Symantec’s Integrated Cyber Defense Platform

Industry buzzwords invade our space like junk mail or spam. Overnight, it seems, words like “cloudification” pop up in blogs or webinar promos. When you hear a new term, it’s natural to wonder if you’re missing out. 

But there’s another wrinkle to buzzwords. Just when we tire of the hype about tools, or scalability, or ecosystems, somebody (we won’t name names) mangles the true meaning of a popular concept like “platforms.” 

Have platforms changed? In one positive way, yes: they are more open than they once were. But there’s another more perplexing change: some folks dilute the term to mean any type of multi-function software. And that’s not the true value of software platforms, particularly in the security industry.

At Symantec, a division of Broadcom (NASDAQ: AVGO), we love platforms, because experience tells us it matters to you, our customers. Done right, platforms can accomplish more things, more efficiently, than even good point products. True cyber security platforms provide both functional and data integration—sharing critical information between modules to amplify the response to new or known threats. Pseudo-platforms aren't worth the digital ink to explain what they do.

All Platforms are Not the Same:

How do you identify a bona fide cyber security platform? We recommend asking these three questions:

1. Does it reflect a substantial product vision?

A successful platform must decrease complexity, increase security, and reduce cost. You can’t boost security without a comprehensive vision. That’s why there are four pillars to Symantec Integrated Cyber Defense (ICD) platform: endpoint security; network security; identity security; and information security. Yes, you could (at great expense) attempt to cobble together disparate cyber security apps, but programming Frankenapp to simultaneously identify and impede novel threats would require a bit of alchemy. Unlike standalone apps, ICD integrates critical security technologies—and information sources—making it much quicker to adjust your security posture dynamically, when unexpected attacks occur.

2. Can it expand your team’s capabilities?

Achieving the right balance between a platform’s single point of integration and its ability to expand your SOC capabilities is essential to a sustainable cyber security platform. A platform will never last if it curtails your team’s flexibility to connect to SOC front-ends, for instance, including those from Splunk and IBM, among others. A truly integrated platform leaves your team more time to do their day job, rather than spend time on coding integrations. There’s less time needed for training and for maintenance. Ultimately a true platform allows for better outcomes, allowing for Level 1 Security Analysts to do Level 2 work.

3. Is there actual synergy between the platform modules?

When dealing with multiple multi-function products, a Security Operations Center (SOC) spends a great deal of time integrating those solutions on their own. And most SOCs suffer from a signal-to-noise ratio problem. This is somewhat similar to the classic garbage in, garbage out conundrum in financial software. Our customers tell us that analyzing alerts from point products cause analysts to waste time pursuing irrelevant anomalies, investigating whether this is a true threat or a false positive. We take a different approach, offering a Unified Security Event Model—you integrated once with Symantec, then all Symantec products will work. No additional integrated required. Our Unified Security Event model is also focused on sharing proactive and accurate threat intelligence. We not only offer centralized event collection, normalization and archiving on a single messaging bus, we also centralize filtering and forwarding to various SOC tools. With that capability, you can filter out events across products that you consistently see are not adding value to any investigation.

A Platform that Unifies, Automates, and Deploys Easily

An overnight shift to digital has caused many customers heartburn—how do you unify what’s on-premise and what’s moving to the cloud? ICD can unify on-premise and cloud cyber security solutions, enabling seamless deployment operations. Again, that’s not something one could easily replicate. With distributed work teams, there’s an increased emphasis on protecting all attack points, such as endpoints, email, web, network, information, and identities. These are tasks that standalone products simply can’t duplicate. With the integration of all attack points, it’s much easier for Symantec’s platform to automatically mitigate a threat, when possible.

Orchestrating intelligence from our Global Intelligence Network is vital to the success of ICD. The data is ingested dynamically, enabling ICD to take action on threats before other standalone packages or platforms find out about it. If it’s a threat we know, ICD can respond directly; otherwise, we send it to a Security Operations Center (SOC) or Security Information and Event Management (SIEM) to take action.

We believe that a platform must not only secure your enterprise, it has to deliver rapid time to value. Your SecOps teams can’t be successful if they are constantly juggling multiple point products or tweaking a platform to get it to respond to threats in a coordinated fashion.

Platforms earn their keep not just by eliminating data loss and providing excellent endpoint protection, they must also reduce management complexity—freeing your team to become more productive and effective.

Trying to stop competitors from diluting the value of platforms is much like trying to block spam calls or pop up ads. You make a bit of progress, then they’re back at it. We know platforms matter, and we will continue to offer a platform that serves our customers now and into the future.