Symantec Advanced Threat Protection - Short Review

Symantec Advanced Threat Protection (ATP) Overview

Symantec Advanced Threat Protection (ATP) is a comprehensive security solution designed to protect organizations against sophisticated and evolving cyber threats. This solution is part of Symantec’s broader security portfolio and is engineered to detect, prioritize, investigate, and remediate advanced threats across multiple vectors, including endpoints, networks, email, and web traffic.

Key Components

Symantec ATP is composed of several modules that can be used standalone or integrated:

• Endpoint: This module provides Endpoint Detection and Response (EDR) capabilities without the need for additional endpoint agents. It offers full visibility across all endpoints, enabling the investigation of suspicious events and the quick identification and remediation of threats. Users can conduct instant searches for indicators-of-compromise and remediate threats across all endpoints in minutes.
• Network: This module focuses on ingress-level protection of internet traffic, leveraging Symantec Synapse correlation technology to automatically determine if a detected threat has been blocked by existing Symantec Endpoint Protection. It reduces the number of security events analysts need to examine by prioritizing critical events and integrating data from Symantec’s global sensor network.
• Email: This module protects against threats delivered via email, including file attachments. It is activated through a simple backend process, enhancing protection without additional complexity.

Key Features and Functionality

• Unified Threat Protection: Symantec ATP integrates threat analysis across endpoints, email, and network traffic, providing a unified view of security events. This integration is powered by Symantec Synapse technology, which correlates security data to identify and prioritize the most critical threats.
• Global Intelligence Network: The solution leverages Symantec’s massive global intelligence threat network to provide real-time threat intelligence. This network analyzes a vast volume of threat data to detect advanced threats, vulnerabilities, and malicious behavior, enabling organizations to respond quickly and effectively.
• Automated Threat Analysis and Remediation: Symantec ATP automates the process of detecting and remediating threats. Once a malicious event is identified, users can contain and remediate all instances of the threat with a single click, eliminating the need for manual intervention across multiple endpoints.
• Dynamic Adversary Intelligence: This feature provides a high-value feed of actionable intelligence data extracted from comprehensive investigations into targeted attacks. It helps organizations quickly identify if they are being targeted by specific threat actors, enabling more appropriate and timely responses.
• Cloud-Based Sandbox and Detonation: Symantec ATP sends unobserved executables to a secure cloud-based sandbox for detonation, where they are analyzed across various OS and application environments to determine their risk profile. This process helps in identifying and mitigating unknown threats before they can cause harm.
• Reduced Alert Noise: The solution uses intelligent alert systems that check across multiple control points to ensure that only unresolved, high-risk incidents are highlighted, reducing the volume of alerts and allowing security teams to focus on the most critical events.

Benefits

• Enhanced Visibility and Control: Provides full visibility across all endpoints and integrates data from various security control points to give a comprehensive view of the security posture.
• Rapid Detection and Response: Reduces the time to detect and respond to threats from months to minutes through automated analysis and remediation.
• Simplified Deployment: Does not require the deployment of new endpoint agents, making it easy to integrate with existing Symantec solutions.
• Global Contextual Insight: Offers global context on potential threat activity, enabling organizations to understand and respond to threats more effectively.

Symantec Advanced Threat Protection is designed to address the evolving landscape of cyber threats by providing a robust, integrated, and automated security solution that enhances an organization’s ability to detect, prioritize, and remediate advanced threats efficiently.