DATA SHEET

Symantec Endpoint Protection 15

The most complete and integrated endpoint security solution—
cloud-delivered with AI-guided policy management

At a Glance
Enhanced security efficacy • Use AI-guided security management to drive more accurate
policy updates, fewer misconfigurations, and greater
• Unmatched efficacy via interlocking prevention technologies
administrative productivity to improve overall security hygiene
using artificial intelligence (AI) techniques (advanced machine
learning and behavior analysis) coupled with time-tested Broadest integrations
prevention technologies
• Orchestrated defense and response at the endpoint quickly stop the
• Strengthened security posture with intelligence gathered attack’s spread via integrations across Symantec portfolio
by deception technology when attackers trigger easy-to-
implement deceptors • Deeper visibility and reduced complexity using shared
intelligence across Symantec Integrated Cyber Defense Platform
• Unparalleled endpoint visibility and protection with telemetry and extensive integrations across Symantec and
from the world’s largest civilian threat intelligence network third-party products
Simplified management • Strong security posture via open APIs to coordinate with third-
party IT security solutions (e.g., orchestration, automation,
• Manage complete endpoint security from single cloud console
ticketing, and SIEM)
• Reduce update fatigue with minimal footprint of Symantec single
agent stack

Introduction
Anti malware
Attackers are using more sophisticated attacks to infiltrate networks, and the
endpoint represents the last line of defense. Ransomware attacks are trending
upward as evidenced by the WannaCry and Petya outbreaks. In addition, Advanced
attackers’ expanding use of fileless and stealthy attacks combined with ‘living Deception Malware
off the land’ (using common IT tools for attacks) techniques threatens the Protection
confidentiality, integrity, and availability of endpoint assets.
Symantec
So, what can security teams do to address cyber attacks? Managing multiple Endpoint
point products and technologies is overwhelming, and challenges mount when Protection
managing security across multiple geographies with diverse operation systems
Exploit Endpoint
and platforms. With limited resources and limited budgets, security teams want
Prevention Detection and
easy-to-manage technologies that integrate with each other to improve overall Response
security. They do not need just another point product. See Figure 1.
Application
Isolation and
Control

Figure 1. Symantec offers complete endpoint security

Symantec Endpoint Protection (SEP) delivers superior, multilayer protection to stop
threats regardless of how they attack your endpoints. SEP integrates with your
existing security infrastructure to provide orchestrated responses that address N HA
IO RD
threats quickly. The single, lightweight SEP agent offers high performance without NT

EN
compromising productivity, so that you can focus on your business. SEP enables

EV

ING
PR
security personnel to execute on many security use cases as outlined in Figure 2.

Enhanced security efficacy SINGLE

AGENT

D E T EC
Prevention

TI O

ON
SEP protects endpoints regardless of where attackers strike on the attack chain

N
as shown in Figure 3. SEP security efficacy leads the industry as validated by third

TI
RE EP

&
parties. This level of prevention is only possible with a combination of proven, core SP C
technologies and new, innovative technologies. ONS DE
E

Signatureless technologies Figure 2. The SEP Security Framework

• Advanced machine learning—Detects new and evolving threats before
they execute.
• Memory exploit mitigation—Blocks zero-day exploits of vulnerabilities in popular software.
• Behavior monitoring—Monitors and blocks files that exhibit suspicious behaviors.

Patented real-time cloud lookup for scanning suspicious files

Network Memory Reputation Advanced Emulator Antivirus Behavior Application

Firewall and Exploit Analysis Machine Monitoring and Device
Intrusion Mitigation Learning Control
Prevention

Blocks Blocks Determines Pre-execution Virtual Scans and Monitors Control

malware zero-day safety of files detection of machine eradicates and blocks file, registry,
before it exploits of and websites new and detects malware that files that device access
spreads to vulnerabilities using the evolving malware arrives on exhibit and behavior:
your machine in popular wisdom threats hidden using a system suspicious whitelisting,
and controls software of the custom behaviors blacklisting,
traffic community packers etc.

Figure 3. SEP delivers multilayered prevention

Advanced capabilities
• Global Intelligence Network (GIN)—The world’s largest civilian threat intelligence network collects data from millions of attack sensors;
that data is analyzed by more than a thousand highly skilled threat researchers to provide unique visibility into threats.
• Reputation Analysis—Determines safety of files and websites using artificial intelligence techniques in the cloud and powered by the GIN.
• Emulator—Uses a lightweight sandbox to detect polymorphic malware hidden by custom packers.

DATA SHEET | SYMANTEC ENDPOINT PROTECTION 15 02

• Intelligent threat cloud—Rapid scan capabilities using • Easy management—Uses the same cloud console for all
advanced techniques such as pipelining, trust propagation, endpoint security.
and batched queries has made it unnecessary to download all
• Flexible deployment—Offers universal Windows app
signature definitions to the endpoint to maintain a high level of
downloadable from the Microsoft App Store and mobile device
effectiveness. Only the newest threat information is downloaded,
management (MDM)-based deployment options.
reducing the size of signature definition files by up to 70 percent,
which in turn reduces bandwidth usage. • ARM-processor support—Offers standalone protection for
Windows 10 in S mode for devices with Snapdragon processors
• Roaming client visibility—Receives critical events from clients
as well as Intel and AMD.
that are off the corporate network.
• Suspicious file detection—Enables IT security teams to tune
the level of detection and blocking separately to optimize Hardening
protection and gain enhanced visibility into suspicious files for Hardening consists of several add-on capabilities that complement
each customer environment. SEP prevention to deliver unprecedented efficacy against malware
and suspicious applications. It includes advanced application
Core capabilities defenses that deliver fast time to value by using the same SEP
agent. It minimizes the attack surface by controlling which
• Antivirus—Scans for and eradicates malware that arrives on applications can run and what these applications can do.
a system.
The advanced application protection solutions share some
• Firewall and intrusion prevention—Blocks malware before
capabilities. They offer comprehensive application discovery to find
it spreads to the machine and controls traffic.
all apps on the endpoint and conduct a risk assessment on the apps
• Application and device control—Controls file, registry, and their respective vulnerabilities. These solutions also promote
and device access and behavior; also offers whitelisting and high employee productivity by fully supporting standard
blacklisting. employee workflows.
• Power Eraser—An aggressive tool, which can be triggered
remotely, to address advanced persistent threats and remedy Application isolation
tenacious malware. • Hardens endpoints by isolating suspicious or malicious apps
• Host integrity—Ensures endpoints are protected and compliant into ‘jail mode’ to prevent the execution of privileged operations
by enforcing policies, detecting unauthorized changes, and including downloading executable files, writing to the registry,
conducting damage assessments; it can also isolate a managed and more.
system that does not meet your requirements. • Strengthens protections by shielding productivity tools and
• System lockdown—Allows whitelisted applications (known to be other known good applications from vulnerability exploits.
good) to run or blocks blacklisted applications (known to be bad) • Maximizes security efficacy by complementing critical hardening
from running. technology with SEP prevention capabilities.

In all, the single-agent architecture enables IT security teams to add

innovative security technology without having to add new agents. In Application control
addition, SEP supports many environments, now including IPv6. • Delivers fixed-function device lock-down by enforcing default-
deny to applications and restricting updates to those defined

Mobile capabilities as trusted.

• Offers restricted execution of unauthorized apps for standard
For roaming users, Symantec offers add-on defenses that deliver endpoints by governing the ‘allow’ list of approved apps for
dynamic protection that complements endpoint security to address additional flexibility.
attack vectors for modern devices and user behavior for Windows 10.
• Easily extends the use of unapproved applications when deemed
safe while alerting administrators of potential risks posed by
Cloud connect defense
application drift.
• Network integrity protection—Identifies rogue Wi-Fi networks
• Maximizes security efficacy by complementing critical hardening
and utilizes hotspot reputation technology.
technology with SEP prevention capabilities.
• Smart VPN—Delivers policy-driven VPN to protect network
connections and support compliance.

DATA SHEET | SYMANTEC ENDPOINT PROTECTION 15 03

 MSS SOC
Technology Platform

IT deploys Adversary Attacker moves laterally SEPM alerts SOC SOC staff uses
deceptors launches for reconnaissnace and staff (or MSS) to learned adversary
multi-phased trips decoy investigate behavior to
stealthy attack strengthen defenses

Figure 4. How Deception works

Symantec also offers comprehensive defense for corporate domains

by combining AI, obfuscation, and advanced forensics methodologies
Endpoint Detection and
to quickly detect and automatically contain advanced persistent Response (EDR)
threats at the point of breach.
Symantec Endpoint Detection and Response provides incident
investigation and remediation using the integrated EDR capabilities
Threat Defense for Active Directory in SEP. Cloud-based artificial intelligence, precision machine
• Disrupts domain reconnaissance, lateral movement, and learning, behavioral analytics, and threat intelligence minimize false
credential theft activities employed by attackers by using Active positives and ensure high levels of productivity for security teams.
Directory (AD) obfuscation and policy-driven process, device, The security team can roll out the solution within an hour to expose
and user analysis. advanced attacks. Symantec Endpoint Detection and Response
capabilities allow incident responders to quickly search, identify,
• Uses automated attack simulations to expose domain and AD
and contain all impacted endpoints while investigating threats using
service vulnerabilities and provides recommendations
on-premises and cloud-based sandboxing. In addition, continuous
on remediation.
recording of system activity supports full endpoint visibility and
• Delivers full forensic reporting within a few seconds of true real-time queries.
threat alerts to provide a snapshot of the machine at the time
of attack along with full attack chain analysis. EDR and Targeted Attack Analytics
• Utilizes auto mitigation to contain an attacking process of the
The integration of Targeted Attack Analytics (TAA) with Endpoint
source host, thus removing its ability to spawn another process,
Detection and Response solves critical security challenges. TAA
run recon commands, or communicate out to the network.
combines local and global telemetry, artificial intelligence, and
attack research to expose attacks that would otherwise
Deception evade detection.

SEP includes the capability to plant deceptors (i.e., bait) for exposing Using TAA, Endpoint Detection and Response (ATP: Endpoint)
hidden adversaries and revealing attacker intent and tactics via early customers benefit from ongoing delivery of new attack analytics
visibility, so that the information can be used to enhance your security and generation of custom incidents, covering detailed analysis of
posture. It features accurate and insightful detection while delivering attacker methods, impacted machines, and remediation guidance—
fast time to value. Joint SEP and Symantec Managed Security Services all at no additional cost.
customers benefit from 24x7 real-time deception monitoring and
response by a global team of experts. Symantec is the only endpoint Symantec Endpoint Detection and Response:
protection platform vendor offering deception. • Detects and exposes—Reduces time to breach discovery and
quickly exposes scope.
SEP:
• Investigates and contains—Increases incident responder
• Uses lures and baits for active security to expose and productivity and ensures threat containment.
delay attackers.
• Resolves—Rapidly fixes endpoints and ensures threat does
• Determines attacker intent to improve security posture. not return.
• Delivers deception at scale to simplify rollout • Enhances Security Investments—Takes advantage of prebuilt
and management. integrations and public APIs.

DATA SHEET | SYMANTEC ENDPOINT PROTECTION 15 04

Simplified management • Multifactor authentication integration—Supports Symantec
Validation and ID Protection and PIV/CAC smart cards for
authentication into the SEP Manager console.
Symantec Cyber Defense Manager, Symantec’s cloud-based
management console for endpoint security, drives more accurate, • Web Security Service integration—Redirects web traffic from
intelligent, and faster insights with AI-guided security management roaming users to Symantec Web Security Service using a PAC file.
from a single console. • Secure Web Gateway integration—Programmable REST APIs
make integration possible with existing security infrastructure
Cyber Defense Manager: including Symantec Secure Web Gateway, orchestrating a
• Full cloud console—Manages complete endpoint security response at the endpoint to quickly stop the spread of infection.
from a single cloud console to reduce endpoint security
management complexity.
• Single SEP agent—Reduces update fatigue with minimal
footprint of Symantec single agent stack. Endpoint
+
Network
• AI-guided security management—Drives more accurate policy
updates, fewer misconfigurations, and greater administrator
productivity to help improve overall security hygiene. Cloud
• Autonomous security management—Learns from Generation
Analytics Public APIs/
administrators or the organization or community to continuously & Endpoint Orchestrated
Visibility Response
assess and strengthen security posture.
• Simplified workflows—Uses simplified workflows with context-
aware recommendations to eliminate routine tasks and enhance
endpoint security decisions.
Figure 5.
For organizations that require on-premises or hybrid management

High-performance,
options, SEP can accommodate that too.

Broadest integrations lightweight solution to

Most large organizations support global IT environments that are
enable productivity
becoming increasingly complex. Many solutions, however, only
Large or frequent content updates take up bandwidth, reduce
do a very specific job. Therefore, organizations need an endpoint
endpoint performance, and compromise productivity. Optimizing
protection solution that provides greater value and better overall
content updates and delivering better detection of threats is a win-
protection by integrating with other IT security solutions to share
win. These capabilities reduce the IT team’s burden for scheduling
intelligence and defend the network together.
frequent security updates. And users do not have the hassle of
SEP 15 is a foundational product that facilitates integration so that security updates impacting productivity.
IT security teams can detect threats anywhere in their network
SEP has a strong record for delivering better protection with
and address these threats with an orchestrated response. SEP 15
better performance and lower bandwidth requirements. Symantec
works alongside Symantec solutions (as a key component of the
consistently scores at the top in third-party performance tests
Integrated Cyber Defense Platform) and with third-party products
including Passmark Software’s Enterprise Endpoint Security
(via published APIs) to strengthen your security posture. The
Performance Benchmark tests for Windows 7 and Windows 10.
Symantec Integrated Cyber Defense Platform unifies cloud and on-
Visit the Symantec Performance Center for additional third-party
premises security to protect users, information, messaging and the
validation: symantec.com/products/performance-center.
web, powered by unparalleled threat intelligence. No other vendor
provides an integrated solution that orchestrates a response at the Compared to products from emerging vendors, SEP offers less
endpoint (blacklists and remediation) triggered by the detection of a endpoint complexity by bundling multiple capabilities in a single,
threat at the network gateway (i.e., web and email security gateways). lightweight agent. Attempting to match Symantec endpoint security
capabilities would require multiple vendors, multiple solutions, and
Advanced Symantec integrations certainly multiple agents.

• Content analysis integration—Utilizes dynamic sandboxing and

additional engines for further analysis of suspicious files.

DATA SHEET | SYMANTEC ENDPOINT PROTECTION 15 05

System requirements
Client Workstation and Server System Requirements*
Windows® Operating Systems Windows Hardware Requirements
• Windows 7 (32-bit, 64-bit; RTM and SP1) • 32-bit processor: 2 GHz Intel Pentium III or equivalent minimum (Intel Pentium 4 or
• Windows Embedded 7 Standard, POSReady, and Enterprise (32-bit, 64-bit) equivalent recommended)
• Windows 8 (32-bit, 64-bit) • 64-bit processor: 2 GHz Pentium 4 with x86-64 support or equivalent minimum
• Windows Embedded 8 Standard (32-bit and 64-bit) • 1 GB of RAM (2 GB recommended)
• Windows 8.1 (32-bit, 64-bit), including Windows To Go • 530 MB of free space on the hard disk
• Windows 8.1 update for April 2014 (32-bit, 64-bit)
Macintosh® Operating Systems
• Windows 8.1 update for August 2014 (32-bit, 64-bit)
• Windows Embedded 8.1 Pro, Industry Pro, and Industry Enterprise (32-bit, 64-bit) • Mac OS X 10.10, 10.11, macOS 10.12, 10.13, 10.14
• Windows 10 (32-bit, 64-bit)
• Windows 10 November Update (version 1511) (32-bit, 64-bit) Mac Hardware Requirements
• Windows 10 Anniversary Update (version 1607) (32-bit, 64-bit) • 64-bit Intel Core 2 Duo or later
• Windows 10 Creators Update (version 1703) (32-bit, 64-bit) • 2 GB of RAM
• Windows 10 Fall Creators Update (version 1709) (32-bit, 64-bit) • 500 MB of free space on the hard disk
• Windows 10 April 2018 Update (version 1803) (32-bit, 64-bit)
• Windows 10 October 2018 Update (version 1809) (32-bit, 64-bit) Virtual Environments
• Windows Server 2008 R2 (32-bit, 64-bit; R2, SP1, and SP2) • Microsoft Azure
• Windows Small Business Server 2008 (64-bit) • Amazon WorkSpaces
• Windows Essential Business Server 2008 (64-bit) • VMware WS 5.0, GSX 3.2 or later, ESX 2.5 or later
• Windows Small Business Server 2011 (64-bit) • VMware ESXi 4.1 – 5.5
• Windows Server 2012 • VMware ESX 6.0
• Windows Server 2012 R2 • Microsoft Virtual Server 2005
• Windows Server 2016 • Microsoft Windows Server 2008, 2012, and 2012 R2 Hyper-V
• Windows Server 2019 • Citrix XenServer 5.6 or later
• Virtual Box by Oracle

Management Console System Requirements

Windows® Operating Systems Web Browser
• Windows Server 2008 (64 bit) • Microsoft Internet Explorer 11
• Windows Server 2008 R2 • Mozilla Firefox 5.x through 60
• Windows Server 2012 • Google Chrome 66
• Windows Server 2012 R2 • Microsoft Edge
• Windows Server 2016

Symantec Endpoint Protection client must run one of the following Windows desktop operating systems to run Symantec Endpoint Protection Hardening:

• Windows 7 (RTM and SP1), Professional, Enterprise • Windows 10 Anniversary Update (version 1607), Professional, Enterprise
• Windows 8, Professional, Enterprise • Windows 10 Creators Update (version 1703), Professional, Enterprise
• Windows 8.1 (update for April 2014 and August 2014; Windows To Go), Professional, • Windows 10 Fall Creators Update (version 1709), Professional, Enterprise
Enterprise • Windows 10 April 2018 Update (version 1803), Professional, Enterprise
• Windows 10 (RTM), Professional, Enterprise • Windows 10 October 2018 Update (version 1809), Professional, Enterprise
• Windows 10 November Update (version 1511), Professional, Enterprise (32-bit, 64-bit)

* System requirements are for SEP 15. For a complete list of system requirements visit our support page.

About Symantec
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments, and people secure their most important data
wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud, and
infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital
lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most
advanced threats. For additional information, please visit www.symantec.com, subscribe to our blogs, or connect with us on Facebook, Twitter, and LinkedIn.

350 Ellis St., Mountain View, CA 94043 USA | +1 (650) 527 8000 | 1 (800) 721 3934 | www.symantec.com

Copyright ©2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered 19C199762_ds_SEP15_EN
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.