Norton 360 is an old dog that detects viruses by looking signature patterns in files to see if we are infected. The Cyber Criminal community has gotten smarter and more creative and Norton has not kept up. Products like Crowdstrike and SentinalOne are going beyond signature sand leveraging new EDR (Endpoint Detection and Response) features that look at behaviors and memory resident cyber attacks.
When is Nortong going to expand into these areas to keep our systems safer?
A friend and college of mine was hit by a cyber attack where the lastest and greatest Norton 360 DID NOT detect the breech. After a forensic consulting team reviewed the systems, it was recommended that they remove Norton and expand into SentinelOne or Microsoft Defender for Business as they have these extended EDR capabilities.
If this is on Norton’s short-term roadmap, I would like to know, otherwise, I may migrate to one of these other products.
Du skal ikke skifte før 26.1 der er en big update jeg ved ikke vad er i den men jeg tror det bliver det en mega update jeg tror de rette rigtig mange fejl i den opdatering nå nu får vi at se
jeg ved ikke hvornår den opdatering kommer men den kommer husk jeg er ikke sikker på noget men jeg vil vente til efter den opdatering jeg har ikke fået noget at vide om at den skulle være stor det er kun en ide jeg har ikke andet da jeg tror at næste opdatering af alle opdatering er støre end vi lige går og tror men som jeg siger det er ikke sikkert det er kun en ide jeg har ikke andet
Hello @SZ1
Norton 360 includes behavioral analysis, AI, and advanced machine learning in its detection mechanisms, going beyond simple signature matching. However, it is a consumer-focused product and does not offer the full suite of dedicated Endpoint Detection and Response (EDR) capabilities found in enterprise solutions like SentinelOne or CrowdStrike.
How Norton 360 Detects Threats
Your assessment that Norton relies solely on signature patterns is inaccurate. Norton 360 uses a multi-layered approach to protection, which includes:
Signature-Based Detection: Identifying known malware using a database of signatures.
Behavioral Protection: Utilizing AI to classify applications based on their behavior, blocking those that display suspicious activity, such as a typical application trying to access your email contacts.
Advanced Machine Learning: Analyzing files using emulation to predict what they will do before allowing them to run on your system, which helps catch new or “zero-day” threats.
Intrusion Prevention System (IPS): Analyzing incoming network traffic to block potential threats at the network level.
AI-Powered Scam Detection (Genie): Using AI to detect scams within emails, text messages, calls, and even deepfake videos.
Norton 360 vs. EDR Solutions
While Norton 360 incorporates behavioral and AI analysis, it is fundamentally different from a dedicated EDR solution like SentinelOne or CrowdStrike.
Scope: Norton 360 is designed for individual consumers and small businesses, providing comprehensive protection for specific devices with features like a VPN and dark web monitoring.
EDR Focus: EDR platforms are designed for IT security teams with more mature incident response processes. They offer extensive visibility into network and user behavior across an entire organization, enabling deep threat hunting, automated incident response, and detailed forensic investigation capabilities that consumer products do not provide.
Migration Considerations
Norton is continuously updating its product with advanced features to combat new threats. However, the core difference remains the intended use case: Norton is a robust antivirus solution with a full suite of consumer-oriented features, while SentinelOne and Microsoft Defender for Business are geared toward the rigorous EDR needs of businesses and enterprises.
If your requirements align with your colleague’s, which necessitate deep forensic review, network-wide visibility, and sophisticated threat hunting, then migrating to a dedicated EDR platform like SentinelOne or Microsoft Defender for Business is the recommended course of action. Norton 360, even with its advanced AI, does not currently offer the enterprise-grade EDR management console and capabilities of those platforms.
=====================================
Norton 360 is a consumer-focused antivirus product , while SentinelOne and CrowdStrike are enterprise-grade Endpoint Detection and Response (EDR) platforms designed for businesses with dedicated security teams. They serve different needs and are not directly comparable in terms of EDR capabilities.
Norton 360: Consumer Protection
Norton 360 is designed for individual users and small businesses, providing an easy-to-use, all-in-one security suite. Its features include:
Real-time Antivirus Protection: Uses a combination of signature-based, behavioral, and AI analysis to detect and block malware.
Integrated Features: Comes with a password manager, smart firewall, cloud backup, VPN, and dark web monitoring.
Simplicity: Offers a straightforward setup and user experience, with less emphasis on granular configuration or extensive forensic tools.
SentinelOne & CrowdStrike: Enterprise EDR/XDR
SentinelOne (Singularity Platform) and CrowdStrike (Falcon Platform) are robust cybersecurity solutions for enterprises that require sophisticated tools for threat hunting, incident response, and compliance tracking. Their key differentiators from Norton 360 include:
Endpoint Detection and Response (EDR): Provides deep visibility into all endpoint activity, allowing security teams to investigate, manage, and respond to incidents.
AI and Machine Learning: Both use advanced AI to autonomously detect and mitigate threats, often without requiring cloud connectivity for initial response.
Threat Intelligence & Hunting: They offer extensive, actionable threat intelligence feeds and managed threat hunting services to proactively identify advanced persistent threats.
Scalability & Management: Designed to manage thousands of endpoints across complex hybrid environments through a unified, cloud-native console.
EDR (Endpoint Detection and Response) focuses solely on endpoint devices, while XDR (Extended Detection and Response) broadens the scope to integrate data from multiple security layers across the entire IT environment. XDR essentially builds on EDR capabilities to provide a more holistic and unified view of threats.