For example, you could set it up to prevent communication with the TOR network. The intrusion prevention can be customized to prevent specific IPs from interacting with the protected enterprise. The behavior analysis engine is called SONAR and it watches for suspicious activity. The emulator is a sandbox for detecting malware with encryption. First, the firewall really looks both ways so it not only provides intrusion prevention, it also acts as a DLP device. A couple of these merit special discussion. These engines are network firewall and intrusion prevention, application and device control, memory exploit mitigation, reputation, file attributes (advanced machine learning), emulation, real-time file scanning and behavior analysis. SEP can export in Syslog format for input to SIEMs or other tools that consume Syslogs.
It provides cross-platform support (Windows, Mac and Linux).
The product actually is a tightly integrated suite of powerful engines, each with its own particular task. SEP Cloud also is offered as an option for a pure cloud-based deployment. SEP is centrally managed by an on-premises server. Symantec Endpoint Protection (SEP) is an endpoint security platform that can use an agent on physical devices or can run in a hybrid agentless/agent-based mode for VDI environments.
0 kommentar(er)
