For enterprises, these are testing times in the extreme. Never have IT departments – and the businesses that they support – been more exposed than they are today.
IT departments are challenged at every turn – with pressure from business leaders asking “is the business safe from cyber attacks?”; rapidly evolving IT estate complexity, including mobile rollouts, new cloud deployments and emerging software-defined data centres. IT relies heavily on its security teams, who are left to deal with disconnected security architectures and struggle with underfunding, and often a lack of incident investigation resources to be able to deal effectively with the waves of security incidents.
The thing is that attackers know this and are constantly seeking to extend their reach into the very fabric of the IT operations. As a result, many organisations are left vulnerable and at risk.
And it’s the nature of the attacks that are causing most consternation. Today’s assailants are slipping way beneath the radar by launching ever more sophisticated and targeted attacks that leverage unknown variants of malware to evade traditional signature-based security technologies. The upshot is that the significant investments enterprises have made in various unconnected protection products are no longer up to the task. Instead, security practitioners are left constantly wondering whether their network has been infiltrated, how far the threats have spread and what assets have been compromised.
What all of this means is that the traditional approach of monitoring security at the network layer is no longer the only answer. Because although network-based advanced threat detection technologies are effective at detecting unknown and zero day malware, typically they do not block the detected threats, but rather allow malicious files to pass through to the internal network and their targeted destination endpoints. As a result, security teams never really know what happened to the detected malware – there is every chance that it may have launched a more complex and advanced attack within their environment.
So, with endpoints often providing the initial ‘foothold’ from which an intruder stages an attack, detecting today's target attacks and advanced persistent threats calls for an integrated, multi-layered approach that detects malicious activity on both network and endpoint devices. And yet often organisations are relying on technologies that weren’t designed to work in tandem, while pouring scarce resources into piecing together fragmented security events —rather than focusing on more strategic security initiatives.
So what can be done to counteract the threats, shore up those shortfalls and keep businesses secure?
Symantec’s response has been to develop the Managed Security Services - Advanced Threat Protection (MSS-ATP) solution. The solution is based on an alliance between Symantec and leading network security providers such as Palo Alto Networks, Cisco (Sourcefire) and Check Point. The alliance provides bi-directional integration between endpoint security solutions and network security vendors, while leveraging Symantec’s leading global threat intelligence network (GIN). MSS ATP enables organisations to rapidly, detect, investigate and remediate unknown and zero day attacks that simply evade disconnected security technologies.
In essence, Symantec MSS-ATP:
- Empowers the CISO and security operations teams to make sense of complex targeted attacks operating throughout the network and endpoint layers
- Effectively correlates incidents, enabling security teams to quickly prioritise and pinpoint the most critical security incidents without wasting time (and cost) investigating less important incidents
- Leverages existing investment in network security and endpoint solutions, while leveraging the global business context of threats from Symantec’s leading threat intelligence network (GIN).
In other words, this is much more than just technology: it is about taking a better, intelligence-based approach to security, leveraging leading technologies and investments you have already made.
Symantec MSS-ATP takes detection, protection and response to a new level. A great example of this is how Symantec is integrating numerous capabilities in the MSS ATP release.
First, MSS-ATP leverages Symantec’s cloud-based MSS threat detection platform that aggregates and correlates unfiltered alerts from a diverse set of technologies, harnessing global threat intelligence to detect traffic patterns associated with malicious activity. We then factor in business-centric contextual awareness to ensure incidents are prioritised based on potential economic impact to the business.
In addition, MSS-ATP solution also leverages our cloud based Insight file reputation technology. This helps reduce investigation of false positive alerts by evaluating the reputation of potentially malicious files detected. Symantec’s Insight file reputation database tracks files and dozens of associated attributes, including age, download source and prevalence within the global community. These attributes are run through complex algorithms to determine each file's level of risk or 'security rating'. If the file detected at the network is low risk, MSS-ATP issues an Information Alert. If the file is deemed high risk, a Critical Alert signals further investigation is necessary.
In short, MSS-ATP Symantec is addressing the unmet need for rapid incident detection, prioritisation and remediation across multiple security platforms, leveraging best of breed technology capabilities, all backed by a truly global business context focused threat intelligence network.
Security partnership and ecosystems are becoming increasingly important for all businesses. MSS-ATP from Symantec is leading this charge to ensure we can support our customers unmet needs time and again.
Please share your thoughts below and make sure to watch this video with Graham Ahearne, Dir. Information Security Service: Managed Security Services - Advanced Threat Protection.