United We Stand

A little more than eighteen months ago, we launched the Symantec Technology Integration Partner Program (TIPP). Our goal was to create the leading technology partner ecosystem in cyber security, focused on delivering high-value integrations and not on the number of logos. Today, we take a major leap forward with the announcement of several new enhancements and innovations to the Integrated Cyber Defense (ICD) platform that will further accelerate the growth of the community and the value it delivers to enterprise customers.

Beyond the details of today’s news, I wanted to take the opportunity to provide a status report on the thriving state of TIPP and what’s next. But first let me provide more context as to how we got here.

It Takes A Platform

If we go back a few years, it was becoming increasingly (and for cyber attack victims, painfully) obvious that cyber security had to change its ways. The bad guys had figured out that the Cloud, for all of its myriad business benefits, was turning enterprise cyber security on its head – e.g., no more perimeter, data anywhere and everywhere, new control points to manage and secure. Cyber criminals were quick to recognize a host of new vulnerabilities and places to attack.

Deploying yet another point product to plug the latest hole in the “cyber security dike” was a losing proposition. Our philosophy – then and now – is that cyber security systems need to share data and context about what they know, what has been blocked and why, what they have detected as suspicious and the like.

The Symantec Integrated Cyber Defense platform, together with TIPP, set up the framework to do exactly that. Our guiding principles for the ecosystem remain the same—be open so anyone can integrate; be agile, because we have to outpace the bad guys; and be high-value, focusing on integrations that can appreciably improve security and simplify operations for the cyber warriors in Security Operations Centers (SOCs) all over the globe.

Empowering the SOC: Getting from Problem to Answer, Faster

In addition to a quickly-evolving threat landscape, the cyber security industry is struggling to cope with a widespread industry skills shortage. That means most cyber security staffs simply don’t have the time to learn the nuances of all of the security technologies they purchase, much less do the hard, time-consuming work of integrating multiple vendors and dozens of products.

This is ultimately what ICD, and TIPP specifically, address. TIPP provides partners with access to a rich set of APIs, product support, demo licensing for engineering and certification, documentation and direct access to over 700,000 users – so they can innovate and get to market more quickly, ultimately helping SOC teams get from problem to answer a lot faster.

A Thriving Ecosystem

Eighteen months in, TIPP now includes approximately 120 active technology partners. Together, we’ve created more than 250 deep integrations focused on key facets of cyber security today, including Cloud Security, Data Loss Prevention, Encrypted Traffic Management, Identity, Messaging, Threat Protection and Web Protection. Today’s announcement of ICD Exchange (ICDx) – a universal data exchange that provides shared intelligence, communication and automation across Symantec and third-party products – will both simplify and rapidly accelerate the pace of our partner integration work.

TIPP has rapidly become a “who’s who” of industry players working together with Symantec to create an integrated and orchestrated cyber defense, including companies such as:

• Splunk. Together, Symantec and Splunk have built several integrations covering Secure Web Gateways, Network Forensics, DLP, Endpoint Detection and Response and Email Security. Symantec’s SOCView app supports curated investigator views that create greater visibility across domain, file, email and threat intelligence. A unified dashboard view gives security analysts the ability to quickly see the global distribution of threats and highlights the highest priority malicious URLs, sources and files. In addition, SOCView details the most affected endpoints and email sender and recipients and reports security events statistics by product.
   
• Box. Working, sharing and collaborating in the Cloud is here to stay, and Symantec and Box have conducted multiple integrations to move security controls into the Cloud. Integrations with Symantec’s CloudSOC Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) products allow for safe, secure and compliant use of Box Enterprise while also providing data loss prevention capabilities to Box cloud storage.
   
• ServiceNow. Integration with ServiceNow gives ServiceNow Security Operations users the ability to visualize ICDx-created security incidents and enrich the incidents using ICDx’s native event searching capability. Workflow actions [will] enable ServiceNow users to automate different actions across various Symantec products covering Investigation Search, Third Party Enrichment, Incident Management, and Response.
   
• Fortinet. Symantec and Fortinet are integrating Fortinet’s best-in-class next-generation firewall with various aspects of ICD, including Symantec’s cloud-delivered Web Security Service (WSS) and Symantec Endpoint Protection (SEP). In addition, Fortinet's firewalls will have enhanced visibility from Symantec's threat telemetry feeding into Fortinet's Security Fabric. These integrations and the embedding of more intelligence in our systems will provide essential security controls across endpoint, network, and cloud environments.

I am really proud of the fact that in eighteen short months, we have achieved what we set out to do when we launched this partner ecosystem. We’ve made tremendous progress together as a community. That said, we have more to accomplish – and today’s announcement of ICDx and other ICD enhancements gives us the ability to move even faster to integrate our data feeds with partners, link together our defensive platforms, leverage each other’s advanced detection suites, and automate workflows to enhance security and increase productivity.

All Aboard

In addition to TIPP, we also announced today a new “Innovation Playground” designed specifically for startups, so they too can leverage Symantec APIs and data feeds to reduce their time to market and ensure their products work well with ICD.

I think we all understand that cyber security today is an existential battle with enormous stakes. Working in silos is no longer a viable option. I don’t think I can put it any better than how one of our partners articulated it:

"In order to reduce security operations complexity and fight today’s increasingly sophisticated adversary, organizations need products that work as a platform instead of an army of point products working in silos. Splunk’s support for the ICD Platform provides our joint customers with consolidated views across their security infrastructure, including incidents flowing from endpoint, web, network and email security solutions." – Oliver Friedrichs, VP, Security Automation and Orchestration at Splunk

So, I’ll close with a pretty simple call to action. The future of cyber security is platform-based, and Symantec is ready to work with you. Now more than ever, our customers depend upon us working together for their common good – so climb aboard!