symantec™ mss advanced threat protection: integrating the network and endpoints to detect unknown...

3
Symantec™ MSS Advanced Threat Protection Integrating the Network and Endpoints to Detect Unknown Threats Solution Overview: Symantec Managed Security Services MSS-ATP saves you time 1. Reduces investigation of false positive alerts by automatically comparing files identified as potentially malicious to Symantec's file reputation database 2. Threats detected at the network but blocked by SEP are automatically reduced to Informational Alerts 3. Threats detected at the network but unknown to SEP are prioritized as Critical Alerts Overview Modern day attackers are launching increasingly more sophisticated, targeted attacks designed to evade signature-based security technologies. Despite having made significant investment in a range of protection technologies, security leaders still wonder whether their network has been infiltrated, how far the threats have spread and which assets have been compromised. The traditional approach of relying on disparate network and endpoint protection technologies is no longer enough. Detecting advanced targeted attacks requires an integrated, multi-layered approach uniting the best threat prevention, detection and response capabilities. Security leaders are aggressively adopting specialized 'signatureless' threat analysis and protection technologies as a critical piece of this defense strategy—only to find these products do not integrate well with existing technologies such as advanced endpoint protection. This gap forces security leaders to allocate scarce resources toward piecing together the alerts and related context from across their fragmented security architecture and intelligence sources. Accelerate Detection and Response Symantec is addressing this unmet need by partnering with a select ecosystem of network security providers to integrate industry-leading advanced threat protection across the network and endpoint, while also providing critical context to detected attacks by integrating with Symantec’s global intelligence network. Symantec's Managed Security Service - Advanced Threat Protection (MSS-ATP) capability helps minimize the potential business impact of advanced targeted attacks by enabling users to rapidly detect, assess and respond to unknown and zero day malware that evade traditional security technologies. Pinpoint the Attacks that Threaten your Environment Specialized threat analysis and detection technologies are very effective at detecting unknown and zero day malware. However, these advanced detection technologies typically do not block the malicious files but rather allow them to pass through the internal network to the intended target endpoints. As a result, security teams never really know what happened to the detected file and must manually investigate whether these cyber-attacks have successfully infected the endpoints. While ever vigilant, endpoint protection technologies tend to compound the problem by creating more noise than actionable threat information. The sheer volume of endpoint and network-based detections combined with a lack of incident prioritization make it very challenging for security teams to determine where they should focus their response efforts. MSS-ATP detects and prioritizes the critical few incidents threatening your environment by automatically correlating and prioritizing network and endpoint detections, thereby reducing the noise from potential false positive alerts. MSS-ATP accelerates incident investigation by performing automatic trace back to identify the true identity of impacted endpoints, even if web proxies and network address translation would otherwise obscure this information. And because MSS leverages your existing endpoint protection software, no additional software need be provisioned, monitored or maintained. 1

Upload: symantec

Post on 27-Aug-2014

985 views

Category:

Software


2 download

DESCRIPTION

Symantec is addressing this unmet need by partnering with a select ecosystem of network security providers to integrate industry-leading advanced threat protection across the network and endpoint, while also providing critical context to detected attacks by integrating with Symantec’s global intelligence network. Symantec's Managed Security Service - Advanced Threat Protection (MSS-ATP) capability helps minimize the potential business impact of advanced targeted attacks by enabling users to rapidly detect, assess and respond to unknown and zero day malware that evade traditional security technologies.

TRANSCRIPT

Page 1: Symantec™ MSS Advanced Threat Protection: Integrating the Network and Endpoints to Detect Unknown Threats

Symantec™ MSS Advanced Threat ProtectionIntegrating the Network and Endpoints to Detect Unknown Threats

Solution Overview: Symantec Managed Security Services

MSS-ATP saves you time

1. Reduces investigation of

false positive alerts by

automatically comparing

files identified as potentially

malicious to Symantec's file

reputation database

2. Threats detected at the

network but blocked by SEP

are automatically reduced to

Informational Alerts

3. Threats detected at the

network but unknown to

SEP are prioritized as

Critical Alerts

Overview

Modern day attackers are launching increasingly more sophisticated, targeted attacks

designed to evade signature-based security technologies. Despite having made

significant investment in a range of protection technologies, security leaders still

wonder whether their network has been infiltrated, how far the threats have spread

and which assets have been compromised.

The traditional approach of relying on disparate network and endpoint protection

technologies is no longer enough. Detecting advanced targeted attacks requires an

integrated, multi-layered approach uniting the best threat prevention, detection and

response capabilities. Security leaders are aggressively adopting specialized

'signatureless' threat analysis and protection technologies as a critical piece of this

defense strategy—only to find these products do not integrate well with existing

technologies such as advanced endpoint protection. This gap forces security leaders to

allocate scarce resources toward piecing together the alerts and related context from

across their fragmented security architecture and intelligence sources.

Accelerate Detection and Response

Symantec is addressing this unmet need by partnering with a select ecosystem of network security providers to integrate

industry-leading advanced threat protection across the network and endpoint, while also providing critical context to detected

attacks by integrating with Symantec’s global intelligence network.

Symantec's Managed Security Service - Advanced Threat Protection (MSS-ATP) capability helps minimize the potential business

impact of advanced targeted attacks by enabling users to rapidly detect, assess and respond to unknown and zero day malware

that evade traditional security technologies.

Pinpoint the Attacks that Threaten your Environment

Specialized threat analysis and detection technologies are very effective at detecting unknown and zero day malware. However,

these advanced detection technologies typically do not block the malicious files but rather allow them to pass through the

internal network to the intended target endpoints. As a result, security teams never really know what happened to the detected

file and must manually investigate whether these cyber-attacks have successfully infected the endpoints. While ever vigilant,

endpoint protection technologies tend to compound the problem by creating more noise than actionable threat information. The

sheer volume of endpoint and network-based detections combined with a lack of incident prioritization make it very challenging

for security teams to determine where they should focus their response efforts.

MSS-ATP detects and prioritizes the critical few incidents threatening your environment by automatically correlating and

prioritizing network and endpoint detections, thereby reducing the noise from potential false positive alerts. MSS-ATP

accelerates incident investigation by performing automatic trace back to identify the true identity of impacted endpoints, even if

web proxies and network address translation would otherwise obscure this information. And because MSS leverages your

existing endpoint protection software, no additional software need be provisioned, monitored or maintained.

1

Page 2: Symantec™ MSS Advanced Threat Protection: Integrating the Network and Endpoints to Detect Unknown Threats

Increase Efficacy of Threat Investigations

With more than 41.5 million network sensors and 133

million systems in over 200 countries providing a constant

stream of telemetry, Symantec’s Global Intelligence Network

(GIN) offers unparalleled visibility into the constantly

evolving threat landscape. Insight™, the GIN's award-winning

proprietary reputation-based security technology, tracks

over 8 billion unique files to identify new threats as they are

created. Insight is uniquely capable of detecting unknown

and zero-day malware by tracking files attributes such as

age, download source and prevalence within the global

community and then leveraging complex algorithms to

assess each file's risk level to assign a reputation score.

MSS-ATP increases the efficacy of threat investigations by using Insight’s reputation-based file scoring to evaluate potentially

malicious files detected at the network. By their nature, unknown and zero day malware have a low reputation score and are

reported as suspect by Insight, signaling further investigation is necessary. Conversely, if a network-based malware detection

occurs and Insight reports the involved file as having a high reputation score, this proactively indicates to a security team the

possibility of a false positive detection.

Bi-directional Integration Accelerates Response

MSS-ATP accelerates incident response by providing bi-directional integration between endpoint security and network-based

advanced threat detection technologies. This integration eliminate manual effort, allowing users to easily launch common

investigation, containment and remediation tasks, ensuring security operations teams are more efficient assessing and

responding to threats.

Industry-leading Security Expertise

Detecting known and emerging threats not only requires integrated,

multi-layered technology; it requires highly specialized security

expertise to decipher the complex attack patterns associated with

malicious activity and then determine how to most effectively

respond. Symantec accelerates time-to-response by providing in-

region security experts who deeply engage with your in-house security

team to understand your environment and internal processes as well

as provide guidance regarding incident response.

Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing

evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or

implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are

currently available.

Solution Overview: Symantec Managed Security ServicesSymantec™ MSS Advanced Threat Protection

2

Page 3: Symantec™ MSS Advanced Threat Protection: Integrating the Network and Endpoints to Detect Unknown Threats

More Information

To speak with a Product Specialist

In the US: Call toll-free 1 (800) 466-5875

For specific country offices and contact numbers, please visit our website.

Visit our Website

www.go.symantec.com/mss

About Symantec

Symantec protects the world’s information, and is a global leader in security, backup, and availability solutions. Our innovative

products and services protect people and information in any environment – from the smallest mobile device, to the enterprise

data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities, and interactions gives our

customers confidence in a connected world.

More information is available at www.go.symantec.com/mss or by connecting with Symantec at https://twitter.com/

symantecmss

Symantec World Headquarters

350 Ellis St.

Mountain View, CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.and other countries. Other names may be trademarks of their respective owners.

21332713 05/14

Solution Overview: Symantec Managed Security ServicesSymantec™ MSS Advanced Threat Protection

3