Symantec Advanced Threat Protection is Symantec's a Detection and Response (EDR) solution that comes in three modules, these can be used standalone or integrated:
ATP is designed to protect you against the type of threats where traditional security solutions or anti-malware scanning cannot. Threats that use surreptitious techniques to avoid detection, or threat that are so very new; that as yet the anti-malware community has not added detection. Consider threats like ransomware that can present themselves as legitimate applications, or Stealth Trojans that use SLL to tunnel through the network perimeter, and in deed the many other variants of new threats that evade traditional security defences.
Every executable that has not been observed before (lacks a positive reputation signature) is sent to a secure container in the Symantec cloud for "detonation". The term detonation refers to the file being presented to a comprehensive range of representative OS's and Applications to lure and entice that application to execute. The results are analysed to determine if the application presents a risk, in effect it is baited to show its true colours.
Opinion & Resources
Cyber threats are without doubt targeting the end-user, and 9-out-10 of these attacks are using either Email or Web traffic to deliver the payload.
Symantec have released a solution that addresses these two common ingress routes and a module to sit on the end-users system as well (belts and braces). It's an agreeable feature of the ATP-Endpoint that no extra agent is required, and that the ATP-Email is a simple backend activation, all making it very simple to use with a rapid protection return.