CST

Call us on +44 (0)20 7621 7836 LinkedInTwitter

Call +44 (0)20 7621 7836 LinkedInTwitter

Symantec

Symantec provides solutions to help enterprises assure the security, availability, and integrity of their information.

We would be happy to discuss your requirements over the phone or meet with you at your office.

Get in touch

Symantec

Symantec Advanced Threat Protection is Symantec's a Detection and Response (EDR) solution that comes in three modules, these can be used standalone or integrated:

  • Endpoint (is a feature of SEP that does not require a separate agent)
  • Network (ingress level protection of internet traffic)
  • Email (file attachments)

ATP is designed to protect you against the type of threats where traditional security solutions or anti-malware scanning cannot. Threats that use surreptitious techniques to avoid detection, or threat that are so very new; that as yet the anti-malware community has not added detection. Consider threats like ransomware that can present themselves as legitimate applications, or Stealth Trojans that use SLL to tunnel through the network perimeter, and in deed the many other variants of new threats that evade traditional security defences.

How does ATP detect these new threats?

Every executable that has not been observed before (lacks a positive reputation signature) is sent to a secure container in the Symantec cloud for "detonation". The term detonation refers to the file being presented to a comprehensive range of representative OS's and Applications to lure and entice that application to execute. The results are analysed to determine if the application presents a risk, in effect it is baited to show its true colours.

The problems Symantec ATP addresses:

  1. Decision Making: quick and effective conclusion as to if a file poses a real threat.
  2. Visibility: Rapid discovery and investigation of suspicious events.
  3. Response: Efficient and simple removal of threats along with information threat impact detail.

Opinion & Resources



Cyber threats are without doubt targeting the end-user, and 9-out-10 of these attacks are using either Email or Web traffic to deliver the payload.

 

Symantec have released a solution that addresses these two common ingress routes and a module to sit on the end-users system as well (belts and braces). It's an agreeable feature of the ATP-Endpoint that no extra agent is required, and that the ATP-Email is a simple backend activation, all making it very simple to use with a rapid protection return.

Nigel Lewis