Endpoint Protection

 View Only

  • 1.  Protection for Active Directory?

    Posted Dec 26, 2019 11:45 AM

    Strangely, Symantec doesn't offer documentation on this new feature that has populated in my feature set list in my Client Deployment Wizard, and manual installs.

    1. WHAT is this feature and what does it do?

    2. Does this feature require backend installation onto a server for for product to work?

    3. Can anyone tell me where some documentation is for this feature and what it does? There is no available information on Symantec website or in google searches. It's quite baffling.

     



  • 2.  RE: Protection for Active Directory?

    Broadcom Employee
    Posted Dec 26, 2019 10:12 PM

    The package is for exporting and deploying the Symantec Endpoint Threat Defense for Active Directory (TDAD) which is a solution that protects the Active Directory. 

    This is only meant for deploying package.  More information about the threat defense can be found here 

    https://support.symantec.com/us/en/article.DOC11237.html

    This should answer your question

    TECH255988
    Deploy Threat Defense For Active Directory with SEP
    Last Updated September 19, 2019
    https://www.symantec.com/docs/TECH255988

     

     



  • 3.  RE: Protection for Active Directory?

    Posted Dec 26, 2019 10:25 PM

    Not quite.

     

    1. Does this mean its only meant for Domain Controllers?
     

    2. Is it not meant for endpoint clients?

    3. If I install it, how and what does it affect?

    I'm still convinced nobody knows what this package does.



  • 4.  RE: Protection for Active Directory?

    Broadcom Employee
    Posted Dec 27, 2019 01:38 AM

    The agent package can be installed on Endpoint ( windows currently supported). 

    <main>

    From the endpoint, Threat Defense for AD effectively controls the attacker’s perception of the organization’s internal resources—all endpoints, servers, users, applications, and locally stored credentials. This solution autonomously learns the organization’s Active Directory structure in its entirety and uses this data to create an authentic and unlimited obfuscation.

    • Disrupt reconnaissance activity and contain the attack at the point of
      breach
    • Prevent attackers from using Active Directory to steal credentials and move laterally
    • Force attackers to give themselves away quickly by creating a false AD environment on the endpoint

    Some videos help 

    https://www.symantec.com/products/endpoint-threat-defense-for-active-directory

     

    Earlier link have the documentation on the PoC perspective. 

    Please let know if more information is required.

    </main>


  • 5.  RE: Protection for Active Directory?

    Posted Jul 26, 2020 08:04 PM
    So...? This feature should only be enabled on the DC? or all the servers joined to the Domain..?
    Original Message


  • 6.  RE: Protection for Active Directory?

    Posted Jul 27, 2020 03:04 AM
    Edited by atb86 Jul 27, 2020 03:10 AM

    Hi,

    Threat Defense for Active Directory was a separate product you could buy that integrates with SEP. I'ts now included in the Symantec Endpoint Security Complete suite (SESC).

    It has a separate management and you install the module on every endpoint in your domain. It will not be active on endpoints running Active Directory (even if the module is present on the machine).

    In contrast to Microsoft ATA which monitor the traffic destined for the domain controller (tap/span) , TDAD monitors the behaviour directly from the compromised endpoint.

    Regards,

    Andreas


    Original Message