What is Adaptive Protection in SES Complete?
Adaptive Protection is a feature of Symantec Endpoint Security Complete that helps block advanced attacks before they can take hold. It learns how commonly exploited applications function in your environment and automatically blocks malicious behaviors while allowing legitimate use. This proactive approach helps close off avenues of attack, making it difficult for attackers to leverage legitimate tools like PowerShell for malicious purposes.
How does SES Complete handle data collection?
SES Complete collects extensive data from endpoints, generating approximately 1 GB of data per endpoint per day. It uses a distributed database to store this data, keeping the most relevant information in the cloud for easy access while retaining additional data on endpoints. Administrators can control what data is recorded and where it is stored, allowing for tailored data management based on organizational needs.
What happens if an attack is not blocked?
If an attack is not blocked, SES Complete enters a Monitor Only mode, where it alerts users to suspicious activities without blocking them. This allows for real-time monitoring and analysis of the attack's progression. SES Complete provides detailed incident reports, including high-severity alerts for credential theft and privilege escalation, enabling organizations to respond effectively even after an attack has begun.
.PNG "TommyTQL")
Sign in with LinkedIn