Symantec Tackles APTs with Advanced Threat Protection

Written by

Symantec has launched its latest attempt to own the advanced threat prevention space with a new product designed to discover and remediate APTs and zero days across the enterprise from a single console.

The security giant’s Advanced Threat Protection (ATP) offering claims to be able to unify what until now has been the job of multiple point products.

It automatically correlates threat data across endpoint, network and email gateways thanks to new ‘Synapse’ technology, prioritizing the most important suspicious activity.

Combined with the new ‘Cynic’ cloud-based sandboxing and payload detonation service, Symantec argues this speeds up search and remediation time and can provide up to 30% better detection than existing products.

Remediation happens through containment of endpoints and blocking new instances across control points – all in one click and from a single portal, Symantec claimed.

What’s more, Symantec Endpoint Protection and Email Security.cloud customers will not need to install any new endpoint agents, with deployment of the ATP product possible in under an hour.

There’s also functionality enabling the product to export intelligence data into third party SIEM products, with more integration work planned in the future to allow customers to enhance the value of their existing investments.

The Symantec ATP launch can be seen in context of the firm’s recent split into two separate companies earlier this year.

First announced in October last year, the move effectively created a new information management company focused on things like backup and recovery, archiving and eDiscovery.

This freed the security part of the business to focus on Symantec’s core strengths in things like endpoint security, DLP, managed security services and SSL certs.

Phill Everson, head of Cyber Risk Services at Symantec partner Deloitte UK, argued that advanced targeted threats are crafted to evade traditional security tools.

“While traditional controls provide an essential baseline, there has been a tendency for some to operate in silos, which can lead to the possible indicators of compromise being easily missed or prioritized incorrectly,” he added.

“To mitigate these risks, it is increasingly necessary to augment those traditional controls with targeted threat intelligence and real time behavioral analysis both in the network and at the endpoint.”

A new report released earlier this month claims the Advanced Persistent Threat Protection market will grow by CAGR 17% over the next five years to reach $8.7bn by 2020.

What’s hot on Infosecurity Magazine?