For too long, information security has been a piecemeal battle. Security leaders have been forced to stitch together an array of point products that weren't designed to work together, leaving gaps and overlaps in their ability to fight the bad guys.
That's exactly why the combination of Symantec and Blue Coat is so exciting for us. We've combined two security pioneers with deep roots across several categories – and the unified portfolio enables us to attack new and old security challenges with clear focus, deep intelligence and smart software.
Symantec Endpoint Protection 14 helps bring that integrated vision to fruition. Specifically, we're delivering pre-built integrations with Blue Coat's Secure Web Gateway that allow companies for the first time to leverage and orchestrate security management across network proxies and endpoints. Endpoint security now learns from network security, and vice versa. Threats can be identified and blocked at either control point. Customers no longer need to build their own integrations and correlations – allowing network and security leaders to focus on fighting the bad guys rather than fighting their technology.
This is just one step in Symantec's vision of an integrated cyber defense platform that listens, learns and adapts across the enterprise. It's also an important sign of maturity in the security market – and comes at the right time for security leaders who face more threats on more fronts at a faster pace than ever before.
How Does Integrated Endpoint + Network Security Work?
Let's start with some background on the core products involved:
Symantec Endpoint Protection 14 provides protection, detection and response for advanced malware within a single endpoint agent – including innovations for advanced machine learning, memory exploit mitigation and packer emulation, along with proven technologies for file reputation and behavior analysis, application and device control, firewall and intrusion prevention. All of this is powered by the world's largest civilian threat intelligence network, consisting of telemetry data from 175 million endpoints and 57 million attack sensors in 157 countries, providing unique visibility into the latest security threats.
Meanwhile, on the network itself, Blue Coat' Secure Web Gateway authenticates, decrypts and inspects Internet content for compliance and advanced threat protection. The gateway's full proxy architecture allows it to effectively monitor, control and secure traffic to ensure a safe Internet experience. Security leaders can enforce policies, detect threats and block advanced attacks from entering their network. Traffic is terminated at the proxy and all downloaded and uploaded objects are processed through multiple layers of security in a single efficient pass.
So how do they work together? Symantec Endpoint Protection 14 opens its APIs to collaborate with Secure Web Gateway, allowing the two products to communicate with each other and share blacklists, whitelists, security logs, etc. Data and insights are exposed through the Content Analysis System software (v2.1) built into Secure Web Gateway products (including Advanced Security Gateway and Blue Coat ProxySG).
Security managers simply log in to the Content Analysis System console to set up the integration with Symantec Endpoint Protection manager. From there, security managers can look at logs across their security infrastructure, define correlation parameters and set remediation roles all from the same console – without needing to switch back and forth. Beyond making it easier to use, the combined system allows leaders to benefit from the most powerful threat data set that you can possibly combine – leveraging insight from thousands of customers, millions of networks and billions of endpoints captured via Symantec's and Blue Coat's combined Global Intelligence Network.
What Are the Use Cases for Endpoint + Network Security?
Here are some common use cases that are easily addressed by the integration between Symantec Endpoint Protection and Secure Web Gateway:
Network to Endpoint Incident Verification: When security managers receive an alert from Blue Coat's sandboxing system, they want to know what endpoints across their entire network have seen these same indicators of compromise. This will shorten incident response time by eliminating hours or days of unnecessary work to confirm if the malicious sample infected the endpoint. The workflow is simple: the Blue Coat sandbox discovers malicious content, then Blue Coat's Content Analysis System queries Symantec endpoints to verify indicators (file hash, registry changes, URLs, process name, registry changes, etc.). The list of infected endpoints (along with a URL to Symantec management) are then added to the sandbox report showing the administrator not only what happened in the sandbox but what endpoints are infected.
Endpoint Blacklisting: Security managers want attacks that are discovered via the network to be isolated without spreading to other endpoints. Again, the workflow is simple: Blue Coat's sandbox discovers malicious content with high certainty, and Blue Coat's Content Analysis System queries Symantec Endpoint Protection – and adds a file to the blacklist for all endpoints via the Symantec Endpoint Protection Manager. This prevents the spread of this file to other endpoint devices.
Beyond these use cases, Symantec will continue extending integration between endpoint and network security to address other customer needs. We also anticipate our customers will identify new use cases as they explore the possibilities.
Bottom Line: Better Protection from Endpoint to Cloud
Security leaders can now leverage and optimize protection across networks and endpoints, providing a full spectrum of threat protection with fewer integration headaches. Shared intelligence results in early and effective threat detection, fueled by a massive global intelligence network. Granular controls allow you to take proactive action to blacklist attacks and apply security policies that prevent the spread of attacks. And automated remediation allows you to remediate issues with one click via integrated management consoles.
# # # #
Check out our webinar with Adrian Sanabria from 451 Research to learn more about next-generation endpoint protection, and watch this space for regular blog posts that drill deeper into key capabilities with insights from Symantec and third-party experts.