Advanced Threat Protection

Preventative Protection, Detection, Investigation, & Resolution

Efficient investigation, and remediation processes are critical in today's high stakes security world. Symantec provides the telemetry that feeds our targeted attack detections, the deep forensic records that speed investigations, and powerful tools to quickly remediate breaches. Built on strong preventative protections in endpoint, network, email and cloud infrastructure.

Content and Malware Analysis

Content Analysis is the most effective way to detect file based malware. It integrates with Symantec Proxy, ASG, WSS, Endpoint Protection, ATP Platform, Secure Message Gateway, CASB, Email Security Service, & WAF.

Content Analysis combines multiple engines – white list, black list, dual anti-virus, and advanced machine learning – to identify advanced malware. It also has the option for full emulation and virtual detonation sandbox to replace less effective sandbox technologies.

Content Analysis can submit files to 3rd party sandboxes including FireEye and Lastline, driving

  • 4x better malware detection
  • Dramatically reduced sandbox capacity from pre-filtering and centralizing sandbox capacity
  • Ability to leverage proxy to decrypt SSL/TLS
  • Dramatically reduced incident queues from preventative architecture

Content Analysis is offered as an appliance, virtual appliance, and cloud service.

Symantec Endpoint Detection and Response

Keep attacks from turning into breaches

Symantec EDR – aka ATP Endpoint – applies machine learning and behavioral analytics to detect and expose suspicious activity. It enables you to hunt for threats by searching for indicators of compromise across all endpoints in real time.

Symantec EDR prioritizes incidents allowing you to navigate?endpoint activity records for a full forensic analysis of potential attacks.

You can contain suspicious events using advanced sandboxing, blacklisting, and quarantine;? seal off potentially compromised endpoints during investigation with endpoint isolation. And, finally, delete malicious files and associated artifacts on all impacted endpoints.

Symantec’s EDR agent is already consolidated into your Symantec Endpoint Protection agent on Windows, Mac, Linux. Extend EDR to non-SEP devices with Cloud EDR

  • Proactively detect attacks on endpoint and email
  • Quickly investigate scope, scale, and attack details
  • Quarantine suspicious processes and events
  • Remediate impacted endpoints

Symantec Network Forensics: Security Analytics

Full-packet capture for Advanced network security forensics

Symantec Security Analytics delivers enriched, full-packet capture for full network security visibility, advanced network forensics, anomaly detection, and real-time content inspection for all network traffic.

Armed with this detailed record, you can conduct forensic investigations, respond quickly to incidents, and resolve breaches in a fraction of the time you would spend with conventional processes. Security Analytics is an advanced network forensics analysis and analytics tool enabling you to:

  • See the full source and scope of attacks and respond faster
  • Arm incident response teams with clear, concise answers and evidence
  • Use unrivaled data enrichment and threat intelligence
  • Add context to existing security tools
  • Integrate with Symantec ATP to extend investigations across network, endpoint and email

Symantec 2019 Internet Security Threat Report

Our 123 million sensors record thousands of threat events per second from 157 countries and block 142 million threats daily. Use intel from the world’s largest civilian threat network to your advantage—download ISTR 24 now.

Our Products

  • Email Threat Detection and Response

    Stop targeted and advanced email attacks with powerful protection that includes complete visibility, prioritized response, and automated remediation.

  • Web Isolation

    Symantec Web Isolation prevents malware and phishing threats while allowing broad web access through the isolation of uncategorized and potentially risky traffic.

  • Encrypted Traffic Management

    Symantec Proxy and SSL Visibility Appliance decrypt traffic, feed existing security infrastructure, and maintain privacy compliance.

  • CloudSOC Cloud Access Security Broker (CASB)

    Security without compromise: the broadest, deepest protection for the public cloud.