Symantec Revamps Its APT Defense StrategyEDR, Cloud Sandboxing & Correlation Tech Unified Under New Offering
Security software company Symantec Corp. is introducing its Advanced Threat Protection solution, its first major product announcement since the company sold its information management arm Veritas, to set itself up as a stand-alone security vendor. With this offering, Symantec will be taking on established security product vendors in the advanced threat detection space like FireEye, Palo Alto and others.
Detection and remediation of threats on the endpoint has remained a challenge for enterprises in the age of custom polymorphic malware and advanced zero-day attacks. EDR solution maturity has remained nascent and Gartner and other industry observers have predicted that security vendors will explore the space more vigorously in the coming years to better defend against advanced and targeted attacks. (See: EDR - Hunting on the Endpoint)
The prediction may have come through, at least in Symantec's case. "The announced solution covers threats from all three points - email, Web and endpoint, in addition to providing response capabilities," says Tarun Kaura, Symantec's director for solutions product management, APJ. "It goes further than just detecting and blocking threats, by providing a means to effectively mitigate these threats as well, which was missing earlier."
In an interview with Information Security Media Group, Kaura says the solution consolidates Symantec's key security technologies - its endpoint security service and associated file reputation services, and its global threat intelligence service. The new solution adds a sandbox and correlational analysis - both in the cloud, Kaura notes, and aims at providing the operator with a unified dashboard to detect, and more importantly begin responding to advanced threats. The new solution will leverage Symantec's existing lead in the endpoint space, by delivering these additional defense-in-depth functionalities through the existing endpoint agents.
Several experts have pointed out that point solutions aimed at individual security issues are no longer effective, because organizations are being overwhelmed with a deluge of data that they have no way of operationalizing. With most vendors pushing for unification of various point solutions and offerings, how well Symantec's effort to bring together its key security technologies under a single umbrella will pan out may set the standard. (see: Security Focus Shifts to Detection).
However, Kaura says that Symantec's ATP solution, while providing EDR services, only connects to Symantec's own global threat intelligence feed. "While we connect to third-party feeds from a telemetry capture point of view, there are no plans at present to correlate directly from these feeds," he says. This would mean that enterprises have existing threat feed/subscriptions, will not be connected to Symantec's EDR solution at this time.
In this in-depth interview (see audio link below photo), Kaura describes how the new service will operate and what it means for existing and new Symantec customers. He also shares insights on the market forces that prompted this move and Symantec's overall strategy.
- Details on the advanced threat protection solution;
- Differentiators from competing solutions;
- The company's new strategy and views on the current threat landscape.
Kaura is the director for solutions product management for Symantec in the APJ region. Previously, he led the system engineering and solution architects team for Symantec in India. He has more than 15 years of experience, including roles at Wipro, EMC and IBM, and has expertise in server consolidation, virtualization, data availability, service management, information security and cloud technology.