Symantec EDR
fits into your cybersecurity framework

In February 2014, the Commerce Department's National Institute of Standards and Technology (NIST) created the
Framework for Improving Critical Infrastructure Cybersecurity 1.0
(the "Framework"). The Framework was designed to help organizations plan for and address cybersecurity threats.
Cybersecurity core functions describes how
Symantec Endpoint Detection and Response
can help your organization with cybersecurity preparedness, detection, and response.
Cybersecurity core functions
Perform an internal assessment of your organization to identify your potential risks and security goals. Develop a risk management strategy based on your business needs.
Symantec EDR
's network control point analyzes incoming data streams while they travel through the network.
Symantec EDR
uses this information to create events and generate incidents to help you find potential threats in your environment. When you configure
Symantec EDR
to use the inline block operation mode,
Symantec EDR
blocks access to the files and external computers that it detects are malicious. You can further control the files and websites that
Symantec EDR
blocks or doesn't block through Blacklist and Whitelist policies.
Symantec EDR
may be unable to block 100% of malicious detections, such FTP file downloads.
When you integrate
Symantec EDR
, you can also perform remediation tasks through the
EDR appliance console
(such as deleting infected files).
When you integrate the
Symantec EDR
network control point with
, the
cloud service can correlate events from each product to give you a comprehensive picture of threats to your network, endpoints, and email system.
Symantec EDR
shows the threats that it detects on the Dashboard and in the Incident Manager. You can also view all the events that have occurred in your organization chronically.
Symantec EDR
to search for indicators of compromise (IOC) and to find artifacts.
Symantec EDR
can search for these items in the
Symantec EDR
database and on your endpoints. If you enable the endpoint activity recorder, it can also search within the endpoint's activity recorder.
Symantec EDR
can automatically send you notifications when incidents are created. It can also log events to syslog so that you can import them into your security information and event management (SIEM) system.
Symantec EDR
provides the one-click containment and remediation capability that works across endpoints, network, and email control points. For example, you can delete a malicious file from an endpoint or isolate a breached endpoint.
After a threat has been contained, follow these best practices to analyze how the breach occurred and to prevent similar breaches in the future.
You can also run reports, which are useful for analyzing the number and types of attacks that occurred in your environment.
Additional resources