Posted: 3 Min ReadProduct Insights

Symantec Named an Overall Leader for Network Detection and Response

Recommended to organizations needing “high security”

Symantec, a division of Broadcom (NASDAQ:  AVGO), has been named as an Overall Leader in KuppingerColes' 2020 Leadership Compass for Network Detection and Response (NDR).

In its latest comparative review of the market, the research firm recognized Symantec’s NDR solution as “top-notch” and recommended it to organizations needing “high security, particularly those requiring packet decryption.”

The award comes at a particularly timely juncture in the security field as the deployment of NDR tools has become increasingly important in the face of new and more sophisticated cyber threats to enterprises.

No Visibility, No Idea

Early in my career I was a security operations practitioner. When my industry was under attack, we’d get together with other firms and share various bits of threat intelligence to help each other tune up our playbooks on how to best detect and block the bad guys.

But one day I asked: How do we know we haven't already been compromised? Nobody had an answer. It was really an unsettling question for a lot of people. But it certainly was on their minds. You read all the time about breach discoveries where the intrusion might have remained undetected for weeks, months, and sometimes, even years. 

It was taking too long for defenders to uncover the breach because they were looking at telemetry that told them - incorrectly - that everything was okay. Hackers were getting in and compromising the system while remaining anonymous. They would disable the telemetry that should notify security teams when something was wrong. 

But while your system may lie to you, the network traffic coming in and out of your environment always tells the truth.

New Approaches to Network Protection

That defensive crouch wasn’t working very well and so the security conversation then turned to alternatives to traditional prevention like SIEM and IDS (Intrusion Detection Systems).  But these alternatives had their own particular limitations.  For instance, IDS is very labor-intensive to operate and generates a high number of false positives. SIEMs are famous for their cost and complexity. 

More recently Endpoint Detection and Response (EDR) has emerged to empower security operations teams to investigate and respond to threats.  While this is an essential part of the SOC arsenal, having endpoint visibility alone is not sufficient.  For example, some subverted endpoints can provide false data to EDR tools.  That’s where NDR becomes critical to provide the network context and correlation.  By sharing threat intelligence across NDR and EDR, Symantec solutions are able to provide a holistic and actionable threat view to protect our customers. 

But the emergence of NDR offers a new way for SOCs to regain the advantage over threat actors. Now they can use tools that are well suited for discovering lateral movement, the use of compromised privileged credentials, or data exfiltration attempts. NDR is also adept at uncovering more common types of attack such as unwanted bot activities, credential theft, and insider threats.  


Of course, not all NDR tools are created equal. As KuppingerColes noted, Symantec’s NDR solution, consisting of a Secure Web Gateway, Content Analysis, and a Security Analytics NDR platform, covers “all the basics” while also providing support for advanced use cases requiring full packet decryption and analysis and sandboxing.

Symantec’s array of Machine Learning techniques helps to pinpoint normal baselines and anomalous traffic, rather than static rules or IDS signatures. This functionality is particularly welcome given the volumes of network connection data that must be analyzed.

That technology combination means that SOC analysts who deploy Symantec’s NDR can rapidly uncover evidence of malicious activities that are either in progress or have already occurred on the network or in the cloud.

Symantec’s array of Machine Learning techniques helps to pinpoint normal baselines and anomalous traffic, rather than static rules or IDS signatures

Backed by a formidable threat intelligence network, our NDR solution analyzes data traffic and then retains the historical records. Packets don't lie and so we can review that information to perform rapid investigations.

No one does a better job than us when it comes to inspecting data traffic. Our systems can tell the difference between HTTP traffic and something else that might be using port 80. Similarly, if there’s web traffic on a non-standard port, we can identify that, too.  We use rules and Machine Learning algorithms to generate findings on those packets and the depth of analysis that we can perform on network traffic we capture is second to none.

Think of Symantec NDR as a central pillar for your security foundation. And don’t just take our word for it. Take a look at what KuppingerCole has to say about it here. 

Symantec Enterprise Blogs
You might also enjoy
Product Insights3 Min Read

Trust Your Endpoint Protection to a Proven Leader

As endpoint attacks multiply, users need to work with a marketplace leader – now, more than ever

Symantec Enterprise Blogs
You might also enjoy
Product Insights4 Min Read

Symantec Named a Leader

In 2019 Gartner Magic Quadrant for Secure Web Gateways and the 2019 Magic Quadrant for Cloud Access Security Brokers

About the Author

Bryan Cardoza

Director, Security Analytics, Symantec Enterprise

Bryan is a 35-year veteran of the software industry and has worked in a variety of roles and software disciplines. Passionate about providing tools for threat hunters and forensic analysts, Bryan leads product management and R&D for Security Analytics.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.