Symantec tests revamp of corporate anti-virus client

Public beta of Symantec Endpoint Protection 11.0, which includes firewall, zero-day protection, and network access control features, to begin next week

Symantec will kick off its annual Symantec Vision conference next week with the first public release of its next-generation corporate anti-virus software, Symantec Endpoint Protection 11.0.

Under the code name Hamlet, the product has been available to a select group of beta testers since March, but next week it will be released in a public beta, according to Symantec. Company representatives declined to reveal Hamlet's official product name, but it's listed on the Vision conference Web site. Hamlet will be a follow-up to Symantec's AntiVirus Corporate Edition, version 10.

The new software is a major advance for Symantec, which has been working for more than a year to integrate firewall, zero-day protection, and network access control features into its anti-virus product.

"This is the next major version of the code base," said Brian Foster, senior director of product management with Symantec's endpoint security group. "With this release, we're really focused on changing the game for anti-virus."

In addition to performance improvements, Hamlet will be easier to use and to manage, Foster said.

Hamlet includes code from two recent Symantec acquisitions. It will include firewall capabilities based on the Sygate Enterprise Protection software Symantec acquired in 2005. Another new feature will be SONAR (Symantec Online Network for Advanced Response), based on code that Symantec acquired as part of its 2005 purchase of Whole Security.

Although Hamlet is a step forward, anti-virus vendors such as Symantec are playing catch-up in the fight against malware writers, who are increasingly evading detection with a large number of low-circulation variants of their code, said Andrew Jaquith, an analyst with Yankee Group.

"They still have work to do," he said. "I don't think Symantec is quite cognizant of the degree to which these variants are making their [research] labs a lot less effective."

Symantec needs to add "much more comprehensive behavior blocking" and possibly "herd intelligence" capabilities that would allow users to directly identify and share information on the latest threats, Jaquith said.

"Most of the [anti-virus] labs are like fishing boats with a drift net," he added. "They are good at catching the big fish, but the bad guys are basically flooding the ocean with little minnows that are going right through the net."

Symantec competitor McAfee is planning to announce a rival product to Hamlet next week relating to the company's "Total Protection for Enterprise with ePolicy Orchestrator security management software," a McAfee spokesman said Thursday. He declined to offer further details on the announcement, however.

The commercial version of Hamlet is expected to be available later this year. Pricing has not yet been released.

Symantec Vision runs from Tuesday to Thursday next week at the Venetian Hotel in Las Vegas.

Copyright © 2007 IDG Communications, Inc.

How to choose a low-code development platform