























We expect most security conversations for the next several months, at least, to be around the Sunburst/SolarWinds attack. Former homeland security advisor, Thomas Bossert, has said “The magnitude of this ongoing attack is hard to overstate.” Using a supply chain attack, 18,000 customers of SolarWinds had their network breached. This included 100 Symantec customers. At this time only a small number of the 18,000 have had an active attacker in their networks, but all are compromised.
Symantec has notified our affected customers and published detailed information on the attack and its techniques. Protection has been put in place. But it’s natural to ask, what can Symantec’s product do to protect me from this and similar attacks? It’s a conversation we would love to have.
Symantec Endpoint Security Complete (SESC) was specifically created to help protect against this type of attack. While many vendors offer EDR to help find intrusions, as does Symantec, there are gaps. We call these gaps blind spots and there are technologies in SESC to eliminate them.
Symantec Endpoint Security Complete addresses these blind spots by identifying and stopping reconnaissance early in the attack chain, preemptively reducing the attack surface to prevent living off the land (LotL) attacks and enhancing EDR by providing essential expertise from Symantec Threat Hunters to understand the subtle signals that attackers emit even when attempting to be stealthy. Three major ways SESC addresses these blind spots are:
Downloading a malicious trojan due to a sophisticated supply chain attack, as in the case of Sunburst, is nearly impossible to prevent. But the tools associated with the Sunburst attacks are detected and blocked on machines running Symantec Endpoint products. And SESC protected against these threats as mentioned above. There were many other ways we protect against Sunburst - more to come on that.
There is one more important detail. Like other sophisticated attacks, Sunburst will look for certain endpoint security agents and tools running on a machine and will attempt to disable them. For example, Sunburst attempts to deactivate the CrowdStrike Falcon sensor. Once disabled, any further malicious activity will not be detected or prevented. This is bad guys 101. Other security vendors appear to have been slow to catch on to this. Many are new to the game and still learning. The whole family of Symantec Endpoint Security products uses proprietary technology that prevents and alerts on such tampering. This was not an issue for our customers.
Symantec Endpoint Security Complete offers a comprehensive, layered approach to secure your endpoints, eliminating the blindspots left by the traditional approach of only using EPP and EDR. We look forward to sharing more of the details with you.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。