Symantec™ MSS Advanced Threat Protection: Integrating the Network and Endpoints to Detect Unknown...
of 3 /3
Embed Size (px)
Symantec is addressing this unmet need by partnering with a select ecosystem of network security providers to integrate industry-leading advanced threat protection across the network and endpoint, while also providing critical context to detected attacks by integrating with Symantec’s global intelligence network. Symantec's Managed Security Service - Advanced Threat Protection (MSS-ATP) capability helps minimize the potential business impact of advanced targeted attacks by enabling users to rapidly detect, assess and respond to unknown and zero day malware that evade traditional security technologies.
Transcript of Symantec™ MSS Advanced Threat Protection: Integrating the Network and Endpoints to Detect Unknown...
- Symantec MSS Advanced Threat Protection Integrating the Network and Endpoints to Detect Unknown Threats Solution Overview: Symantec Managed Security Services MSS-ATP saves you time 1. Reduces investigation of false positive alerts by automatically comparing files identified as potentially malicious to Symantec's file reputation database 2. Threats detected at the network but blocked by SEP are automatically reduced to Informational Alerts 3. Threats detected at the network but unknown to SEP are prioritized as Critical Alerts Overview Modern day attackers are launching increasingly more sophisticated, targeted attacks designed to evade signature-based security technologies. Despite having made significant investment in a range of protection technologies, security leaders still wonder whether their network has been infiltrated, how far the threats have spread and which assets have been compromised. The traditional approach of relying on disparate network and endpoint protection technologies is no longer enough. Detecting advanced targeted attacks requires an integrated, multi-layered approach uniting the best threat prevention, detection and response capabilities. Security leaders are aggressively adopting specialized 'signatureless' threat analysis and protection technologies as a critical piece of this defense strategyonly to find these products do not integrate well with existing technologies such as advanced endpoint protection. This gap forces security leaders to allocate scarce resources toward piecing together the alerts and related context from across their fragmented security architecture and intelligence sources. Accelerate Detection and Response Symantec is addressing this unmet need by partnering with a select ecosystem of network security providers to integrate industry-leading advanced threat protection across the network and endpoint, while also providing critical context to detected attacks by integrating with Symantecs global intelligence network. Symantec's Managed Security Service - Advanced Threat Protection (MSS-ATP) capability helps minimize the potential business impact of advanced targeted attacks by enabling users to rapidly detect, assess and respond to unknown and zero day malware that evade traditional security technologies. Pinpoint the Attacks that Threaten your Environment Specialized threat analysis and detection technologies are very effective at detecting unknown and zero day malware. However, these advanced detection technologies typically do not block the malicious files but rather allow them to pass through the internal network to the intended target endpoints. As a result, security teams never really know what happened to the detected file and must manually investigate whether these cyber-attacks have successfully infected the endpoints. While ever vigilant, endpoint protection technologies tend to compound the problem by creating more noise than actionable threat information. The sheer volume of endpoint and network-based detections combined with a lack of incident prioritization make it very challenging for security teams to determine where they should focus their response efforts. MSS-ATP detects and prioritizes the critical few incidents threatening your environment by automatically correlating and prioritizing network and endpoint detections, thereby reducing the noise from potential false positive alerts. MSS-ATP accelerates incident investigation by performing automatic trace back to identify the true identity of impacted endpoints, even if web proxies and network address translation would otherwise obscure this information. And because MSS leverages your existing endpoint protection software, no additional software need be provisioned, monitored or maintained. 1
- Increase Efficacy of Threat Investigations With more than 41.5 million network sensors and 133 million systems in over 200 countries providing a constant stream of telemetry, Symantecs Global Intelligence Network (GIN) offers unparalleled visibility into the constantly evolving threat landscape. Insight, the GIN's award-winning proprietary reputation-based security technology, tracks over 8 billion unique files to identify new threats as they are created. Insight is uniquely capable of detecting unknown and zero-day malware by tracking files attributes such as age, download source and prevalence within the global community and then leveraging complex algorithms to assess each file's risk level to assign a reputation score. MSS-ATP increases the efficacy of threat investigations by using Insights reputation-based file scoring to evaluate potentially malicious files detected at the network. By their nature, unknown and zero day malware have a low reputation score and are reported as suspect by Insight, signaling further investigation is necessary. Conversely, if a network-based malware detection occurs and Insight reports the involved file as having a high reputation score, this proactively indicates to a security team the possibility of a false positive detection. Bi-directional Integration Accelerates Response MSS-ATP accelerates incident response by providing bi-directional integration between endpoint security and network-based advanced threat detection technologies. This integration eliminate manual effort, allowing users to easily launch common investigation, containment and remediation tasks, ensuring security operations teams are more efficient assessing and responding to threats. Industry-leading Security Expertise Detecting known and emerging threats not only requires integrated, multi-layered technology; it requires highly specialized security expertise to decipher the complex attack patterns associated with malicious activity and then determine how to most effectively respond. Symantec accelerates time-to-response by providing in- region security experts who deeply engage with your in-house security team to understand your environment and internal processes as well as provide guidance regarding incident response. Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available. Solution Overview: Symantec Managed Security Services Symantec MSS Advanced Threat Protection 2
- More Information To speak with a Product Specialist In the US: Call toll-free 1 (800) 466-5875 For specific country offices and contact numbers, please visit our website. Visit our Website www.go.symantec.com/mss About Symantec Symantec protects the worlds information, and is a global leader in security, backup, and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities, and interactions gives our customers confidence in a connected world. More information is available at www.go.symantec.com/mss or by connecting with Symantec at https://twitter.com/ symantecmss Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 21332713 05/14 Solution Overview: Symantec Managed Security Services Symantec MSS Advanced Threat Protection 3