Symantec Advances Integrated Cyber Defense Platform | eWeek

Symantec Advances Integrated Cyber Defense Platform

Symantec ICD
Feb 27, 2019
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

No one technology or vendor can protect an organization against all cyber-security risks. That’s why Symantec has been pushing forward its vision of an Integrated Cyber Defense platform (ICD) in an effort to bring together multiple technologies with an integrated approach.

On Feb. 27, Symantec announced a major set of advancements for ICD, with new capabilities to help organizations make sense of different technologies and threats in a unified manner. Among the technologies announced as part of ICD is a manager feature that provides visibility into threats, policies and incidents across an environment. The ICD Manager also benefits from the ICD Exchange which is a data exchange technology for sharing events and intelligence across Symantec and third-party systems.

“ICD is a single platform that unifies cloud and on premise security,” Art Gilliland, EVP and GM Enterprise Product at Symantec said during the ICD launch event. “ICD provides best of breed protection across endpoints, networks, applications and clouds.”


Gilliland said that the move toward creating an integrated platform actually got started in 2016 after Symantec acquired Blue Coat in a $4.65 billion deal. Symantec has acquired multiple other companies over the last two years including Fireglass, Skycure, Javelin and Luminate to further bolster its’ security portfolio.

While the effort to build an Integrated Cyber Defense (ICD) Platform is not new, Peter Doggart, VP of Business Development at Symantec, told eWEEK that the ICD Exchange is new and a direct result of the developments Symantec has made over the last two years.

Doggart said that the ICD Exchange makes it possible to share events, action and intelligence across both the Symantec portfolio and third-party systems, and that is what unifies the platform and allows for both better, efficient cyber security and rapid innovation.

How ICD Exchange Works

Sharing information across disparate platforms, vendors and technologies is not always an easy task. Doggart said that ICD Exchange standardizes the interfaces between Symantec’s portfolio of enterprise security technologies and a diverse ecosystem of technology partners. 

Doggart explained that the ICD Exchange schema is organized into sets of attributes, objects, event types, and categories. Fields extracted from product logs and telemetry are mapped to a standard dictionary of attribute names, and their values are normalized to standard data types, defined ranges, and enumerations. Attributes that model common entities such as files, processes, emails, and network connections are combined into reusable objects. Scalar attributes and objects are then combined into event types that impart meaning to the behaviors that produced the events. Finally, he noted that event types are classified into high-level categories such as Security, System Activity, and Compliance.

“This highly efficient approach uses standards such as RabbitMQ and OpenC2 to ensure that security applications can be set up to quickly interoperate with each other,” he said.

ICD Manager

While the ICD Exchange is about getting information, the ICD Manager is all about providing an interface and dashboard for managing security controls.

“We are leveraging artificial intelligence capabilities for security management to deliver AI-guided policy updates, increased security hygiene and simplified workflows,” Doggart  said.

Doggart emphasized the ICD Manager is not a SIEM (Security Information and Event Management) technology. Rather he said that the goal of ICD Manager is to bring together management consoles for different security controls.

DLP 15.5

Alongside the ICD update, Symantec announced its new Data Loss Prevention (DLP) 15.5 release. The DLP 15.5 update now integrates with Symantec Endpoint Protection (SEP), bringing data loss protection to endpoints in a unified approach. DLP 15.5 also benefits from new data classification controls to automatically classify data on endpoints and suggest classification levels to users as they tag newly created content. 

Looking forward, Symantec is set to continue to build out and extend its ICD capabilities in the months and years ahead.

“Our key internal R&D priorities are focused on cloud migration, extending the use of AI and ML throughout our portfolio and finding more ways to automate and manage security for customers, relieving them from an increasingly heavy burden,” Doggart said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.