Home  >  Enterprise  >  Participants  >  Symantec  > Carbanak+FIN7 Configuration

Symantec Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE Engenuity comments are included in italics.

Product Versions

  • Symantec Endpoint Detection and Response 4.5.0
  • Symantec Endpoint Protection 14.3.2304.1000
  • Symantec Threat Defense for Active Directory 3.6

Product Description

Symantec Endpoint Security Complete delivers the most comprehensive and integrated endpoint security platform on the planet. As an on-premises, hybrid, or cloud-based solution, the single-agent Symantec platform protects all your traditional and mobile endpoints, providing interlocking defenses at the device, application, and network level, and uses artificial intelligence (AI) to optimize security decisions. A unified cloud-based management system simplifies protecting, detecting and responding to all the advanced threats targeting your endpoints. OnlySymantec Endpoint Security Complete does all of the following:

  • Deploys a single agent for protection, Endpoint Detection and Response (EDR), and Application Control & Isolation
  • Allows an administrator to deploy and manage all endpoints through a single console with real-time threat visibility across traditional and mobile devices
  • Allows for flexible deployment with support for on-premises, cloud-managed and hybrid models
  • Functions on all operating systems, including Windows, Mac, and with the support of Symantec Cloud Workload Protection (CWP), Linux
  • Integrates full EDR, Breach Prevention, App/Behavioral Isolation, Threat hunting, Threat Intelligence API, and App Control capabilities with Endpoint Protection
  • Utilizes simplified workflows with context-aware recommendations to improve admin productivity while speeding up response to compromises
  • Delivers autonomous security management that learns from admins, organization or community to continuously assess and strengthen security posture
  • Leverages AI-guided security management for establishing strong security policies with fewer misconfigurations to help improve overall security hygiene and posture
  • Leverages real-time threat information, threat analytics, content classification, and comprehensive threat blocking data from the Symantec Global Intelligence Network
  • Allows for extending the platform to integrate with third party applications like Microsoft Graph, Open C2, and other Symantec solutions through Symantec ICDx

Product Configuration

Symantec Endpoint Security Complete (SESC) and Cloud Workload Protection (CWP)were used in the evaluation. In the Detection test, all protection engines were configured to “log-only” in their respective policies. Additionally, Targeted Attack Analytics, automatic sandbox submission and process launch visibility were enabledin SESC while the Advanced Visibility policy was enabled in CWP. In the Prevention test, Behavioral Isolation was enabled in SESC while the default prevention policy was enabled in CWP.