Threat Protection for Technology Partners

Integrations with leading Symantec Threat Protection products Endpoint Protection (SEP), Endpoint Detection and Response (EDR), Protection Engine (SPE) and Security Analytics.

You get full visibility into any activity—from network, to email, to endpoint—allowing you to perform advanced forensics from a "system of record" and orchestrate incident response—like forensics investigations using full packet detail, isolating an endpoint from your network, or removing malicious files from your email.

Anomali

By combining Symantec's ATP and Anomali's ThreatStream threat intelligence platform, investigation and remediation efforts are enhanced by augmenting Dynamic Adversary Intelligence (DAI) with confidence and threat scores which Anomali derives from hundreds of threat data sources. In addition, ATP users will be able to look up against Anomali's rich, contextualized data thereby dramatically decreasing response times and the effectiveness of their investigations.

Blackberry

Symantec Endpoint Protection Mobile integrated with Blackberry extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.

Cisco

Meraki Systems Manager provides total management for mobile and PC. Provision settings and restrictions, deploy apps including SEP Mobile, manage inventory and device tracking, remote wipe an entire device or selectively just the managed apps and data.

Citrix

Symantec Endpoint Protection Mobile integrated with Citrix and XenMobile extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.

Compuverde

Symantec Protection Engine is a flexible and feature-rich client/server application that allows customers to incorporate malware and threat detection technologies into almost any application. Compuverde's vNAS is a fully software-defined and hardware-agnostic storage solution. It offers high redundancy, scalability and performance for much less than other storage options.

Learn more

CounterTack

CounterTack Sentinel provides a pivot link into Security Analytics with meta data around events in the URL. Security Analytics captures all network traffic and therefore can provide packet-level detail and artifact reconstruction to events discovered through CounterTack Sentinel, reducing the time to resolution by finding the source of the attack.

Cyber Observer

Symantec SEP and DLP feed the Cyber Observer security domain agnostic orchestration management and awareness solution with a goal to provide enterprise customers with a complete and holistic view of their cyber security ecosystem health status and preparedness.

CyberSponse

The CyberSponse and Symantec integration with ATP, SEP and EDR Cloud enables analysts to focus on real threat scenarios by automating the repetitive tasks that cause distraction. Create a comprehensive threat investigation pipeline across multiple scenarios with role-based dashboards, reporting, and audit logging. Making it easy to view the threat story at each investigation checkpoint.

Dell

Symantec Protection Engine provides scalable, high-performance threat detection services to protect valuable data stored on Dell FluidFS distributed file system based network attached storage (NAS) devices.

Learn More

DFLabs

DFLabs is an award-winning and recognized global leader in security orchestration, automation and response (SOAR) technology. The company's management team has helped shape the cyber security industry, which includes co-editing several industry standards such as ISO 27043 and ISO 30121. Its flagship product, IncMan SOAR, has been adopted by Fortune 500 and Global 2000 organizations worldwide.

D3 Security

The D3 SOAR platform helps SOC and IR teams to improve the speed and quality of investigations, automate incident response workflows, and dramatically reduce false positives and MTTR. The MITRE ATT&CK knowledgebase of adversary tactics and techniques is built into D3, focusing response around adversary intent. D3 SOAR provides feature-rich integration with Symantec Endpoint Detection and Response (EDR), Symantec Endpoint Protection (SEP), Email Security, and Information Protection.

Elastic

Elastic builds software to make data usable in real time and at scale for search, logging, security, and analytics use cases. Founded in 2012, the company develops the open source Elastic Stack (Elasticsearch, Kibana, Beats, and Logstash), X-Pack (commercial features), and Elastic Cloud (a SaaS offering).

FireEye

Symantec Content Analysis and Security Analytics act as filters of unknown content before sending on for sandbox detonation. They both can send files to FireEye AX or NX for sandbox detonation, allowing customers to leverage their investment and optimize precious sandboxing resources.

Forescout

Forescout allows companies to quickly isolate a system from the network that has been determined to be compromised with the integration with ATP. The two products working together can help limit the attack surface and prevent further infection.

Forescout CounterACT provides real-time visibility and control capabilities to validate SEP agent integrity, trigger real-time malware scans, help enforce compliance at device connection time, and provide automated response options to isolate or restrict network access of non-compliant or infected devices and facilitate remediation actions.

Fortinet

The partnership combines Symantec's endpoint protection leadership with Fortinet's best-in-class network security and Fabric integration to deliver unparalleled security protection.

Symantec Endpoint Protection Mobile integrated with Fortinet and FortiSIEM extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.

Google

The integration of SEP Mobile with Google Cloud Identity allows customers to leverage Symantec's endpoint signals to create more granular and customized access policies for G Suite, web apps, and Google Cloud infrastructure. Granular controls make it easier for admins to grant context-aware access to resources, or to take more drastic measures if needed.

Hewlett Packard Enterprise

Symantec Protection Engine provides scalable, high-performance threat detection services to protect valuable data stored on HP's 3PAR and StoreAll storage solutions.

Learn More

Hitachi

Symantec Protection Engine provides scalable, high-performance threat detection services to protect valuable data stored on Hitachi's Network Attached Storage (HNAS) platform.

Learn More

IBM Security

IBM's QRadar leverages log information from a number of Symantec products and analyzes packet capture data of Symantec's Security Analytics to provide context that enables rapid response to SIEM attack alerts.

Symantec Advanced Threat Protection (ATP) helps you uncover, prioritize, investigate, remediate complex attacks across endpoint, email, and network from one console. Symantec ATP App provides you an aggregated as well as individual visualizations for Network and Endpoint by collecting data from Symantec ATP.

Symantec Endpoint Protection Mobile integrated with IBM and QRadar extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.

Download the latest Symantec Apps for IBM on Symantec Connect.

IXIA

Symantec Security Analytics works with Ixia's CloudLens and Vision ONE for seamless traffic visibility across hybrid networks. In physical networks, Ixia's Vision One network packet broker aggregates, processes, and feeds traffic from multiple access points to Symantec Security Analytics appliances. In cloud environments, Ixia's CloudLens visibility agents send traffic to Symantec's Virtual Appliances deployed in public cloud environments. Traffic from physical and virtual appliances is then analyzed and results delivered via an aggregated view within Security Analytics.

Jamf

Designed to automate device management while driving end-user productivity and creativity, Jamf Pro is the EMM tool that empowers IT pros and the users they support by delivering on the promise of unified endpoint management for Apple devices.

LastLine

Symantec Security Analytics is able to send unknown files to LastLine Breach Detection Platform for detonation in their sandbox. Symantec SSLV has also been certified/tested to work with Lastline Breach Detection Platform.

LogRythm

Symantec Endpoint Protection Mobile integrated with LogRythm and NextGen SIEM platform extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.

MicroFocus

Symantec Endpoint Protection Mobile integrated with MicroFocus and Enterprise Security Manager extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.

NetApp

The integration of Symantec's Security Analytics (SA) with the NetApp E-Series Fibre Channel storage arrays enables customers to conduct more comprehensive analysis and swifter resolution of attacks and breaches, even in the largest, most demanding networks. The joint solution allows customers to capture, store, analyze and retrieve complete network traffic instantly and at a lower total cost of ownership.

Symantec Protection Engine provides scalable, high-performance threat detection services to protect valuable data stored on NetApp's Data ONTAP data management solution.

Learn More

Nutanix

Symantec Protection Engine provides scalable, high-performance threat detection services to protect valuable data stored on Nutanix's AFS distributed file server based network attached storage (NAS) devices.

Learn More

OPSWAT

OPSWAT OESIS Framework assess and modify the settings of SEP and 1000s of other applications on a given endpoint and rapidly assess the vulnerability of any system or collection of endpoint devices. Symantec Endpoint Protection is supported by the OESIS Framework; a cross-platform endpoint SDK that enables customers and partners to develop products for securing and managing endpoints leveraging the Framework's ability to assess vulnerabilities and out of compliance endpoint applications as well as modify their settings.

Red Hat

The Red Hat and Symantec partnership ensures compatibility for Symantec's products on Red Hat Enterprise Linux. Symantec products that offer full-feature capabilities on RHEL include Symantec Endpoint Protection, Data Center Security, and Cloud Workload Protection.

ReversingLabs

Symantec and ReversingLabs offer a powerful integration allowing Security Analytics to send extracted files samples to ReversingLabs TiScale for automated static analysis and discovery of malicious files, at scale.

Safe-T

The joint solution between Safe-T SDA, Symantec DLP and Symantec SEP, ensures organizations can now centrally control all incoming and outgoing data flows, regardless of their source or destination.

Securonix

Securonix captures and analyzes Symantec's comprehensive endpoint protection ecosystem for latest endpoint threat intelligence, continuous protection and prevention. Empowered by Symantec proactively stopping virus, malware, ransomware, and non-malware attacks, Securonix SNYPR's machine learning capability can provide further analysis to search for patterns of insider threats, data exfiltration, application security, and other cyber security threats.

ServiceNow

The Symantec ATP app lets you aggregate incident and related event data from your Symantec ATP appliances. The Symantec ATP app replicates incidents and related events from your ATP appliances into ServiceNow Security Operations so you can leverage ServiceNow's platform for Incident Management and automate workflows to help you investigate potential threats in your environment and take immediate action.

Siemplify

Siemplify and Symantec's Advance Threat Protection (ATP) work together to enable stronger detection and response capabilities. Providing SOC teams with a fully integrated solution that drives more effective and rapid security event identification, investigation and response.

Siemplify and Symantec Endpoint protection provide instant context for security alerts as well as automated isolation & response for involved endpoints.

Splunk

Splunk's Phantom and ATP together provides organizations the ability to orchestrate actions when an incident is generated in ATP. Out of the box playbooks allow companies to quickly take action on potential attacks against their organization. Additional Symantec product integrations in Phantom allow companies to have a one stop solution to automate actions across an entire portfolio of products from the endpoint though the network.

Register to download a fully-functional version of the Phantom Security Operations Platform with access to Symantec-specific automation and orchestration playbook.

The combination of Splunk and ATP not only provides the ability to collect and store security related data from multiple control points (email, network, end point) in a centralized location with the rest of the organizations data, but also allows them to manage incidents generated from the ATP product line and the ability to automate actions through Splunk’s Enterprise Security and Adaptive Response add-on module.

With the add-on Splunk apps for ATP and Security Analytics, companies can collect end-to-end forensic information from their endpoints using ATP and their network using Security Analytics.

Download the latest Symantec Apps for Splunk on Symantec Connect.

Leverage SEP Mobile integration with Splunk Enterprise Security. SEP mobile incidents can be ingested into Splunk.SIEM via a connector that feeds third-party SIEM systems with mobile security incidents. This allows SOC teams to take actions based on this information.

SUSE

The SUSE and Symantec partnership ensures compatibility for Symantec's products on SUSE Linux Enterprise Server and SUSE Linux Enterprise Desktop. Symantec products that offer full-feature capabilities on SUSE Linux Enterprise include Symantec Endpoint Protection, and Data Center Security.

Swimlane

Swimlane is a security operations management platform and a company focused on empowering enterprises and government agencies with data-driven automation and orchestration for incident response and improved security operations.

Syncurity

Syncurity delivers an agile security orchestration, automation & response platform that reduces cyber risk. We make security operations centers (SOCs) more efficient and effective using tightly integrated alert and incident response workflows. IR-Flow uniquely incorporates humans into decision-making, and generates a detailed, immutable security "System of Record" that enables reporting and dashboards for process improvement, audit, and compliance demonstration. Syncurity IR-Flow and Symantec Endpoint Protection combine to speed up security analyst workflow. Users can launch scans, search for malicious hashes in their environment and apply SEP policies from IR-Flow reducing time to discovery and containment.

VMWare

Symantec Endpoint Protection Mobile integrated with VMWare and AirWatch extends existing Enterprise Mobility Management (EMM) and Unified Endpoint Management (UEM) capabilities to include Mobile Threat Defense (MTD), including the ability to detect and prevent attacks from malware, networks and vulnerability attacks.