Content and Malware Analysis

Content Analysis is the most effective way to detect file based malware. It integrates with Symantec Proxy, ASG, WSS, Endpoint Protection, ATP Platform, Secure Message Gateway, CASB, Email Security Service, & WAF.

Content Analysis combines multiple engines – white list, black list, dual anti-virus, and advanced machine learning – to identify advanced malware. It also has the option for full emulation and virtual detonation sandbox to replace less effective sandbox technologies.

Content Analysis can submit files to 3rd party sandboxes including FireEye and Lastline, driving

  • 4x better malware detection
  • Dramatically reduced sandbox capacity from pre-filtering and centralizing sandbox capacity
  • Ability to leverage proxy to decrypt SSL/TLS
  • Dramatically reduced incident queues from preventative architecture

Content Analysis is offered as an appliance, virtual appliance, and cloud service.

Symantec Endpoint Detection and Response

Keep attacks from turning into breaches

Symantec EDR – aka ATP Endpoint – applies machine learning and behavioral analytics to detect and expose suspicious activity. It enables you to hunt for threats by searching for indicators of compromise across all endpoints in real time.

Symantec EDR prioritizes incidents allowing you to navigate endpoint activity records for a full forensic analysis of potential attacks.

You can contain suspicious events using advanced sandboxing, blacklisting, and quarantine;  seal off potentially compromised endpoints during investigation with endpoint isolation. And, finally, delete malicious files and associated artifacts on all impacted endpoints.

Symantec’s EDR agent is already consolidated into your Symantec Endpoint Protection agent on Windows, Mac, Linux. Extend EDR to non-SEP devices with Cloud EDR

  • Proactively detect attacks on endpoint and email
  • Quickly investigate scope, scale, and attack details
  • Quarantine suspicious processes and events
  • Remediate impacted endpoints

Symantec Network Forensics: Security Analytics

Full-packet capture for Advanced network security forensics

Symantec Security Analytics delivers enriched, full-packet capture for full network security visibility, advanced network forensics, anomaly detection, and real-time content inspection for all network traffic.

Armed with this detailed record, you can conduct forensic investigations, respond quickly to incidents, and resolve breaches in a fraction of the time you would spend with conventional processes. Security Analytics is an advanced network forensics analysis and analytics tool enabling you to:

  • See the full source and scope of attacks and respond faster
  • Arm incident response teams with clear, concise answers and evidence
  • Use unrivaled data enrichment and threat intelligence
  • Add context to existing security tools
  • Integrate with Symantec ATP to extend investigations across network, endpoint and email