. Deception technology deceives attackers into believing they have successfully breached an organization, when in reality, attackers are shunted to a false environment, served up fake assets and information – essentially leading them on a “wild goose chase” – while the security team works to neutralize the attack. The deception approach was first delivered as part of Symantec Endpoint Protection Version 14.1 by Symantec and the plan from then was to build-in deception techniques to the endpoint protection market.

Symantec claims deception can now be deployed at massive scale across Symantec’s 175 million endpoints globally.

However, the challenges, Symantec said, have become more difficult alongside a shortage in skilled cyber security personnel and the emergence of complex point-solutions aimed at solving singular security issues.

Symantec plans to continue to deliver endpoint capabilities in a single agent, allowing Chief Information Security Officers or IT professionals with tasked with security to monitor, manage and contain threats while reducing operational complexity.

Sean Pike, program vice president for IDC’s Security Products group, said streamlining security protection has become increasingly critical for organizations. Sprawling point solutions create complexity, raise costs and are difficult to manage, while at the same time leave gaps that can be exploited. Delivered through a single agent, allowing CISOs and IT to monitor, manage and act from one central location can close those gaps.

From a channel perspective, Symantec, through its integration framework, will have additional partner solutions that can be integrated with Symantec Endpoint Protection and managed within Symantec’s single agent.

Mike Fey, Symantec president and COO, said the new endpoint solution is exactly what customers have been asking for – best of breed capabilities, integrated into a single agent, to help them streamline, lower costs and effectively combat advanced threats, malware and ransomware.

“More importantly, these technologies are not simply integrated — they lead going toe-to-toe against their standalone counterparts in the industry. We call it Endpoint Security for the Cloud Generation and we are very proud to offer this level of advancement to our customers, completing another important milestone in our endpoint security strategy,” Fey said in a prepared statement.