WannaCry and Symantec: All you need to know is that you are protected

The story of WannaCry ransomware and critical vulnerability of Windows operating systems occupied the attention of entire security community and users since the end of last week. Widespread infection and danger was reflected in the interest of local media outlets that have addressed, or at least tried to address, this issue. We have also given our take on this subject, explaining why and where, and will use this space to highlight products from Veracomp’s portfolio that can successfully block this and other similar threats.

Symantec, one of the world’s leading cyber security vendors, has successfully blocked nearly 22 million WannaCry infection attempts initiated on 300,000 end-point computers thanks to implicit integration of main products in the Symantec portfolio –  Symantec Endpoint Protection – and the acquisition of Blue Coat’s ProxySG solution. One of the world’s largest shared threat databases – Global Intelligence Network – delivers new information through a number of connected products covering web, email and end-to-end computers.

Wannacry? No need to, it’s not that bad

What steps does Symantec take to protect its users?

All Symantec Endpoint Protection 14 and 12 users are already protected by a variety of layers, i.e. product functionalities:

  • Standard definitions cover well-known versions of WannaCry ransomware, and new definitions are and will be constantly available through updates and Intelligent Threat Cloud functionality offering faster protection
  • Additional functionalities like Advanced Machine Learning and SONAR module use heuristic methods to detect new threat variants
  • The IPS (Intrusion Prevention System) module prevents the spread of malware via SMB protocol

Existing Blue Coat users are also protected

  • Existing users of Blue Coat’s Content Analysis System (CAS) are equally protected from web-based threats as users of SEP products
  • Although the World Wide Web is not the primary vector of infection, previous integration of Symantec and Blue Coat threat databases (GIN – Global Intelligence Network) created a more extensive database of known malicious websites
  • Latest version of the Blue Coat Content Analysis System (version 2.1) now features the sandbox option on the device itself, as well as direct integration with SEP. This ultimately means that information about new threats detected on the CAS product is automatically shared with all agents in the endpoint environment.

As always, best protection methods include user education, properly configured products, and installation of latest patches on all operating systems.

More information:

Veracomp recently became a distributor of Symantec’s portfolio of security products, which was strengthened and expanded by last-years acquisition of Blue Coat, as well as being the only provider of Secure One Services (formerly Blue Touch Support Provider) and Security Analytics Specialist in the region. If you would like to know more about Symantec products, please contact us via this form.