Symantec released a new Managed Endpoint Detection and Response (MEDR) service and enhanced EDR 4.0 technology. These advancements improve attack discovery and incident response using AI-driven analytics and automation to discover and stop cyber attacks.
Enterprise IT and Security Ops teams are challenged to investigate and respond to advanced and emerging threats with available resources and staff. Symantec’s MEDR service harnesses the power of EDR 4.0 to improve incident response, threat hunting and forensics, fortifying teams with investigation expertise and threat intelligence from a team of Symantec SOC analysts.
Symantec MEDR detects attacks and examines suspicious activity for faster incident validation and response. A combination of Symantec EDR 4.0, the SOC technology platform, and the Global Intelligence Network, allows Symantec analysts to provide 24×7 expertise. Managed threat hunting, remote investigations, and endpoint containment enable security teams around the world to stay ahead of threats.
- Industry- and region-specific analysts provide 24×7 coverage across six global SOCs.
- Managed threat hunting provides detection for zero-day and unknown threats.
- Industry best practices including MITRE ATT&CK framework help to identify critical indicators of attack.
- Containment of compromised endpoints using pre-authorized measures.
- Custom and emerging threat reports, business reviews, and 24×7 coverage.
“Many customers simply can’t find enough cyber security experts to meet demand. Our MEDR service provides access to Symantec’s elite SOC analysts and advanced machine learning techniques to reduce the burden on staff and shrink the time it takes to investigate incidents,” said Art Gilliland, EVP and GM Enterprise Products, Symantec. “For organizations with robust security response teams, EDR 4.0 is now available on any device, anywhere, before or after an attack occurs to provide comprehensive detection and response.”
Symantec’s EDR 4.0 updates AI-driven detection engines using threat research from Symantec’s team of researchers and global telemetry from 175 million endpoints to train analytics to detect new attack patterns. EDR 4.0 is now available on any device, anywhere, before or after an attack.
New features include:
- Attack detections to help thwart “living off the land” fileless attacks.
- Automated playbooks to initiate investigations.
- MITRE ATT&CK framework enrichment to expose gaps in the attack lifecycle.
- Pre- and post-breach EDR tools.
- Deployment options for Symantec Endpoint Protection (SEP) and non-SEP endpoints for macOS, Linux, and Windows.
“Many organizations are struggling with threat detection and incident response because of both the volume and sophistication of attacks, and an expanding attack surface. They also face many challenges including the volume of alerts and a continued reliance on manual processes,” said ESG senior principal analyst Jon Oltsik.
“With a critical shortage of skilled investigators available, security teams need smart tools and services that can help them deal with the scale and speed of the modern threat environment, making it easier to identify and fix impacted endpoints. To improve IR processes, cybersecurity professionals must eschew legacy approaches and embrace the right tools and services.”