Posted: 4 Min ReadExpert Perspectives

Symantec Enterprise Cloud and SASE

Three capabilities central to maintaining information security

In my previous blog, I emphasized the importance of data and outlined the products available in the Symantec Enterprise Cloud (SEC) solution that we find invaluable at Infolock, a partner of Broadcom Software. The platform allows organizations to gain visibility into their data, continuously monitor it -- and take action when required. These three capabilities are central to maintaining information security and areas we stress in helping enterprise customers.  

Let’s take a closer look.

The SEC Solution

Perhaps the most important capability in the SEC solution is the Cloud Secure Web Gateway (SWG), formerly known as Symantec Web Security Service. This product is built on the Blue Coat/Symantec Edge Proxy platform (traditionally known as ProxySG), an industry leader for almost 30 years. This takes all of the strengths of the Edge Proxy and delivers a powerful SWG in the cloud that can be used by organizations when their people are both on and off-premises.

Traditionally, SWG forwards traffic over ports 80 and 443. As of late August 2022, Broadcom Software is extending its Cloud Firewall Service (CFS) as a standard issue with Symantec Web Protection. This will give customers the ability to direct all traffic over any port to their Cloud SWG platform. Additionally, organizations can decrypt encrypted HTTPS traffic using the SSL Interception feature. This provides you the ability to gain needed visibility into SSL/TLS traffic, which is now close to 95 percent of what travels across the Internet. Cloud SWG creates logs with a wealth of information that is readily available within the console and can be offloaded to a log-collection tool, such as Symantec Reporter. Using these tools, we can create reports and alerts to help identify when there is the potential for an incident. Lastly, we can take action on this decrypted data by creating custom rules that block traffic based on a URL’s category, threat risk level, geolocation, and the presence of malware.

Why is Cloud SWG the focal point in the SASE architecture? Because it sits in the center of the other tools and acts as the entrance point for all traffic. It talks with the other Enterprise Cloud solutions and either enforces those policies or steers traffic to them for further evaluation.

Ensuring your organization’s data security

For years, organizations have been able to leverage Symantec's DLP solution to enforce company policy on sensitive data. For network traffic coverage, the on-premises DLP architecture integrates with the Edge SWG and a “request analysis” can be configured to ensure that traffic is evaluated against DLP policies. Now, with the proliferation of work-from-home and many organizations moving away from on-premises network architecture, new tools are needed to ensure your organization's security.

The Cloud SWG integration operates as an extension of Edge SWG, making the transition to the cloud easy and seamless. Policies are pushed to Cloud SWG from DLP, and the traffic undergoes the same level of scrutiny in the cloud. Additionally, DLP can be tied into CloudSOC, Symantec’s CASB offering, giving your organization critical visibility and control over cloud application use and extending the scope of current on-premises DLP coverage to cloud applications.

Symantec CloudSOC CASB

This leads us to Symantec CloudSOC CASB. As more organizations adopt the use of cloud technology, like OneDrive, the need for a tool to keep track of that data increases. CloudSOC CASB uses API Integrations (or Securlets) to provide organizations with visibility and monitoring of their data-at-rest within the tenant. This is key to securing an environment because if you don’t know what you have in the cloud you can’t protect it. When documents are uploaded, created, or modified, logs are created within CASB. This process ensures that when that data is modified it's visibly notated in the logs along with user information. Through Securlets, and in combination with DLP, you can create rules that prohibit sharing sensitive data with individuals outside of the organization.

CloudSOC CASB also uses Gateway Integrations (or Gatelets) to monitor data-in-motion. Through the integration of Cloud SWG and CloudSOC CASB, an organization can push traffic from the endpoint to Cloud SWG and then through CloudSOC CASB. When the data reaches CASB it is evaluated and monitored, in real-time, by the Gatelets. Based on the policies in CASB, the traffic can be either denied from proceeding or routed to the appropriate channel.

Symantec ZTNA

For a product to truly fit the SASE framework, there must be a way to eliminate the need for a VPN. A VPN gives direct access to internal infrastructure. Symantec ZTNA (formerly Secure Access Cloud) provides this functionality. Organizations can add internal DNS servers in ZTNA. This allows DNS lookups for internal resources to be queried against the organization’s own DNS servers. Depending on the resource, the user can use Web, SSH, RDP, TCP, or a Segment method to publish an application.

The agent is not always needed to allow users access to some of the applications. When an organization publishes an application, it becomes available through a cloud resource. Authentication must still take place to access the portal. Additional authentication, including 2FA, can be required to get into the application. This allows users to continue to work in a bring-your-own-device environment.

Symantec Web Isolation

Web Isolation is another key tool in the Symantec Enterprise Cloud solution. This technology is a game changer when it comes to controlling access to potentially risky websites, and/or websites that have yet to be analyzed and categorized by Symantec. Web Isolation integrates with Edge and Cloud SWG and allows organizations to permit employees to visit these websites by rendering the content from the server in a disposable environment. The tool renders the website and sends a single line of Java Code Script back to the host browser telling it how the webpage should be updated.

Symantec, by Broadcom Software has added an impressive level of actionable intelligence to its product portfolio.  To learn more about how Broadcom Software can help you modernize, optimize and protect your enterprise, learn more here.

Broadcom Software Blogs
You might also enjoy
3 Min Read

Broadcom Software SASE Framework Partner Accreditation

Setting the bar high for our partners and customers

Broadcom Software Blogs
You might also enjoy
4 Min Read

The Case for SASE

Data is your most important asset. Are you protected?

About the Author

Perry Crabtree

Manager, Network and Threat Protection Infolock

Perry Crabtree is manager of the Network and Threat Protection practice at Infolock. He has over 10 years of experience in IT Infrastructure and Security. He currently holds a Broadcom Knight certification in ProxySG, Web Security Service, and Web Isolation.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.