Symantec Security Strategy Moves To 'Detect and Respond'
Boldly declaring an end to the age of antivirus
company Symantec is rolling out a new approach to advanced threat protection (ATP) and a roadmap of solutions that promises to tackle complex security issues.
Kicking off the new strategy, the company rolled out two new products: Symantec Managed Security Services -- Advanced Threat Protection; and Symantec Advanced Threat Protection Solution. Both aim to deliver stronger prevention by correlating alerts and intelligence across the company's security technologies. Both products will be available in June 2014. Pricing was not revealed in the announcement.
“To successfully defend against the types of targeted attacks we’re seeing today, you need to expand the focus from prevention to detection and response,” said Brian Dye, senior vice president of Symantec Information Security. “Network security alone isn’t going to solve the problem. Adversaries are targeting all control points from the gateway to e-mail to the . Organizations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys.”
Three Key Lessons
The information security industry recognizes three challenges: (1) targeted attacks are on the rise; (2) cybercriminals are more ruthless than ever; (3) and the multifaceted equation required to protect against these threats is growing more difficult. As Symantec sees it, despite the promise of network security-based solutions, IT departments are still left wading through massive numbers of incidents, too many false positives, and a long list of manual processes.
Combined with a lack of staffing and skill sets to handle the attacks, many organizations are vulnerable to cyber threats. That’s where Symantec hopes its new solutions will come in. You could call it synergy. Symantec calls it holistic.
Either way, the idea behind the new products is to leverage the benefits when security technologies work together. The solutions promise to make the fight against APTs (advanced persistent threats) more manageable with stronger protection. Part of the equation is new defenses that protect against the more sophisticated attacks making headlines.
Symantec has catalogued what its analysts have learned about ATP through its existing endpoint solutions that protect a base of 200 million endpoints, and from its current e-mail and Web security solutions that review over 8.4 billion e-mail messages and 1.7 billion Web requests a day to inform its new solutions.
What Do Analysts Think?
We caught up with Eric Cowperthwaite, vice president of Advanced Security and Strategy at security solution firm Core Security, to get his take on the new solutions. He told us he’s glad that Symantec is finally coming to realize that antivirus is not the central tool in a strong information security strategy.
“Symantec has built their entire security product strategy around the idea that every computer will have an antivirus client/agent installed and they can use that computer installation as the foundation for all the rest of their security products,” he said. “Of course, this entire approach to security products is called in to question if we realize that antivirus is no longer the be all, end all, central product in a security strategy.”
As he sees it, it’s unfortunate that Symantec chose to promote "detect and respond" as the solution to security problems that organizations are facing today. Based on all that we know about the vast majority of all breaches, he said it’s clear that improving security should be a huge priority.
“Most organizations would dramatically benefit their security posture with improved threat and vulnerability management and attack intelligence,” Cowperthwaite said. “It would enable them to understand where and how an attacker will their network and allow the organization to take measurable, strong steps to improve their security.”
Jon Oltsik, senior principal analyst, at Enterprise Security Group, confirmed the “significant” need in the market for greater advanced threat protection. He said many vendors do not have the holistic coverage or full functionality needed to adequately detect and respond to targeted attacks.
“Symantec is well positioned to deliver an end-to-end advanced threat solution by building on the technologies it offers today, integrating across its portfolio, and delivering it as a service enhanced by an evolving partner ecosystem,” Olstik said. “By leveraging its global intelligence and building-in completely new incident response capabilities, Symantec can really address a multitude of enterprise cybersecurity requirements.”
Posted: 2014-05-08 @ 7:15am PT
@GB: I think you're right. I think all the press that I've seen jumped on Symantec's statement that antivirus is dead. I think it was a PR mistake for Symantec to ever say that. It's not dead... it's just not sufficient anymore, as you pointed out.
Posted: 2014-05-08 @ 7:12am PT
Overall this is a good article however to say that Symantec is investing in adding more capabilities for detection and response is not the same thing as saying Symantec is somehow no longer still focused on prevention. I'm just leaving their Vision conference in Las Vegas and it seems they are just as focused on prevention as ever. I think the point was that AV alone is not enough.
Posted: 2014-05-06 @ 3:20pm PT
Whatever happened to 'Glass Wall'?