Symantec is publicly pulling the wraps off of its Symantec Endpoint Protection 11.0 beta release, aka Hamlet. This is the long awaited consolidation of the Sygate and Whole Security acquisitions with Symantec AntiVirus into a comprehensive package. Integrating products from diverse organizations is never easy. Still, the best parts of the Hamlet story are those that improve security for customers:



+ Protection against zero-day threats. Whether you call it intrusion prevention, anomaly detection or a behavioral approach, the important thing is that Hamlet detects attacks without requiring signatures. John Thompson in his keynote address mentioned that this technology has detected 35,000 new attacks.

+ Vulnerability-based signatures. SEP implements technology that keys on announced vulnerability signatures. The old style would require a unique signature for each mutation of an attack. This is a concept that TippingPoint introduced years ago and Symantec is bringing it to the desktop. It means that a single vulnerability-based rule can provide automatic protection against variants of an attack.

+ Control device usage. Endpoint Protection can make sure that IT can control access to devices, such as those pesky things you plug into your USB port. This can be a big deal since a company's entire source code library can easily walk out the door on a personal device such as an iPod.

+ A new management console purports to make it much easier to manage enterprise deployments of SEP. Anything to make it easier to administer endpoint security is a good thing and may give Symantec greater stickiness in the account.

To be sure there are things that the beta version of Symantec's Endpoint Protection does not do. The importance of these features will vary by organization:

- Transparent content encryption did not make it into the release. While this is not a big deal for desktops, customers with sensitive data on laptops will have to deploy an additional product.

- The client has the NAC code included in the kit, but it needs a separate paid license to activate this via the management console. It seems to make more sense in solving the customer problem to give NAC policy capabilities to Symantec endpoint software, and let the enterprise pay to extend the capabilities to non-Symantec applications.

Hamlet is just entering Beta so the jury is still out on the new features and performance. I like what I see thus far and will be downloading the beta when I get home tomorrow.