Symantec today announced its Advanced Threat Protection (ATP) effort for new products and managed security services to support enterprise customers in fending off targeted zero-day attacks in particular. One first step in this entails partnering with Check Point Software, Cisco and Palo Alto Networks to share threat detection information that can rapidly be integrated into Symantec endpoint protection software.
The idea is that threat information collected from these three vendors’ next-generation firewalls and other sources would be shared with Symantec in its managed security services division and Symantec cloud-based threat intelligence analysis. If one of these vendors has identified some kind of newly-identified zero-day exploit, for example, a defense for that would be immediately pushed down to the network endpoints of Symantec’s managed security services customers, says Symantec’s director of product marketing, endpoint, messaging and security, Piero DePaoli.
Core A/V is dead. It is dead.
— Piero dePaoli, director, product marketing for endpoint, messaging and security at Symantec
This partnership alliance with Check point, Cisco and Palo Alto is just one step in what Symantec has planned to boost the effectiveness of its endpoint security products. Symantec is the global leader in endpoint anti-malware software, but DePaoli doesn’t mince words when he says the era of relying on signature-based antivirus is gone for good.
+More on Network World: Cisco announces security service linked with new operations centers | Palo Alto Networks buys endpoint security firm Cyvera for $200 million | Check Point unveils security architecture for threat-intelligence sharing +
“Core A/V is dead. It is dead,” DePaoli says without reservation. A lot of the threats coming in today are unknown, such as zero-day exploits. Symantec’s endpoint security products years ago evolved to the point where today about half of threats it identifies and blocks aren’t related to signature-based A/V at all but are caught through other means such as behavioral or reputational analysis. But Symantec now wants to push that further in the face of stealthy attacks intended to infiltrate enterprise networks and steal data, using capabilities such as behavior analysis to block malware, and Symantec’s ATP initiative is intended to evolve what the endpoint does further.
Over the next year, Symantec is also introducing an incident-response service where supported enterprises will receive incident-support services and forensics in the event of a cyberattack. Symantec will leverage the telemetry data from its endpoint and e-mail security products to respond to events. It will also supply reports about specific adversaries believed to be attacking the organization, and information that’s available on where similar attacks are occurring or have occurred.
Symantec is also developing a sandboxing-type product under the ATP effort that is going into beta in six months and is expected to be available within the year. It is designed as a gateway product that can inspect and “explode” content traffic in order to analyze it in the cloud to determine if it’s malware. This Dynamic Malware Analysis Service is intended to share and update threat defense across the endpoint, e-mail and gateway through the sandboxing approach. It brings Symantec into more direct competition with sandboxing technologies from FireEye and McAfee, among others but leverages Symantec’s endpoint presence.
Some analysts think Symantec has a good shot at making its ATP strategy work.
“Symantec is well-positioned to deliver an end-to-end advanced threat solution by building on the technologies it offers today, integrating across its portfolio, and delivering it as a service enhanced by an evolving partner ecosystem,” says Jon Oltsik, senior principal analyst at the consultancy Enterprise Security Group.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org