Cynet Security Foundations

Symantec Endpoint Protection: Platform Review

Symantec Endpoint Protection, Symantec Endpoint Security Enterprise, and Symantec Endpoint Security Complete are a software suite, developed by Broadcom that provide comprehensive endpoint security and protection in the enterprise. The suite includes advanced malware protection, application control, exploit prevention, Endpoint Detection and Response (EDR), deception tools, and more. Read on to learn how Symantec’s offering is structured and the security features provided by each component.

If you want to learn how Extended Detection and Response (XDR) solutions go beyond these capabilities, click here.

What is Symantec Endpoint Protection Software?

Symantec Endpoint Security Protection, Enterprise, and Complete packages provide attack prevention, detection and response for endpoints in an organization.

Symantec Endpoint Protection offers attack prevention, device control, intrusion prevention, firewall, and deception.
Symantec Endpoint Security Enterprise adds on protection with mobile threat defense and network security.
Symantec Endpoint Security Complete builds on Enterprise by adding breach assessments, application control, adaptive protection, Active Directory security, EDR, cloud analytics, adaptive incidents, behavioral forensics, threat intelligence, threat hunting, and rapid response.
Each solution is deployed with a single agent, managed from a single console, and enriched with global threat intelligence. Protection is offered on-premises, Enterprise and Complete are offered on-premises, in the cloud, or in a hybrid model.

Source: Symantec

Symantec Endpoint Protection Platform-Level Capabilities

The Endpoint Protection suite provides the following platform-level capabilities:

Attack surface reduction—ranks vulnerabilities and threats by severity and number of affected devices, to help prioritize fixes. Integrates with Active Directory to discover misconfigurations and vulnerabilities. Offers device control including wired and wireless connected devices, application isolation and application control.
Attack prevention—protects against file-based and fileless attacks and memory-based exploits, using machine learning to identify new and unknown threats, and blocks attacks in real time. Prevents malware with pre-execution detection, sandboxing, suspicious file monitoring and removal, as well as traditional signature-based methods. Protects Wifi, hotspots, and VPNs.
Breach prevention—provides a device firewall, automated domain IP address blacklisting, and deception technology that uses fake files, credentials, network shares, web requests and also fake endpoints to help determine attacker tactics, and delay attackers from reaching real IT resources, and obfuscation to confuse attackers and control their view of the organization’s Active Directory. Also provides auto-managed policies with AI and ML.
Endpoint Detection and Response—leverages the Targeted Attack Analytics database used by Symantec’s 3,000 security researchers to rapidly detect incidents and provide information on the attacker, techniques, impacted machines, and remediation instructions. Identifies advanced attacks leveraging legitimate apps, using data enriched by the MITRE ATT&CK framework. Provides threat hunting tools with built-in security playbooks. Enables security staff to take direct action on the endpoint to remediate it.
Symantec SOC analysts—the platform enables access to Expert SOC Investigators and analysts, who can help detect stealthy attacks and examine suspicious activity.

Symantec Endpoint Protection 14: Update

Symantec Endpoint Protection 14 is Broadcom’s widely deployed and actively maintained endpoint security solution, with ongoing updates and patches released as recently as 2025 for the 14.3.x branch.

Broadcom has also developed a newer product called Symantec Endpoint Security. SEP 14.x remains the latest major version of the classic Symantec Endpoint Protection product line, while Symantec Endpoint Security is the successor product for new deployments.

Endpoint Protection - Prevention, Detection, and Protection with Cynet

Cynet All-in-One is a security solution that includes a complete Endpoint Protection Platform (EPP), with built-in EDR security, a Next-Generation Antivirus (NGAV), and automated incident response. Cynet makes it easier to adopt a modern security toolset by offering an “All-in-Oneall in one” security model: Cynet All-in-One goes beyond endpoint protection, offering network analytics, UEBA, and deception technology.

Cynet’s All-in-One platform includes:

NGAV—blocks malware, exploits, LOLBins, Macros, malicious scripts, and other known and unknown malicious payloads.
Zero-day protection—uses User and Entity Behavior Analytics (UEBA) to detect suspicious activity and block unknown threats.
Monitoring and control—asset management, endpoint vulnerability assessments, and application control, with auditing, logging, and monitoring.
Response orchestration—automated playbooks and remote manual action for remediating endpoints, networks, and user accounts affected by an attack.
Deception technology—lures attackers to a supposedly vulnerable honeypot, mitigating damage and gathering useful intelligence about attack techniques.
Network analytics—identifying lateral movement, suspicious connections, and unusual logins.

Learn more about Cynet’s All-in-One cybersecurity platform.

FAQs

What are the main components of Symantec endpoint protection software?

1) Web, email, and sandbox for the endpoint and network. 2) Telemetry, SIEM, and threat analytics for analytics and visibility. 3) Automation, ticketing, and security orchestration for an orchestrated response.

Can I manage SEP from the cloud or only on-premises?

SEP can be managed on-premises, but organizations can also migrate to Symantec Endpoint Security Enterprise and Symantec Endpoint Security Complete for a cloud or hybrid option.

What are the system requirements for installing SEP?

For SEP 14.3 RU10, the minimum requirements include an Intel Pentium Dual-Core or equivalent minimum, 2 GB RAM, and 245 MB GB available hard disk space + 135 GB for installation. The display should be at least 1024 x 768 resolution, and the system requires internet connectivity for updates and cloud features.

Does SEP include ransomware and exploit protection?

It provides multi-layered protection against ransomware and exploits through behavioral analysis, intrusion prevention, and memory exploit mitigation.

How much does Symantec SEP cost per endpoint?

Enterprise licensing is highly variable and might depend on factors such as the number of seats or devices, subscription length, support levels, regional prices, and any negotiated discounts.

How does SEP integrate with SIEM and SOAR platforms?

While the search results do not detail SIEM or SOAR integration, SEP is designed to support enterprise environments and typically offers integration capabilities through REST APIs and log forwarding. This allows security events and alerts from SEP to be ingested by SIEM and SOAR platforms for centralized monitoring, incident response, and automation.

How does Symantec SEP compare to other endpoint protection services?

SEP is considered a comprehensive endpoint security system for the enterprise with features such as antivirus, firewall, intrusion prevention, device control, application control, and advanced threat protection. For leaner and smaller teams, solutions like Cynet offer comprehensive endpoint protection of the highest quality, but with more flexibility.