Home  >  Enterprise  >  Participants  >  Symantec  >  APT29 Configuration

Symantec Configuration


Symantec Endpoint Security Complete delivers the most comprehensive and integrated endpoint security platform on the planet. As an on-premises, hybrid, or cloud-based solution, the single-agent Symantec platform protects all your traditional and mobile endpoints, providing interlocking defenses at the device, application, and network level, and uses artificial intelligence (AI) to optimize security decisions. A unified cloud-based management system simplifies protecting, detecting and responding to all the advanced threats targeting your endpoints. Only Symantec Endpoint Security Complete does all of the following:

  • Deploys a single agent for protection, Endpoint Detection and Response (EDR), and Application Control & Isolation
  • Allows an administrator to deploy and manage all endpoints through a single console with real-time threat visibility across traditional and mobile devices
  • Allows for flexible deployment with support for on-premises, cloud-managed and hybrid models
  • Integrates full EDR, Breach Prevention, App Isolation, and App Control capabilities with Endpoint Protection
  • Utilizes simplified workflows with context-aware recommendations to improve admin productivity while speeding up response to compromises
  • Delivers autonomous security management that learns from admins, organization or community to continuously assess and strengthen security posture
  • Leverages AI-guided security management for establishing strong security policies with fewer misconfigurations to help improve overall security hygiene and posture
  • Leverages real-time threat information, threat analytics, content classification, and comprehensive threat blocking data from the Symantec Global Intelligence Network
  • Allows for extending the platform to integrate with third party applications like Microsoft Graph, Open C2, and other Symantec solutions through Symantec ICDx

Product Configuration

The hybrid deployment of Symantec Endpoint Security Complete, in addition to the Managed EDR Service, were used in the evaluation. All protection engines were configured to “log-only” in their respective policies. Targeted Attack Analytics, automatic sandbox submission and process launch visibility were enabled.