New Features in Symantec Endpoint Protection 14.1

This last weekend Symantec released Symantec Endpoint Protection 14.1 (14 RU1/14.0.1).   This release is highly anticipated.  It is a must have upgrade to SEP for most customer.  SEP 14.1 contains some interesting new features, and we wanted to make sure we highlighted these for you.

 

New Features

  • Symantec Endpoint Protection Cloud Integration – Cloud integration extends the detection of threats to your infrastructure. Connecting through an internal bridge on your network, it allows you the option of managing your environment from the cloud.
  • Intensive Protection Policy – Is a policy tuning setting applied from the cloud to for better detection of malware in your environment. This setting works only with SEP 14 agents.
  • Better Low Bandwidth Support – Working with the new Intensive Protection Policy and disabling telemetry submission data – this setting allows you to tune the product to work on your environment with the least amount of network traffic.
  • Symantec Endpoint Protection Deception – This new technology is designed to up you detection infiltrations by external forces upon your network.
  • Updated Endpoint Detection and Response with ATP – Working in conjuncture with Symantec’s Advanced Threat Protection, this update allows SEP clients to directly communicate with your ATP deployment.
  • Advanced Machine Learning for MacOS – This update to the MacOS clients allows these agents to receive intelligence on new threats.
  • Password Required to Uninstall on MacOS – This feature has been requested by a few of our customers. This now allows administrators to lock down MacOS clients in the same fashion that they have always controlled their Windows systems.

 

Things to Note for Your Environment

  • Replication and Cloud Integration – If you are currently replicating between sites in your environment, replication partners must be removed if you are going to use the Symantec Endpoint Protection cloud portal.
  • Manual Submission of Threats – For customers who had a threat response workflow that included the submission of quarantine date to Symantec, this feature has been removed. To submit data to Symantec you must have a quarantine server in your environment.
  • Mac OSX 10.9 Support Removed – Support for OSX Mavericks has been removed for this release.
  • Host Integrity and MacOS clients – Host Integrity policies have been removed for MacOS clients. The configuration options remain, but will be ignored in the latest MacOS agents.

 

 

While Symantec Endpoint Protection includes some new reporting and notification options, there are other methods to take your reporting to the next level.   Working with many of the other security products in your environment, SOLVE or NorthStar can be configured for executive reports and cross correlation that you haven’t been exposed in the past.  Take a look today at these products to use your SEP installation to its maximum potential.

 

About the Author

Brent M. Gueth is a Senior Security Consultant with Conventus specializing in Symantec Endpoint Protection and Symantec Data Center Security.   He has worked in the IT Security field for over a decade including positions with Symantec and NASA.  He has consulted for many Fortune 500 companies and assisted them with their security needs.