StarUSA

Customer PortalContact UsHelp DeskLogon to E-MailRefer a FriendFollow Us on Twitter



 

 

Office (570) 457-5727    Toll-Free (877) 650-4824

Endpoint Protection

Our Symantec Endpoint Protection product combines a number of computer security technologies including:

  • Antivirus and Antispyware
    Antivirus and Antispyware scan for both viruses and for security risks. Some examples of security risks are spyware, adware, and other files that can put a computer or a network at risk.
  • Personal Firewall
    The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet. The firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
  • Intrusion Prevention
    The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it. On Windows computers, intrusion prevention also detects and blocks browser attacks on supported browsers--Internet Explorer and Firefox.
  • Proactive Threat Scanning
    Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.
  • Device and Application Control
    Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow the applications that try to access system resources.

What does Intrusion Prevention do that Antivirus protection does not?

Antivirus technology is strong, effective technology that protects your computer from files that are on the hard drive. Intrusion Prevention System technology is strong, effective technology that prevents malicious files from getting to your hard drive in the first place.

Unlike antivirus, which looks for known malicious files, IPS scans the network traffic stream in order to find threats using known exploits and attack vectors. IPS does not detect specific files, but rather specific methods that can be used to get malicious files onto your network. This allows IPS to protect against both known and unknown threats, even before antivirus signatures can be created for them.

For example, the Downadup/Conficker worm uses a known vulnerability, the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability, to spread to unpatched computers. When the worm was released, antivirus technology could not stop the infection until virus definitions were written for the file. Since IPS already had signatures for the RPC Handling vulnerability, however, computers running IPS were protected before the worm was ever released.

IPS is very good at detecting "drive-by" downloads of malware and fake antivirus scanner web pages, which Auto-Protect cannot prevent. In today's complex threat environment, this technology is an effective complement to antivirus technology, and its usage should be considered a necessity on any network that is connected to the Internet.

StarUSA Remote Management and Monitoring

StarUSA combines this powerful product with integration into our Help Desk system to provide a managed computer security environment that allows us to monitor the status of your systems around the clock.