Symantec Debuts Advanced Threat Protection Service

Symantec's new ATP technology is designed to uncover advanced threats across endpoints, networks and email.

Symantec advanced threat protection

Symantec is expanding its security portfolio with the launch of Symantec Advanced Threat Protection (ATP) technology. ATP offers the promise of a console that has visibility into control points across an enterprise and is able to find the security threats that other technologies deployed by an enterprise might not discover, including potential zero-day issues.

"Over the last few years, people have come to recognize that even with the best technology on the protection side, threats still get through," Amit Jasuja, senior vice president of products for enterprise security at Symantec, told eWEEK.

Security operations center analysts spend a lot of time looking at different alerts from existing technologies, as well as reading through third-party threat intelligence data feeds, Jasuja said. Modern IT organizations tend to have myriad tools for detection and threat intelligence, as well as quarantine and remediation tools, he said. With the ATP product, Symantec is aiming to reduce the burden of requiring multiple tools to detect and remediate advanced threats.

"ATP gives you the ability to uncover threats across different control points, and you don't have to look at three different tools to do it," Jasuja said.

Additionally, ATP prioritizes threats that come into an organization based on impact and what needs to be done for remediation, he explained.

From a technology deployment perspective, the ATP product makes use of the Symantec Endpoint Protection (SEP) platform. What Symantec is doing with ATP is essentially extending the capabilities of SEP, Jasuja said.

SEP examines potential malware and suspicious files as they come into an endpoint. SEP also will respond to the ATP console when there is a need to quarantine a given endpoint.

"So everywhere that SEP exists, which is on the Mac, Windows and servers, we can provide visibility," Jasuja said.

Symantec is positioning its new ATP technology as an up-sell for Symantec's existing SEP install base, Jasuja said. For potential customers that want to deploy ATP on networks without SEP, Symantec has a network tap available that has visibility into traffic going over a network. When just looking at network traffic, however, ATP will not have the full ability to do threat correlation across different control points.

With SEP, users already have both signature and heuristic-based technology for threat prevention.

"What we're doing is now providing remote capabilities and the flight recorder," Jasuja said.

He explained that flight recorders collect the data sent to the ATP console from SEP. The data is all indexed, enabling an ATP user to query the data for results.

The ATP console and data, which includes all an organization's event data, is deployed on premises. In the cloud, Symantec has additional analysis capabilities, including a technology called Cynic, Jasuja said.

"Cynic is our new cloud-based payload detonation capability," Jasuja said. "So the ATP console combines both the cloud capabilities and the on-premises capabilities."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.