Search

IN-DEPTH TEST AND ANALYSIS OF SYMANTEC’S ENDPOINT PROTECTION (SEP) CAPABILITIES

Daniel Ajiginni

Abstract

2020 has been an eye opener for organizations and small businesses alike, as cyber threat actors saw the pandemic and the resulting “work from home” adopted approach as an opportunity not to be passed up on. The cyber security community witnessed a lot of bold moves from threat actors in an alarming rate, from ransomware gangs calling victims directly, large scale phishing campaigns to the dumping of breached victim sensitive data on multiple public domains. This has led to the scramble for a more secured and effective way of ensuring staffs and clients working from home are constantly protected.


1 Introduction


There has been an exponential growth in the use of information technology resources for eased access, productivity and safety as it is in the case of 2020’s pandemic reality. With the ever-growing challenge of maintaining basic security principles of confidentiality, integrity, and availability (CIA). This has been continuously put to test in other to prevent threat actors from infiltrating, tampering and exfiltrating sensitive data within organizations.

Symantec Endpoint protection (SEP) 14


As the complexity of cyberattacks continue to increase it has become very difficult to ensure the security of all endpoints within organizations. Symantec Endpoint protection is a software solution developed to meet this highly sort after need ,with protection that covers servers, desktops, laptops, and Virtual environments from a wide range of threats.


Attack scenarios covered

ü Zero-day attacks .

ü Web malicious URLs and downloads.

ü Virus, Spyware, Ransomware, Adware, Rootkit and Worms

ü Malicious port scanning (reconnaissance) and Exploit attacks .

ü Insider and external attacks .

ü Application vulnerability exploits .

ü Network Intrusion.



2 Test


A secured virtualization environment was created with the use of VirtualBox, that consisted of two vm’s made up of a Windows 10 pro machine (Client) and a Windows server 2012 machine (manager) . We had the SEP manager installed on our windows server and created a SEP client agent installation package which was installed on the windows 10 pro machine .




Noteworthy Features:

· Prevention and detection.

· Response .

· Investigates and contains .

· Resolves

· Deception

· Adaptation

· Global threat intelligence


Fig 2: Virtual lab setup

After finalizing all setups between both machines we proceed to download a large number of malwares of different variants for this I use “VirusSign”.


Fig 3: VirusSign