Today’s advanced attacks hide themselves on legitimate websites, leverage new and unknown vulnerabilities to enter targeted organizations via HTTP or HTTPS encrypted traffic. These attacks are designed to evade typical network-based security approaches, allowing them to infiltrate the victim’s infrastructure where they can then compromise critical systems and data.
A recent study showed that 86% of websites contain at least one serious vulnerability. Today, preventing threats is simply not enough. Attackers are moving faster. At some point, they will find their way through. While organizations are seeking for ways to secure their endpoint and network, roaming users could be another issue. 70% of organizations support BYOD, implying a great chance that advanced threats can infiltrate into endpoints while end users are browsing the internet outside of corporate network. When an advanced threat slips through, you need a comprehensive security solution that can quickly contain and remediate the breach. Symantec Advanced Threat Protection is the only solution that would allow you to uncover, prioritize, investigate, and remediate advanced threats across endpoint, network, email, and web traffic, all through a single management console.
Advanced Threat Protection: Roaming- A brand new ATP module that protects roaming users against advanced threats and provides full visibility into your web traffic, including HTTP and HTTPS encrypted traffic. It protects users wherever they are browsing the internet, even when they are outside of the corporate network. Malicious events detected from ATP Roaming will be correlated with those detected from other ATP control points (endpoint, network, and email), allowing customers to prioritize and focus on what matters the most.
Public APIs and Integration with ServiceNow and Splunk- Customers often have existing security products for incident response and security monitoring. In this release, we include public APIs, so that customers can leverage the products they have already invested in to conduct investigations. Symantec Advanced Threat Protection is also now integrated with Splunk and ServiceNow, the two popular SIEM and workflow products, to facilitate out-of-the-box use of our APIs.
Dynamic Adversary Intelligence- A high-value feed of actionable intelligence data extracted from comprehensive investigations into targeted attacks. It automatically searches for known IOC, quickly identifying whether your organization is under a targeted attack, so that you can respond to targeted attacks more appropriately. (Learn More)
For more information, visit: http://atp.symantec.com
Resource:
Symantec ATP Platform Datasheet
Symantec Endpoint Detection and Response (ATP Endpoint) Datasheet
Symantec ATP Network Datasheet
Symantec ATP Roaming Datasheet
Symantec ATP Email Datasheet
Source:
SC magazine, 2015
Bitglass BYOD Trends Report, 2016
I can imagine that the threat exposure is quite increased in recent years. Especially with how many web services are being published on a daily basis. Having such thread protection as the one discribed in this blog article is a must have for any enterprise if they want to keep high security standards. I'm glad that it can integrate with GlobalService Now as that is what we use in our company, so it's definetely worth looking into.
Great improvment, this new module is important part of ATP! Este nuevo modulo y la parte de integracion con SIEM y las mejoras como el modo de supervision inline para todo el trafico de la red y ademas de permitir los bloqueos. Adicionalmente alcalzar la certificacion de MOPS. y mejoraron la integracion con el Sonar lo cual la convierte en una gran herramienta.
The roaming feature is potentially a huge deal, I'm glad to see it come to Symantec's offerings. Many companies offer ATP on site, but being able to protect users offsite will give users much better protection (especially since they're more likely to get to less secure sites offsite). Splunk integration is a great plus, too, since it's already in place for many orgs.
This is excellent as one of the risks is what happens when clients leave the network and how do we properly secure them. It's good to know we now have that visibility which should put some minds at ease.
Yes. Symantec Advance Threat Protection can take care of three control point i.e Newtork, Endpoint and Email. In new version of Symantec ATP will realeasing the new feature ATP roaming and that great easing intigrate with roaming web security.
This is great as we do allow our assets to connect to networks other than our own. When they do this, most of the controls and Security we have in place goes out the window. This closes that gap and ensures that when users browse the web they have an additional layer of security applied on top of the endpoint security in place.
Muy buenas noticias, estaria muy interesante ver el producto en ejecucion.
Es bueno ver a symantec trabajar en estos productos, esperemos poder utilizar esta herramienta pronto.
Very Cool,
I wasnt familiar with this product or methodology before this article.
Most people assume since they are using a TLS protected website that they are all good but all it takes is one infected ad to get my adsense or other ad networks to allow a man int he middle attack. At that point HTTPS doesnt help.
We recently integrated Service Now with our Symantec Management Platform, so it is good that this product also integrates with ServiceNow.
There's a lot of new products coming out of Symantec and this looks like another good develoment. We don't really manage our mobile devices currently but I suspect that will change in the coming year(s) (management isn't really required right now). It's good to know that products like this are out there and will have matured well by the time we get to them.
I don't know why but this actually shocked me "A recent study showed that 86% of websites contain at least one serious vulnerability". I never expected it to be this high I'd like to see the sample size that they extrapolated this from. Still these new features look like a step in the right direction, great article as always
Good Work by Symantec. Daily we hear in news or on blogs about a kind of attack happened somewhere else. Its so clear that nothing is fully secure for a long time. Today we secure it, tomorrow its vulnerable. The security solutions are therefore proactive and prochanging to adhere the attacks and protect or inform customer on possible attack. Symantec has great vision and their roadmap is quiet aligned to their vision. Lets hope best from them.
I think most enterprises can speak to this area of the threat landscape and while I still hold that user education is the first and most important line of defense, it can never be 100%. This tool sounds like it provides a much greater view into this external world. With all of these new products, I can't wait to see some numbers reflecting effectiveness in the wild!
I love to see how fast SYMC is releasing products these days. It seems like a lot of pent up energy was behind a dam and that has now burst through.
One of the things lacking was integration w/ an incident response system and now that you integrate with ServiceNow I think you have a complete game changer
With these new features in ATP (much awaited features) would make remote (Laptops and mobile) endpoint users much secure.
Good to see that the update provides protection for ATP.
Still Prevention is better than cure. Here is Education is Prevention and ATP is cure.
With the ever changing landscape of threats from all types of systems.
Symantec proves to set industry standards that all others build upon.
From laptops to desktops and mobile devices no matter what type of OS your running Symantec has got you covered.
Now with SEP 14 's added features like advanced Threat Protection and Machine Learning.
It's a clear choice to use this on all your devices to protect them from the threats that lurk in the wild.
A good article by Symantec. Interesting to read that 86% of websites contain at least one serious vulnerability and that 70% of organizations support BYOD. Easy to see how security vunerabilities can slip through.
Good to see that the update provides protection for advanced Threat Protectio, Public APIs and Integration with ServiceNow and Dynamic Adversary Intelligence
This a great step after machine learning. Protecting the machine no matter where you are. Its a good game changer and Symantec is staying ahead of the pack.
This is fantastic news, can't wait to dig into it and see it in action.
It's great to see Symantec improving an already great product, looking forward to seeing what else will be added in the future.
Without addional agent at the endpoint, utilizing what we have today we can get the centralized SIEM infomation and we can take actions on the maliciuos to prevent the further damage, no other vendors can do it today no matter what others saying agentless or local install.
Nice job @Symantec!
This will be a huge asset in an organization like mine! Especially since it has ServiceNow integration.
I'll definitely be doing more research into this.
With more and more devices are now portable (tablets & laptops), this is a great addion to the line of products to ensure the networks are protected from attacks from the external world.
I still however stands what I have said previously - it's all about education, education, education to the users to ensure they're protected from these sort of attacks! No opening attachments from unknown sender, no clicking on dodgy/unknown URLs and that sort of thing.
Then we would not have to fight off these attacks. :)
It's a great feeling knowing that your roaming users are going to be more secure. The fact that you can uncover, prioritize, investigate, and remediate advanced threats across endpoint, network, email, and web traffic, all through a single management console covers that "single pane of glass" checkmark. The integration with Splunk is wonderfule news as well!
This is excellent as one of the risks is what happens when clients leave the network and how do we properly secure them. It's good to know we now have that visibility which should put some minds at ease. Very happy to see this ability now in this new release.