Symantec: IT departments - and the companies they support - face challenges on many fronts around the question "is the company safe from cyber attacks?" while at the same time the complexity of IT is rapidly evolving which now includes mobile rollouts, new cloud implementations and Software Defined Data Centers. IT departments rely on security departments, which have to deal with interconnected security architectures and operate with reduced funding, and often lack of resources to investigate incidents, which does not allow them to handle them effectively.
The fact is that attackers are aware of this and are constantly looking for ways to expand their access to IT, as a result of which many organizations remain exposed and at risk.
It is also the nature of the attacks that causes concern. Today's attackers are escaping traditional means of protection, launching even more sophisticated and targeted attacks that leverage malware variants to evade traditional signature-based security technologies. The result is that many companies have created various protection products that do not communicate with each other, without this being enough for businesses. Instead, security managers are constantly wondering if their network has been penetrated, how far the threats have spread, and which parts of the infrastructure have been compromised.
Όλο αυτό σημαίνει ότι η παραδοσιακή προσέγγιση ελέγχου της ασφάλειας στο εταιρικό δίκτυο δεν αρκεί πια. Διότι αν και οι δικτυακές εξελιγμένες τεχνολογίες εντοπισμού απειλών είναι αποτελεσματικές στον εντοπισμό αγνώστου και zero day malware, δεν αποκόπτουν τις εντοπισμένες απειλές, αλλά το πιθανότερο είναι ότι επιτρέπουν στα κακόβουλα αρχεία να περάσουν στο εσωτερικό δίκτυο και σε άλλα endpoints. Ως αποτέλεσμα, τα τμήματα ασφαλείας δεν γνωρίζουν τι συμβαίνει με το malware που εντοπίζεται – οπότε υπάρχει πιθανότητα να έχει δημιουργηθεί μία πιο σύνθετη και εξελιγμένη attack in the business environment.
With endpoints providing a springboard from which an attacker launches an attack, locating today's targeted attacks and Advanced Persistent Threats (APTs) requires a comprehensive, multi-layered approach that detects malicious activity on the network and at endpoints. Organizations often rely on technologies that are not designed to work in conjunction with other solutions, with few resources to integrate their security - rather than focusing on more strategic security initiatives.
What can be done to offset threats, fill these deficiencies, and keep businesses safe?
Symantec's response is to create the solution Managed Security Services - Advanced Threat Protection (MSS-ATP). The solution is based on Symantec's alliance with leading network security providers Palo Alto Networks, Cisco (Sourcefire) and CheckPoint. The Alliance provides two-way integration of endpoint security solutions and network security vendors while utilizing Symantec's leading global intelligence network (GIN). The MSS ATP solution allows organizations to quickly identify, investigate and rectify unknown and zero day attacks that invade security technologies. Essentially MSS-ATP:
- Strengthens the Security Team's Task Force to understand complex targeted attacks at network and endpoint level
- It correlates effectively by allowing security teams to quickly set priorities without spending time (and money) by looking at less important incidents
- It exploits the existing investment in network security and endpoint solutions, while harnessing global threat-based business content from Symantec's global intelligence threat (GIN) network.
In other words, this solution is much more than just a technology: it has to do with a holistic Intelligence approach based on Intelligence, leveraging cutting-edge technologies and existing investments.
The MSS-ATP exploits Symantec's cloud-based MSS Threat Detection Platform that aggregates and associates unfiltered alerts from a variety of technologies, using the global threat detection network to identify patterns associated with malicious activity. It then exploits the argument-based, relevant information to ensure that incidents are prioritized based on the potential economic impact on the business.
In addition, the MSS-ATP solution also leverages cloud based reputation technology for file checking. This helps reduce false positive alerts by leveraging the reputation of potentially detected malicious files. The base data Insight Symantec's file reputation identifies files and dozens of related information such as age, source, and footprint in the global community. All these elements are used by complex algorithms that determine the risk level of each file or "security score". If the file is low risk, MSS-ATP issues an informational notice. If the file is assessed as high risk, a Critical Notice signals further review as necessary.
In short, with MSS-ATP, Symantec addresses the unmet need for rapid incident detection, prioritization and recovery across multiple security platforms, leveraging state-of-the-art technologies and capabilities, based on global content focused on the threat intelligence network.
Security collaboration and security ecosystems are becoming increasingly important to businesses. The MSS-ATP solution from Symantec is leading this effort to ensure the support of its customers and their needs.
