Symantec partners to fend off zero-day attacks

One first step entails partnering with Check Point Software, Cisco and Palo Alto Networks

Symantec has announced its Advanced Threat Protection (ATP) effort for new products and managed security services to support enterprise customers in fending off targeted zero-day attacks in particular.

One first step in this entails partnering with Check Point Software, Cisco and Palo Alto Networks to share threat detection information that can rapidly be integrated into Symantec endpoint protection software.

The idea is that threat information collected from these three vendors' next-generation firewalls and other sources would be shared with Symantec in its managed security services division and Symantec cloud-based threat intelligence analysis. If one of these vendors has identified some kind of newly-identified zero-day exploit, for example, a defense for that would be immediately pushed down to the network endpoints of Symantec's managed security services customers, says Symantec's director of product marketing, endpoint, messaging and security, Piero DePaoli.

This partnership alliance with Check point, Cisco and Palo Alto is just one step in what Symantec has planned to boost the effectiveness of its endpoint security products. Symantec is the global leader in endpoint anti-malware software, but DePaoli doesn't mince words when he says the era of relying on signature-based antivirus is gone for good.

+More on Network World:  Cisco announces security service linked with new operations centers | Palo Alto Networks buys endpoint security firm Cyvera for $200 million | Check Point unveils security architecture for threat-intelligence sharing +

"Core A/V is dead. It is dead," DePaoli says without reservation. A lot of the threats coming in today are unknown, such as zero-day exploits. Symantec's endpoint security products years ago evolved to the point where today about half of threats it identifies and blocks aren't related to signature-based A/V at all but are caught through other means such as behavioral or reputational analysis. But Symantec now wants to push that further in the face of stealthy attacks intended to infiltrate enterprise networks and steal data, using capabilities such as behavior analysis to block malware, and Symantec's ATP initiative is intended to evolve what the endpoint does further.

Over the next year, Symantec is also introducing an incident-response service where supported enterprises will receive incident-support services and forensics in the event of a cyberattack. Symantec will leverage the telemetry data from its endpoint and e-mail security products to respond to events. It will also supply reports about specific adversaries believed to be attacking the organization, and information that's available on where similar attacks are occurring or have occurred.

Symantec is also developing a sandboxing-type product under the ATP effort that is going into beta in six months and is expected to be available within the year. It is designed as a gateway product that can inspect and "explode" content traffic in order to analyze it in the cloud to determine if it's malware. This Dynamic Malware Analysis Service is intended to share and update threat defense across the endpoint, e-mail and gateway through the sandboxing approach. It brings Symantec into more direct competition with sandboxing technologies from FireEye and McAfee, among others but leverages Symantec's endpoint presence.

Some analysts think Symantec has a good shot at making its ATP strategy work.

"Symantec is well-positioned to deliver an end-to-end advanced threat solution by building on the technologies it offers today, integrating across its portfolio, and delivering it as a service enhanced by an evolving partner ecosystem," says Jon Oltsik, senior principal analyst at the consultancy Enterprise Security Group.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags palo alto networkssymantecsecurityendpoint securityWide Area Network

More about ATPATPCheck Point Software TechnologiesCheck Point Software TechnologiesCiscoFireEyeIDGMcAfee AustraliaPalo Alto NetworksSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place