Symantec ATP – The New Rules of Threat Protection

Symantec™ Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and remediates advanced attacks.  It leverages an organization’s existing Symantec™ Endpoint Protection and Email Security.cloud investments and requires no new agents.  It fuses intelligence from endpoints, networks, and email, as well as Symantec’s massive global sensor network, to stop threats that evade individual point products.  And with one click of a button, Symantec Advanced Threat Protection will search for, discover, and remediate any attack artifacts in your organization.  All from a single console.

Symantec™ Advanced Threat Protection: Endpoint

Uncover, prioritize, and remediate advanced attacks across all of your endpoints whether they are inside or outside the network, adding Endpoint Detection and Response (EDR) capabilities to your existing investment in Symantec™ Endpoint Protection. Detect new threats with the Symantec Cynic™ sandbox, and with one click of a button, you can search for, discover, and remediate any attack artifacts in your organization.  The Symantec Synapse™ correlation engine automatically matches events with Symantec™ Email Security.cloud and Symantec™ Advanced Threat Protection: Network, reducing the volume of security alerts and prioritizing the most significant threats.

Symantec™ Advanced Threat Protection: Network

Uncover and prioritize advanced attacks coming into the network and detect suspicious activity happening within your organization with file reputation analysis, behavioral analysis and intrusion prevention.  The appliance automatically uses the Symantec Cynic™ sandbox for rapid detection of even the most advanced attacks.  The Symantec Synapse™ correlation engine automatically matches events with Symantec™ Endpoint Protection and Symantec™ Email Security.cloud, reducing the volume of security alerts and prioritizing the most significant threats.

Symantec™ Advanced Threat Protection: Email

Uncover advanced attacks entering your organization through email, by adding unique targeted attack identification and Symantec Cynic™ sandbox detection capabilities to Symantec™ Email Security.cloud.  Get manual analysis of new or unknown malware by Symantec analysts to determine the severity and scope of a targeted attack campaign. The Symantec Synapse™ correlation engine automatically matches events with Symantec™ Endpoint Protection and Symantec™ Advanced Threat Protection: Network, reducing the volume of security alerts and prioritizing the most significant threats.

Symantec Cynic™

Uncovering advanced attacks is faster with Symantec Cynic™, an entirely new cloud-based sandboxing and payload detonation service built from the ground up to discover and prioritize today’s most complex attacks.  Cynic sandboxing leverages advanced machine learning-based analysis combined with Symantec’s global intelligence, to detect even the most stealthy and persistent threats.

Cynic also provides the full details of a file’s capabilities and all of its execution actions, so that incident responders can quickly remediate relevant attack artifacts.  28% of today’s advanced attacks are virtual machine-aware¹, so they don’t reveal their suspicious behaviors when run in typical virtual sandboxing systems.  To combat this, Cynic also executes suspicious files on physical hardware to uncover those attacks that would evade detection by traditional sandboxing technologies.  Cynic supports all of the common file formats leveraged by today’s attacks, including MS Office, PDF, Java, Windows executables, and containers.  Finally, since this service is delivered via the cloud, it always uses the latest threat intelligence, is scalable and helps reduce customer cost.

^{1 Symantec Internet Security Threat Report volume 20, April 2015.}

Symantec Synapse™

Prioritizing and investigating events and attacks is quicker and more effective with the new Symantec Synapse™ correlation technology that aggregates and correlates all suspicious activity across endpoints, networks, and email, and fuses this with data from Symantec’s massive global sensor network to identify and prioritize just those events that are of greatest risk to the organization.  This provides a single view of all advanced attack activity in your organization, across endpoints, networks, and email, and allows you to quickly search for relevant attack artifacts across all control points.

Symantec Advanced Threat Protection uses Synapse to automatically determine if Symantec™ Endpoint Protection has already blocked and remediated the threat.  If it has already been blocked and no further action is needed, no incidents are created. Based on Symantec’s research, correlating network and email events with endpoint detections in this way will reduce the number of incidents a typical security analyst needs to examine–all without adding any new agents.

CTI is here to assist you with implementation of Symantec ATP.