Endpoint Detection and response procedures for blocking and attacks against frequent threats in a correct way

    Advanced threat protection levels represent a fundamental role in securing the volume of information in companies in such a competitive market businesses are constantly looking to improve security by implementing New strategies which are just and necessary even if the goal is to be aware of cyber attacks that are recorded daily with new malicious elements. It is more than clear that one of the most sought after targets for threats are the endpoints that somehow or other keep these remote attacks as best as possible or neutralizes momentarily.

    The objective of this article has the technical and specific purpose of explaining how Symantec Endpoint Detection and response should be used to avoid activating the blocking of new threats and neutralising them in real time.

    ¿Is it possible to stop the attack of these threats? Symantec's advanced threat protection products are the solution to increase the control status of all suspicious activities to stop them on time and in this way to ensure success, these are the procedures that must be achieved to obtain the expected result.

                                                                                  Procedures

1. Start the search for threats, alerts, in a pane of more visibility after the automated responses a diagnosis begins and as a result a report to evaluate the situation and together a decision to treat the threat.
2. Revision and control of all the devices in search of additional threats that are part of a weak point and cause of the data leakage so it will be allowed to give a value more accurate to the weaknesses or vulnerablilidades with which the volume data are committed.
3. Continuous supervision of how the application maintains its behavior or if it generates some unexpected alteration outside the established parameters.
4. Each suspicious activity diagnosis must be carried out separately with the objective of elaborating a concrete report of the threats of each affected sector and then totaling a percentage of threats to the system by reinforcing security with extra tools that allow an immediate response to the problem.

    After having successfully performed the visualization, supervision, revision and control of all the devices that may be being infected by the thre ats is proceed to run SymantecEndPoint Detection, it is important to have the latest version because the upgrades have a higher response capacity and 3 times higher throughput.

                                                   It is advisable to run the attacks from the following order:

1. Elimination of threats in the cloud, here is the most information of the company therefore it is essential to execute the attack from the cloud.
2. Elimination of threats in devices, emails, and all vulnerable and infected areas.
3. Elimination of gaps that are the cause of infections as other endpoints and devices related to the problem.
4. Apply debugging throughout the system especially in the affected areas.

    The threats always are to the order of the day in indefinite hours so it is advisable to create a unit of backup of all the data of the different areas of the company and to replenish the loss of information that could have been cause of leakage or infection In addition to carry out a daily analysis after having executed the elimination of threats this will allow to make a more accurate forecast for the implementation of more Symantec tools that allow to make the process easier in the next threats and the Advanced Symantec Threat Protection system stands firm in eliminating all kinds of threats that put information and devices at risk.