New Symantec Protection Engine 8.2 Enhancements
Symantec Enterprise Customers get Enhanced Security, Manageability and Protection
Symantec, a division of Broadcom (NASDAQ: AVGO), is rolling out new storage threat detection help for enterprise customers – and not a moment too soon.
That’s because the explosion of cloud services and related storage attracted the attention of threat actors looking to pounce on vulnerabilities as businesses move their data beyond their four walls. At the same time, key business information, tools, and utilities residing on storage devices also need malware protection, even if they are backed up or archived.
With the latest version of Symantec Protection Engine (SPE), for Network Attached Storage (NAS) and for Cloud Services, Symantec is unveiling significant enhancements to the arsenal of high-performance threat detection services that enterprise customers now are able to deploy.
We spoke recently with Brian Sheedy, Product Manager for Symantec Protection Engine, Operational Technology and Endpoint Management products. Brian shared more about SPE 8.2, both for Network Attached Storage and for Cloud Services, and about the launch announcement and what it means for enterprise security as well as for overworked – and sometimes frazzled – security administrators.
Symantec, a division of Broadcom (NASDAQ: AVGO), is rolling out new storage threat detection help for enterprise customers – and not a moment too soon.
Q: Let’s start by talking about the integration between the new release of SPE and the Symantec STARGate Security Service stack. What does this do for customers?
A: It’s going to make SPE even more efficient. STARGate is a threat detection platform based on machine learning, cloud knowledge, and deep content inspection. Also, STAR’s management capability components are self-updateable – so customers will have the latest Symantec offerings without the need for a SPE version update.
Q: There’s been a lot of attention devoted to STARGate. What’s the importance?
A: STARGate is a big thing. It comes out of the division responsible for the development of our security technologies, the Security Technology and Response (STAR) team. Think back a few years ago when traditional antivirus technologies were all that was needed to protect an endpoint from attack. There’s been a dramatic shift in the threat landscape since then to the point where enterprises can’t get by any longer with antivirus-based technologies alone. So STAR took on that challenge and developed a collaborative ecosystem of security technologies to protect Symantec’s users from malicious attacks. So, this is one of the fruits of that work. We wanted to make our storage protection products stronger and the integration of the latest Symantec security technologies into the SPE 8.2 release does just that.
Q: The active content filtering feature in SPE 8.2 offers customers a new way to filter out malicious code. How so?
A: We call it our DISARM feature and yes, it filters active content from documents and lets customers delete all content based on specific content types. As you may be aware, active content contains programs that can execute automatically without a user’s knowledge. That’s one method attackers deploy in order to execute their malicious code.
Once you enable the feature, DISARM detects and then removes any active content, such as scripts and attachments, from the file. It also shoots off an alert message to all logging destinations. So, when the client finally receives the file in question, that person can be sure it will be free of any unexpected or malicious content.
We wanted to make our storage protection products stronger and the integration of the latest Symantec security technologies into the SPE 8.2 release does just that.
Q: SPE also decouples the notion of monitoring from that of blocking through high-intensity detection (HID). How does that help administrators day-to-day?
A: Administrators get enhanced prevention capabilities in the form of greater visibility through higher level detections. To put it simply, the high-intensity detection feature ensures that you don’t disruptively block any new files without understanding their behavior, risk, and so on. It also enables you to retain maximum visibility on the new detected files.
Q: How does it work?
A: SPE performs detections at a certain level and blocking at a different level. The HID feature controls the aggressiveness or intensity of the threat detection technologies in the product. SPE identifies the detection level at which the threat is detected, and this information is logged before SPE takes the configured action on the file.
Q: Another cool change: SPE will now allow or deny files according to their Hash. What does the change mean in practice?
A: SPE has always provided the ability to allow or deny files based on their file name, true type, and file size to protect a network during an outbreak. In SPE 8.2, if you know the SHA256 Hash of a file you can filter the file by its hash and block the infected files. Likewise, if you know the SHA256 Hash of a file you wish to exclude from scanning operations you can simply add it to the allow list to provide access to the file. Having the ability to target these files using one of the most secure hashing functions on the market allows us to ensure a higher level of malware prevention via this feature and can help reduce unwanted blocking and deletions based on more generalized methods.
One of the key themes in SPE 8.2 was to allow greater parity with our native and cloud consoles – in fact, this was the most requested feature from our customers.
Q: The 8.2 release expands platform support in a single version. What’s behind the change?
A: Our previous releases supported Windows and Linux platforms in a single version but 8.1 was only available for Linux where it contained dissimilar Symantec security components and features. We hadn’t combined all platforms in this version to allow the customer to choose their preferred operation system without sacrificing features. So, 8.2 will support Windows 2019 Server as well as Linux 8.x and CentOS 8.x. All that translates into platform choice for the customer, while ensuring that the platform used is the latest available while ensuring a higher level of efficacy for current threats.
Q: The updates also include several centralized cloud console enhancements. Talk about how this impacts visibility and management?
A: One of the key themes in SPE 8.2 was to allow greater parity with our native and cloud consoles – in fact, this was the most requested feature from our customers.
Just off the top, we’ve added new policy attributes to the cloud console user interface in the areas of anti-malware settings, archive handling settings, log and tag settings, deny settings and allow settings. Also, we’ve made it simpler to manage assets through a single view with enhancements such as the management of scanner groups and a centralized view of events. There are other details you can find in our spec sheets, but the point is that we’re going to continue to make further improvements as we continue our journey to achieve centralized management in a single console for SPE products for our customers.
We encourage you to share your thoughts on your favorite social platform.