Security Experts:

Symantec Adds Machine Learning to Endpoint Security Lineup

Symantec on Tuesday launched its new Symantec Endpoint Protection Cloud (SEPC) security solution designed to marry old and new endpoint technologies in a single easy-to-use product primarily aimed at SMBs and mid-market companies of up to 1000 employees.

The new offering is the first product to come out of the $4.65 billion acquisition of Blue Coat earlier this year. Symantec expects more to follow as Blue Coat technologies are welded to Symantec technologies.

Symantec LogoSEPC combines three new technologies (advanced machine learning, an intelligent threat cloud, and generic exploit mitigation) with the traditional technologies developed by one of the original anti-malware companies (such as firewall and intrusion prevention, reputation insights, anti-malware, behavioral analysis, and USB device protection). The aim here, said product manager John Engels in conversation with SecurityWeek, "is to address advanced threats, deal with mobile workforces, and ultimately combine with the technologies from Blue Coat to ensure safe cloud usage."

Despite the increased functionality, SEPC is designed to be lightweight and easy to use; and is targeted towards resource-strapped smaller companies. The Management Console sits in the cloud, as does the new threat intelligence and the machine learning engine. This means that the console can be accessed at any time or place with an internet connection, and via any device.

Agents on endpoints are updated modularly, unobtrusively and automatically. "The aim," said Engels, "is for new customers to have protection within five minutes of receiving their registration email."

There is always a granularity balance to be found in any product. Increased granularity requires greater oversight and therefore greater user involvement -- and too much granularity can lead to an inexperienced user decreasing rather than increasing security. For this product Symantec has reduced the granularity to the level it thinks suitable for smaller companies, and sought to provide a solution that is simple and ready to use. For example, ready-made policies can set a standard security policy across all devices and groups. At the same time, a security rating feature will warn the customer if a setting change actually weakens the overall security posture.

SEPC is being launched in the U.S., but will be available to the rest of the world by the end of the year. Although currently targeted at SMBs, Engels already sees use-cases for enterprises. "We do see cases where enterprises will use this product," he said, "for example in franchises, affiliates, and regional IT teams that may not have the same security team depth, and where resources are strained."

Ultimately, he added, "There will be enterprise versions developed by building out the feature set and increasing the granularity; and especially the management features."

Over the last few years, traditional anti-malware companies such as Symantec have been rocked by a new generation of endpoint security vendors that major on machine learning as a method of threat detection. In this model, machines are taught how to detect threats, and with this knowledge, the machine can detect new threats that have never been seen before. This is a huge advantage over signature-based detection which relies on recognizing malware that it has already seen.

Although the traditional anti-malware products have many more technologies than just signature detection within their products, nevertheless they have been hurt by marketing suggestions from the new generation vendors that old signature engines cannot compete with machine-learning zero-day threat detection. What Symantec has done with SEPC is to keep the old tried and tested technologies, but add new machine learning capabilities to the mix.

The reality is that when you teach a machine, the larger the pool of data from which it can learn, the more 'intelligent' it can be. The addition of Blue Coat's worldwide web presence and data to Symantec's worldwide web presence and data provides a huge pool from which the Symantec machine can learn. With this new product, Symantec is seeking to combine the best of the old with the best of the new in an easy-to-use subscription cloud-based product that can almost be used straight out of the box.

Related: Threat Hunting with Machine Learning, Artificial Intelligence, and Cognitive Computing

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.