Symantec Advances Integrated Cyber Defense Platform

Symantec is expanding its Integrated Cyber Defense (ICD) platform with new management and data exchange capabilities that enables organizations to gain better visibility and control over threat mitigation.

Symantec ICD

No one technology or vendor can protect an organization against all cyber-security risks. That's why Symantec has been pushing forward its vision of an Integrated Cyber Defense platform (ICD) in an effort to bring together multiple technologies with an integrated approach.

On Feb. 27, Symantec announced a major set of advancements for ICD, with new capabilities to help organizations make sense of different technologies and threats in a unified manner. Among the technologies announced as part of ICD is a manager feature that provides visibility into threats, policies and incidents across an environment. The ICD Manager also benefits from the ICD Exchange which is a data exchange technology for sharing events and intelligence across Symantec and third-party systems.

"ICD is a single platform that unifies cloud and on premise security," Art Gilliland, EVP and GM Enterprise Product at Symantec said during the ICD launch event. "ICD provides best of breed protection across endpoints, networks, applications and clouds."

Gilliland said that the move toward creating an integrated platform actually got started in 2016 after Symantec acquired Blue Coat in a $4.65 billion deal. Symantec has acquired multiple other companies over the last two years including Fireglass, Skycure, Javelin and Luminate to further bolster its' security portfolio.

While the effort to build an Integrated Cyber Defense (ICD) Platform is not new, Peter Doggart, VP of Business Development at Symantec, told eWEEK that the ICD Exchange is new and a direct result of the developments Symantec has made over the last two years.

Doggart said that the ICD Exchange makes it possible to share events, action and intelligence across both the Symantec portfolio and third-party systems, and that is what unifies the platform and allows for both better, efficient cyber security and rapid innovation.

How ICD Exchange Works

Sharing information across disparate platforms, vendors and technologies is not always an easy task. Doggart said that ICD Exchange standardizes the interfaces between Symantec’s portfolio of enterprise security technologies and a diverse ecosystem of technology partners. 

Doggart explained that the ICD Exchange schema is organized into sets of attributes, objects, event types, and categories. Fields extracted from product logs and telemetry are mapped to a standard dictionary of attribute names, and their values are normalized to standard data types, defined ranges, and enumerations. Attributes that model common entities such as files, processes, emails, and network connections are combined into reusable objects. Scalar attributes and objects are then combined into event types that impart meaning to the behaviors that produced the events. Finally, he noted that event types are classified into high-level categories such as Security, System Activity, and Compliance.

"This highly efficient approach uses standards such as RabbitMQ and OpenC2 to ensure that security applications can be set up to quickly interoperate with each other," he said.

ICD Manager

While the ICD Exchange is about getting information, the ICD Manager is all about providing an interface and dashboard for managing security controls.

"We are leveraging artificial intelligence capabilities for security management to deliver AI-guided policy updates, increased security hygiene and simplified workflows," Doggart  said.

Doggart emphasized the ICD Manager is not a SIEM (Security Information and Event Management) technology. Rather he said that the goal of ICD Manager is to bring together management consoles for different security controls.

DLP 15.5

Alongside the ICD update, Symantec announced its new Data Loss Prevention (DLP) 15.5 release. The DLP 15.5 update now integrates with Symantec Endpoint Protection (SEP), bringing data loss protection to endpoints in a unified approach. DLP 15.5 also benefits from new data classification controls to automatically classify data on endpoints and suggest classification levels to users as they tag newly created content. 

Looking forward, Symantec is set to continue to build out and extend its ICD capabilities in the months and years ahead.

"Our key internal R&D priorities are focused on cloud migration, extending the use of AI and ML throughout our portfolio and finding more ways to automate and manage security for customers, relieving them from an increasingly heavy burden," Doggart said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.