Symantec™ MSS Advanced Threat ProtectionIntegrating the Network and Endpoints to Detect Unknown Threats
Solution Overview: Symantec Managed Security Services
MSS-ATP saves you time
1. Reduces investigation of
false positive alerts by
automatically comparing
files identified as potentially
malicious to Symantec's file
reputation database
2. Threats detected at the
network but blocked by SEP
are automatically reduced to
Informational Alerts
3. Threats detected at the
network but unknown to
SEP are prioritized as
Critical Alerts
Overview
Modern day attackers are launching increasingly more sophisticated, targeted attacks
designed to evade signature-based security technologies. Despite having made
significant investment in a range of protection technologies, security leaders still
wonder whether their network has been infiltrated, how far the threats have spread
and which assets have been compromised.
The traditional approach of relying on disparate network and endpoint protection
technologies is no longer enough. Detecting advanced targeted attacks requires an
integrated, multi-layered approach uniting the best threat prevention, detection and
response capabilities. Security leaders are aggressively adopting specialized
'signatureless' threat analysis and protection technologies as a critical piece of this
defense strategy—only to find these products do not integrate well with existing
technologies such as advanced endpoint protection. This gap forces security leaders to
allocate scarce resources toward piecing together the alerts and related context from
across their fragmented security architecture and intelligence sources.
Accelerate Detection and Response
Symantec is addressing this unmet need by partnering with a select ecosystem of network security providers to integrate
industry-leading advanced threat protection across the network and endpoint, while also providing critical context to detected
attacks by integrating with Symantec’s global intelligence network.
Symantec's Managed Security Service - Advanced Threat Protection (MSS-ATP) capability helps minimize the potential business
impact of advanced targeted attacks by enabling users to rapidly detect, assess and respond to unknown and zero day malware
that evade traditional security technologies.
Pinpoint the Attacks that Threaten your Environment
Specialized threat analysis and detection technologies are very effective at detecting unknown and zero day malware. However,
these advanced detection technologies typically do not block the malicious files but rather allow them to pass through the
internal network to the intended target endpoints. As a result, security teams never really know what happened to the detected
file and must manually investigate whether these cyber-attacks have successfully infected the endpoints. While ever vigilant,
endpoint protection technologies tend to compound the problem by creating more noise than actionable threat information. The
sheer volume of endpoint and network-based detections combined with a lack of incident prioritization make it very challenging
for security teams to determine where they should focus their response efforts.
MSS-ATP detects and prioritizes the critical few incidents threatening your environment by automatically correlating and
prioritizing network and endpoint detections, thereby reducing the noise from potential false positive alerts. MSS-ATP
accelerates incident investigation by performing automatic trace back to identify the true identity of impacted endpoints, even if
web proxies and network address translation would otherwise obscure this information. And because MSS leverages your
existing endpoint protection software, no additional software need be provisioned, monitored or maintained.
1
Increase Efficacy of Threat Investigations
With more than 41.5 million network sensors and 133
million systems in over 200 countries providing a constant
stream of telemetry, Symantec’s Global Intelligence Network
(GIN) offers unparalleled visibility into the constantly
evolving threat landscape. Insight™, the GIN's award-winning
proprietary reputation-based security technology, tracks
over 8 billion unique files to identify new threats as they are
created. Insight is uniquely capable of detecting unknown
and zero-day malware by tracking files attributes such as
age, download source and prevalence within the global
community and then leveraging complex algorithms to
assess each file's risk level to assign a reputation score.
MSS-ATP increases the efficacy of threat investigations by using Insight’s reputation-based file scoring to evaluate potentially
malicious files detected at the network. By their nature, unknown and zero day malware have a low reputation score and are
reported as suspect by Insight, signaling further investigation is necessary. Conversely, if a network-based malware detection
occurs and Insight reports the involved file as having a high reputation score, this proactively indicates to a security team the
possibility of a false positive detection.
Bi-directional Integration Accelerates Response
MSS-ATP accelerates incident response by providing bi-directional integration between endpoint security and network-based
advanced threat detection technologies. This integration eliminate manual effort, allowing users to easily launch common
investigation, containment and remediation tasks, ensuring security operations teams are more efficient assessing and
responding to threats.
Industry-leading Security Expertise
Detecting known and emerging threats not only requires integrated,
multi-layered technology; it requires highly specialized security
expertise to decipher the complex attack patterns associated with
malicious activity and then determine how to most effectively
respond. Symantec accelerates time-to-response by providing in-
region security experts who deeply engage with your in-house security
team to understand your environment and internal processes as well
as provide guidance regarding incident response.
Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing
evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or
implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are
currently available.
Solution Overview: Symantec Managed Security ServicesSymantec™ MSS Advanced Threat Protection
2
More Information
To speak with a Product Specialist
In the US: Call toll-free 1 (800) 466-5875
For specific country offices and contact numbers, please visit our website.
Visit our Website
www.go.symantec.com/mss
About Symantec
Symantec protects the world’s information, and is a global leader in security, backup, and availability solutions. Our innovative
products and services protect people and information in any environment – from the smallest mobile device, to the enterprise
data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities, and interactions gives our
customers confidence in a connected world.
More information is available at www.go.symantec.com/mss or by connecting with Symantec at https://twitter.com/
symantecmss
Symantec World Headquarters
350 Ellis St.
Mountain View, CA 94043 USA
+1 (650) 527 8000
1 (800) 721 3934
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.and other countries. Other names may be trademarks of their respective owners.
21332713 05/14
Solution Overview: Symantec Managed Security ServicesSymantec™ MSS Advanced Threat Protection
3