Managed service aimed at cutting down on the number of events staff have to investigate
Symantec Corp. is launching a slate of new security solutions for the enterprise, focused on an approach that shows IT staff only the most dangerous attacks headed their way – and letting them avoid the ones that aren’t immediate threats.
The company said Monday it will roll out its Managed Security Service-Advanced Threat Protection solution in June. The solution is the fruit of a slew of partnerships signed with other security solutions providers, including Palo Alto Networks, Cisco Systems’ Sourcefire division, and Check Point Software Technologies.
It allows an organization to check incoming advanced persistent threats that have passed through the firewall and gone to an endpoint. If the organization has set up protections against that threat, the threat is simply logged and recorded. If not, an IT administrator gets an alert and can start figuring out a plan for defense.
The goal is to cut down on the amount of threats that IT administrators need to investigate, said Piero DePaoli, director of product marketing for Symantec’s endpoint, messaging, and web security. He gave the example of one of Symantec’s larger customers, which recorded 256 billion attacks leveled against it last year. Those attacks generated 350,000 events, which sounds like an improvement – except the customer’s security staff had to investigate all of those events and boil them down to 3,000 that required action.
“The attackers are just getting more sophisticated, and companies have to deploy loads of resources to make sure that they’re protected,” DePaoli said.
“The idea that we want to be able to do, for organizations, is get to those 3,000 more quickly. Turn off the noise of these different events, and be able to make it so that you’re working on the things that are the most important.
Symantec is also releasing a parallel solution, branded simply as Advanced Threat Protection. It will be available in beta within six months, and generally available within the next 12 months. While this solution is similar to the Managed Security Service-Advanced Threat Protection offering, it’s a more of a “combination of product and service,” DePaoli said. It offers security capabilities at the gateway, and it also provides add-ons across the gateway, email, and for endpoints, trying to detect threats in these three areas.
Advanced Threat Protection also gives users access to a dynamic malware analysis service, which takes samples of incoming files and compares them to known threats in first the gateway, and then the Symantec cloud. The service then runs the file in a cloud-based sandbox environment, applying behavioural technology to figure out if it is a piece of malware or not.
The other service offered is Synapse, which enables communication between all the different pieces in the solution. For example, it will check to see if a threat was detected by email, by the gateway, or by an endpoint, and then let an administrator know whether he or she needs to deal with the threat.
For both of these solutions, there’s a heavy focus on using intelligence to fend off attacks, DePaoli says. Despite Symantec’s reputation as a company focused on anti-virus solutions, it’s not really enough to focus on anti-virus protection – and it hasn’t been for years, he added.
“The ability to understand what’s going on has become critically more important because technologies that are reactive such as anti-virus, you just aren’t protecting organizations any longer,” he said.
“Just the increase in these targeted attack campaigns, and these very public mega-breaches that have happened over the last several months, have just highlighted the awareness of folks that they need more information to get protected.”
“Something’s going to get through, and the ability to quickly detect and quickly respond to that, it requires intelligence to do that detection and response.”
Symantec also announced two other offerings, Incident Response and Managed Adversary Service, both of which should be available in the next six months.
Incident Response is geared towards organizations who have suffered an attack and need to figure out what to do next. Customers using Incident Response will be able to tap into information, resources, and the help of Symantec staff with expertise in event monitoring, threat intelligence, and forensics.
For Managed Adversary Service users, they’ll be able to get information on bad URLs and bad addresses, helping them identify where an attack is coming from, what group is behind it, and what that group’s motivations might be. Depending on the data available, service users might be able to figure out exactly which group is targeting them, DePaoli said.
Pricing for these solutions hasn’t been made available yet, but most of these are likely to be priced based on a subscription model, he added.