Symantec Threat Inspection Engine: Powering Network Cloud Security

At Broadcom Software, we know that in today’s world, the threats to enterprise security are relentless. Security Operations Center (SOC) teams receive on average 10,000 alerts per day, with some estimates pushing that number to more than a million. Creating even more difficulty is the increasing sophistication of these attacks that become more successful over time. Many employ tactics that target separate seams in a network’s defenses making it even more challenging and time-consuming for SOCs to correlate and understand.

That’s why many enterprises are moving to a multi-layered network protection model for their cloud security strategy. And with many organizations somewhere on the cloud migration timeline, the need is great for a hybrid network protection model that allows for unified threat efficacy and deployment, either on-premises or in-cloud.

All this has elevated the critical role of threat inspection engines to enterprise cloud security strategy. And it’s why, especially with the uncertainties created by the war in Ukraine, so many businesses are re-evaluating the value and efficacy of their present engines. This new awareness only serves to highlight the greater functionality and protection offered by the Symantec Threat Inspection Engine through the Symantec Web Protection Suite (WPS) in a multi-layered network protection model.

Award-winning protection network-wide

Symantec, by Broadcom Software, has long been recognized as the industry leader in threat inspection at the endpoint level. It is the only vendor to be rated at the top of endpoint protection tests across all platforms, Windows, MacOS, and mobile. Now, this same award-winning, tested-and-proven, file threat-inspection technology is available across your entire network – and not just on the endpoint. Now an important inspection layer in our cloud Secure Web Gateway, enterprises have the same deep file inspection capabilities in a more powerful cloud environment.

Symantec Threat Inspection engine scans an extensive array of file types to find, and expose known and unknown threats. It leverages telemetry and 3rd party intel to block threats and it uses machine learning, heuristics and detonation amongst other techniques to classify threats.

Symantec AI and security experts create signatureless proactive protection. This same engine that powers our industry-leading endpoint, CASB, and email solutions is also a key component of the Symantec SASE framework, powering our leading Secure Web Gateway (SWG), delivering multi-level threat inspection of all your web traffic.

Symantec Threat Inspection engine offers:

• Fast and flexible deployment for an added layer of inspection for all web traffic
• Advanced ML technology stops unknown threats
• Automated updating of ML detection prevents in-field evasion and false positives
• Blocking and identification of 100 percent of all known threats
• Effective protection against new file types, packers, and obfuscated scripts

Freedom of choice

As a critical component of Symantec WPS, enterprises can freely decide where they want to apply that powerful protection. With WPS, organizations can decide where they want to apply that same protection -- on-prem or in-cloud -- with the exact same license. Symantec offers organizations full freedom of choice and unified efficacy.

A win-win value proposition

The greater functionality offered by the Symantec Threat Inspection engine as part of WPS provides better protection against all threats for both current and future Broadcom Software customers. Customers who already benefit from the Symantec Threat Inspection engine at the endpoint can enjoy better protection at the network level thanks to the added capabilities of WPS.

Customer ownership

The Symantec Threat Inspection engine is included in Symantec Web Protection and is a critical component of our cloud-delivered security stack. However, for customers needing a hybrid deployment option to support on-premises needs for in-depth threat inspection, licensing allows for unlimited deployment on high-performance Symantec SWG hardware or as a virtual appliance.

Multiple layers of inspection

Symantec Threat Inspection engine is a critical part of a comprehensive threat inspection strategy.

It’s a strategy that starts with the Symantec Proxy-based SWG serving as the top, or first part of the funnel to identify malicious or suspicious websites. Unknown content  works its way down through the Threat Inspection engine in an increasingly granular way to identify malicious websites, content and files. In a recent customer example, it resulted in a 10x reduction in SOC investigations. Following the proxy’s inspection of nearly 42 billion web requests in a month, the Threat Inspection engine scans all files – 8,000 were automatically identified as malicious and blocked, 539 thousand were dynamically sandboxed, and ultimately, only 389 were identified for further SOC analyst attention. This was compared to an average of 4,000 SOC events they addressed each month.

Change the network security game

In a world buffeted by the winds of war and relentless cyber attacks, it’s time to re-evaluate the value, power, and efficacy of your threat inspection engine. Arm your SOC analysts with the one that can change the game and give them the advantage through unified efficacy and workflow: the Symantec Threat Inspection engine – cloud-delivered, hybrid, or on-prem – available through the Symantec Web Protection Suite (WPS). Contact us now to learn how Broadcom Software can help modernize, optimize and protect your enterprise.