Symantec updates advanced threat protection portfolio
New solutions to provide holistic security and protect against zero-days, vendor says
Symantec today unveiled an updated portfolio of advanced threat protection (ATP) solutions, including a managed service dedicated to ATP.
The solutions are aimed at increasing the speed with which organisations can respond to threats, as well as improving the detection rate of zero-day attacks. Symantec focused particularly on the fact that its updated ATP solutions cover the network holistically.
"To successfully defend against the types of targeted attacks we're seeing today, you need to expand the focus from prevention to detection and response," said Brian Dye, senior vice president of Symantec Information Security.
"Network security alone isn't going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint. Organisations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. Symantec is bringing that powerful arsenal to market."
The managed service ATP solution, to be available in June 2014, would "significantly" reduce the time it takes to detect, prioritise and respond to security incidents, Symantec said. The solution will produce integration between the solution's endpoint security and third-party network security vendor products, Symantec added.
Using data from across the network, the solution enables customers to quickly contain, investigate and remediate unknown and zero-day attacks that evade traditional security solutions, the vendor claimed.
To reduce the number of false positives, Symantec has partnered with a number of other vendors with the Advanced Threat Protection Alliance, which includes Check Point, Palo Alto Networks and Sourcefire. Symantec said that, through this ecosystem, the detection and correlation of malicious network and endpoint activity helps reduce false alerts by pinpointing important incidents.
The main ATP solution is scheduled to be in beta testing within six months and generally available within the next 12 months, Symantec said. The vendor described it as an end-to-end solution that will deliver integrated advanced threat protection across the endpoint, e-mail and gateway to provide customers with detection and response capabilities at each respective control point.
Symantec said it would also introduce two new services within the next six months - an Incident Response service, and an Intelligence service. The first would provide customers with immediate access to critical capabilities, knowledge and skill sets during incident response scenarios, while the second would provide threat visibility and analytics that create insights into risks to cyber-assets, Symantec said.
Jon Oltsik, senior principal analyst at Enterprise Security Group, said that Symantec's moves were encouraging to see as enterprise security needs change.
"There is a significant need in the market for greater advanced threat protection, and many vendors do not have the holistic coverage or full-functionality needed to adequately detect and respond to targeted attacks," he said.
"Symantec is well positioned to deliver an end-to-end advanced threat solution by building on the technologies it offers today, integrating across its portfolio, and delivering it as a service enhanced by an evolving partner ecosystem."