Posted: 4 Min ReadProduct Insights

How Symantec XDR Expands, Accelerates, and Simplifies Cross-Control-Point Visibility

New SES Complete feature delivers on the promise of XDR

As customers look for advanced detection and response, an XDR (Extended Detection and Response), that can deliver high-confidence threat-attack analytics simply and cost-effectively, has become table stakes for today’s enterprise SOCs. That’s why Symantec, by Broadcom Software, is releasing a new XDR feature that works out of the box, without additional integrations or services.  It does not require the purchase of an additional product because it is an integral part of Symantec Endpoint Security (SES) Complete.

We’ve taken our time with this new functionality because there’s a lot at stake: complex IT infrastructures; cloud and hybrid applications; security tool expansion; ballooning security budgets; and threats that are increasingly sophisticated.  With these challenges, we’ve heard a lot about where true value is needed.

As a starting point, our customers have told us that when it comes to XDR, they have many options.  Almost every security vendor has an XDR product.  But no XDR offering available is the same.  Customers struggle with comparing options and understanding what they’re getting.  Would their purchase duplicate existing security capabilities, or does it fill existing detection and response gaps?  And what is the final cost after all the extra expenditures for setup and integration?

An XDR should work well right out of the box and mesh with existing SOC solutions.

The last thing SOC teams need is unnecessary complexity from an XDR. But that’s exactly what they get from vendors who require partner integrations, introduce technical incompatibilities, or offer complex user experiences that escalate into higher costs or custom development to deal with issues such as multiple data schemas or hash formats.

An XDR should work well right out of the box and mesh with existing SOC solutions. And ideally, an XDR should be cost-neutral, cloud-based, and baked into endpoint security. Functionally, Forrester analyst Allie Mellen has written that XDR should “automate root cause analysis across integrated telemetry sources.” It’s that last part where many XDR solutions fall short.

Symantec’s new XDR feature does all this and more.  It performs automatic correlations before an analyst even sits down to investigate alerts. And rather than require additional integrations or services, the product works on top of Symantec Endpoint Security Complete to natively correlate threat data across multiple controls. There are no additional costs.

What Makes Symantec XDR Different?

  1. Symantec eliminates setup time and effort. Unlike competitors’ hybrid models that calls for multiple integrations among many vendors and service providers, Symantec architects XDR into its already highly-awarded, full feature endpoint solution. All integrations across control points are fully operational from day one so advanced threat detection can begin immediately. There is little to no latency time before the SOC team can get up and running.

    Symantec XDR’s rich cross-control-point connections are achieved via two Symantec integrations.  The first assimilation is with the powerful SES Complete which includes Adaptive Protection, Threat Defense for Active Directory and Threat Hunter, as well as a firewall, and an intrusion prevention system. And the second synthesis is with the dynamic and far-reaching Symantec CloudSOC CASB, which provides access to data on user behaviors, insights on intruder exposure to confidential information via DLP, visibility into email threats and a view of the external domains touched by intruders before they entered the environment. Any resulting incidents are context rich and encompass inputs from all of these control points covering both managed and un-managed endpoint sourced data.
     
  2. Symantec XDR makes deployment simple. It’s as easy as entering your product key into the platform.  No additional vendors, products and service providers are required to make XDR work; Symantec is your single vendor for XDR. Also, there’s no need to invest in orchestrating a complex new architecture; everything is ready to use and ready to apply to your environment.  Ultimately, there’s less time spent on installation and integration and more time focused on advance detection and response.
     
  3. Symantec XDR is offered as a feature of SES Complete. There is no additional premium. XDR is achievable without the need for additional budget allocations beyond the underlying control points. As a result, the financial commitment for executing XDR is predictable, and there is no need for additional budget negotiations.

What are the Use Cases for Symantec XDR?

Many organizations lack visibility into their SaaS apps. Some analysts must sort through logs manually to conduct a thorough investigation. Companies that embrace Symantec XDR will find that they are able to close that gap.

Your SOC analysts don’t need more consoles or the annoyance of working on multiple interfaces, and they do need greater visibility and timelier insights. Symantec XDR’s cross-control-point integration matters because it provides much-needed efficiency and visibility into identity, data exfiltration, network activity, unmanaged endpoints, and questionable user behaviors. This integration happens automatically and without extensive DevSecOps intervention. When customers adopt Symantec XDR, they do not face unwanted data integration and SOC complexity, and they are able to:

  • See the full attack chain beyond the endpoint by including activities from network, email, and cloud services
  • Determine if an attack was successful by detecting suspicious user behavior with cloud services
  • Identify the scope of a breach by detecting sensitive data access and exfiltration using Data Loss Prevention (DLP)

Symantec XDR is simple. It provides the artificial intelligence (AI) and machine learning (ML) to mine for valuable insights across controls. In short, it means more signal, less noise, and faster mean-time-to-detection.  It is designed to augment rather than replace SOAR or SIEM. And while it does, it addresses the growing data volume, integration and cost burdens that come with the use of these tools.

Symantec XDR is also cost effective.  It provides extensive cross-control-point protection, plus specific capabilities, such as AI-powered data normalization and correlation, featuring behavioral and targeted attack analytics. It connects data from diverse security control points covering both endpoints and cloud services, as well as extensive threat intelligence, and it gives visibility into activities from both managed and unmanaged endpoints.  With these extensive capabilities, Symantec XDR is pulling ahead with an integrated, cost-effective solution for improving the identification and response to advanced threats.

To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.

Broadcom Software Blogs
You might also enjoy
3 Min Read

Prevention for the Enterprise: Your Most Important Defense

Keeping malware off endpoints is essential to defense in depth

Broadcom Software Blogs
You might also enjoy
3 Min Read

Extending Security Beyond the Endpoint with Symantec XDR

XDR technology expands visibility and correlates data from thousands of cloud services and endpoints for SOC analysts

About the Author

Gavin Fulton

Product Manager, Symantec Endpoint Security

Gavin focuses on delivering a world class endpoint security solution for customers. He has been part of the Symantec team for more than 12 years and resides in Edinburgh, Scotland.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.