Symantec Endpoint Detection and Response

Speed threat hunting and response with deep visibility, precision analytics, and workflow automation

Detect, hunt, isolate, and eliminate intrusions across all endpoints using AI-driven analytics, investigation playbooks, and unequaled threat intelligence.

Read the eBook


How to Detect Targeted Ransomware with MITRE ATT&CK™

Join experts from Symantec and MITRE as we explore the latest research and best practices for detecting targeted ransomware in your environment.


Why Traditional Threat Hunting and Investigations are Flawed

See how Symantec Endpoint Detection and Response (EDR) tools and services remove complexities and enable you to find attacks and stop them. Fast.

Find attacks and stop them. Fast.

Expose stealthy attacks with cloud-delivered analytics, threat intelligence, and 24x7 managed services.

  • Quickly discover and resolve threats with deep endpoint visibility and superior detection analytics, reducing mean time to remediation.
  • Overcome cyber security skills shortages and streamline SOC operations with extensive automation and built-in integrations for sandboxing, SIEM, and orchestration.
  • Fortify security teams with the unmatched expertise and global scale of Symantec Managed Endpoint Detection and Response services.
  • Roll out Endpoint Detection and Response (EDR) across Windows, macOS, and Linux devices using Symantec Endpoint Protection (SEP)-integrated EDR or a dissolvable agent.

Simplify Investigations and Threat Hunting

Detect and expose attackers in your environment—no new agent required.

Supported by deep endpoint visibility, precisely detect and actively hunt threats to quickly expose and fully resolve them, no matter how persistent.

  • Instantly detect advanced attack methods using behavioral policies continually updated by Symantec researchers.
  • Detect new attack patterns in minutes, and alert responders to attacks in progress, with analytics continuously trained by global telemetry.
  • Quickly analyze attack chains and remediate impacted systems using risk-scored history of endpoint activity.
  • Expose sophisticated attack tactics and techniques using MITRE ATT&CK event enrichment and cyber analytics.
  • Supports 'zero trust' threat hunting with advanced forenics tools that use full memory scans and metadata acquisition to find injections, process hollowing, shellcode, and more.

Resolve, Remediate, and Restore Devices in Minutes

Contain and respond to threats with SEP-integrated Endpoint Detection and Response (EDR).

  • Investigate and contain suspicious events using advanced sandboxing, blacklisting, and quarantining.
  • Gain visibility into attack history by continuously recording activity, and retrieving endpoint process dumps.
  • Seal off potentially compromised endpoints during an investigation with endpoint isolation.
  • Delete malicious files and associated artifacts on all impacted endpoints, returning endpoint to its pre-infection state.

Automate Complex Investigations and Streamline SOC Operations

Quickly initiate cyber security functions and leverage expert investigation methods with artificial intelligence-driven playbooks and pre-built integrations.

  • Create custom investigation flows and automate repetitive manual tasks–no complex scripting required.
  • Automatically sandbox suspicious files for quick conviction and blacklisting.
  • Use visual graphs and alerts to simplify how security analysts work with large amounts of cyber data.
  • Correlate events across endpoints, the network, and email using additional sensors.
  • Streamline SOC operations and lower costs with prebuilt apps for SIEM, orchestration, and ticketing systems.

Learn more about our product and partner integrations across our Integrated Cyber Defense Platform.

Outsource Your EDR Activities to Symantec

Skilled Symantec SOC analysts aggressively hunt, investigate, and contain threats.

  • Access free expert assessment via an EDR console for targeted attack triage and guidance.
  • Bolster your team with dedicated, 24x7 world-class SOC analysts assigned based on geography and industry.
  • Minimize the business impact of an incursion with 24x7 threat hunting that harnesses Symantec's SOC Technology platform and Global Intelligence Network.
  • Disrupt attacks by containing compromised endpoints via pre-authorized actions.
  • Ensure shortest time to value with fast, no-cost on boarding from dedicated team.

Upgrade to Symantec Complete Endpoint Defense

Add endpoint detection and response for broader, deeper defense for your organization. Choose a from one of our new suites, created for your specific security needs and maturity.

  • Build out your endpoint defense with leading prevention and hardening technologies.
  • Utilize interlocking defenses at the device, the app, and the network level.
  • Reduce complexity with one single agent and console.

Symantec 2019 Internet Security Threat Report

Our 123 million sensors record thousands of threat events per second from 157 countries and block 142 million threats daily. Use intel from the world’s largest civilian threat network to your advantage—download ISTR 24 now.

Introducing Symantec Integrated Cyber Defense Exchange (ICDx)

Reduce complexity and cost with built-in integrations and streamlined interoperability.

ICDx simplifies product integrations and accelerates customer time to value across the Symantec enterprise portfolio and the industry’s largest partner ecosystem.

  • Remove the friction for security teams when integrating Symantec and third-party products
  • Enhance visibility from a unified view of events across Symantec products for searching, dashboards and reporting
  • Prepare higher quality cyber data to forward to SIEM and other SOC tools enhancing analytics and alerts
  • Speed responses to critical incidents with orchestrated actions targeting multiple Symantec products

Symantec Blogs

Industry Recognition

Symantec is named a Leader once again in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms
Learn More

Symantec named a market leader in Next-Generation Endpoint Security
Learn More

Symantec is the top leader in Radicati MQ for Advanced Persistent Threat Protection
Learn More

Symantec was named a January 2019 Gartner Peer Insights Customers’ Choice* for Endpoint Detection and Response

Discover Our Community

View the latest product discussions in our forums.

Need help?

Technical support and more.

Related Products

Endpoint Protection Versions Supported
  • Symantec Endpoint Protection 14, 14.1
  • Symantec Endpoint Protection 12.1 RU6 MP7
    (Recorder only supported with ATP: Endpoint for SEP 14 and above)
Appliance Specifications

Server Specifications

  8880-30 8840* VMWare ESXi
Form Factor 2U Rack Mount 1U Rack Mount Virtual Machine
CPU 2 x Intel Xeon E5-2697 v4, 2.3 Ghz, 18 Core, 145 W Intel Xeon E3-1270 v5, 3.6 Ghz, 4C/8T, 80W 12 CPUs
Memory 192 GB 32 GB 48 GB
Hard Drive RAID 10. 4 x 300 GB 15K SAS, RAID 10. 4 x 1.8 TB 10K SAS 2 x 1 TB 7.2K RPM NLSAS, 12 Gbps 2.5" (400-ALUN) 500 GB (should be extended for an additional 1 TB to support Endpoint Activity Recording)
Network Interface Card 4 x 1 Gigabit Ethernet Ports, 4 x 10 Gigabit Ethernet Ports with Bypass 2 x 1 Gigabit Ethernet Ports, 2 x 10 Gigabit Ethernet Ports with Bypass 2 x 1 Gigabit Ethernet Ports
Power Supply 2 x 750W Redundant Power Supply 2 x 350W Redundant Power Supply n/a

Cloud Based Endpoint Detection and Response Requirements

Browser UI Requirements

  • Version 2.9 depends on Silverlight and requires Microsoft Internet Explorer 11 or later
  • Version 3.0 also supports Mozilla Firefox 26 or later and Google Chrome 32 or later

Collection Server Requirements (Data Vault)

  • Windows 7 through Windows server 2016
  • Virtual support for VMware, HyperV

Endpoint Requirements

  • Windows XP and higher
  • macOS High Sierra, Sierra, El Capitan, Yosemite
  • Redhat Linux 7.0 and higher, 32 and 64-bit versions
  • CentOS, Mint, Cinnamon, 32 and 64-bit versions

Buy Via Partner Buy Via Partner