Symantec™ Advanced Threat Protection:Network

Data Sheet: Advanced Threat Protection

Almost no company, whether large or small, is immune to targeted attacks. Five out of every six large companies (2,500+

employees) were targeted with spear phishing attacks in 2014, a 40 percent increase over the previous year. Small and

medium-sized businesses also saw an uptick, with attacks increasing 26 percent and 30 percent, respectively.1

Advanced threats are engineered to closely resemble legitimate applications, URLs, and emails, so threat signatures,

reputation scoring, and behavioral heuristics alone cannot detect everything, and with the ever increasing number of attack

vectors, systems, adversaries, and targets, it's becoming impossible to block every threat before it reaches a network.

ProProtecttect, Detect, Detect, and Respond, and Respond

Organizations can no longer focus purely on preventing threats at the endpoint; they must also ensure that they can detect

threats as they enter the network, as well as detect and respond to threats which have already taken a foothold. Symantec™

Advanced Threat Protection: Network provides automated threat analysis at the network for rapid detection of even the most

advanced malware designed to evade traditional Virtual Execution techniques.

Agentless integration with Symantec™ Endpoint Protection and Symantec™ Email Security.cloud gives a unique view across

multiple control points. This allows for automated and accurate prioritization of security events, reducing the volume of

security alerts and prioritizing the most significant threats.

Real-time threat prevention blocks netReal-time threat prevention blocks networkwork-based attacks-based attacks

Symantec Advanced Threat Protection: Network is available in either hardware appliance or Virtual Machine (VM) form-factors

and includes multiple protection components on-box, including Symantec Insight™, Mobile Insight, and Symantec Vantage™, to

detect threats and suspicious behavior as they occur on the network. These patented technologies detect and block threats in

real-time.

Symantec Insight and Mobile Insight are reputation-based security technologies that identify how common or rare a file is, how

old it is, and where it was first seen, and through context, it can detect new or rapidly mutating threats, as well as targeted

attacks. Symantec Vantage is an Intrusion Prevention System (IPS) technology, used to identify compromised machines by

detecting suspicious activity inside the network.

In addition, Symantec Advanced Threat Protection: Network includes Symantec Antivirus™ and IP, URL, and Domain blacklists

generated by the Symantec Global Intelligence Network.

Detect intelligent malware designed to evDetect intelligent malware designed to evade virtual exade virtual execution techniquesecution techniques

Symantec Cynic™ is a new, cloud-based service that detects unknown malware and advanced threats by executing content in

virtual and bare-metal sandbox environments. Cynic mimics human behavior over a range of operating systems and commonly

exploited applications to remotely execute suspicious files, and combines SONAR™ behavioral analysis with global threat

intelligence to return a verdict for a faster more confident detection. In 2014, 28 percent of all malware was VM-aware1, and

with most sandboxing technologies heavily reliant on hypervisors for content execution and analysis, the use of bare metal

environments is critical to detecting advanced malware.

1. Symantec Internet Threat Report, Volume 20, April, 2015

1

Symantec Cynic records all actions a file takes as potential Indicators of Compromise, and is able to determine if the content is

malicious within minutes, not hours. All of the file behavior is available within the Symantec Advanced Threat Protection:

Network management console, providing a thorough understanding of the file’s intended action.

Correlate acroCorrelate across netss networkwork, endpoint, endpoint, and email, and email

Advanced Threat Protection: Network is part of Symantec™ Advanced Threat Protection, a solution that detects and prioritizes

threats across network, endpoint, and email. It combines Symantec’s global threat intelligence with local intelligence to

strengthen protection capabilities, accelerate response times, and reduce security operating costs.

Symantec Synapse™ technology enables event correlation between Symantec Advanced Threat Protection: Network, Symantec

Endpoint Protection, and Symantec Email Security.cloud. Synapse removes the need for unnecessary manual investigations of

all reported security events, saving the time and effort of security analysts. With Synapse, only events that need attention are

investigated, driving down the overall cost of the security operations required to manage a steady stream of network events.

FFeatures & Benefitseatures & Benefits

• Agentless integration across Network, Email, and Endpoint

• Detailed file inspection intelligence, behavioral details, and analysis across multiple control points

• Better threat detection with Symantec Cynic, detecting even the most complex threats which are designed to evade the

virtualized sandbox environments commonly used to inspect files for malware

• Save time and effort by only investigating detection events that require the attention and intervention of security operations

Data Sheet: Advanced Threat ProtectionSymantec™ Advanced Threat Protection: Network

2

SSYSYSTEM RETEM REQUIREMENTQUIREMENTSS

Browser Clients fBrowser Clients for the UIor the UI

Microsoft Internet Explorer 11 or later

Mozilla Firefox 26 or later

Google Chrome 32 or later

Virtual Appliance DeploymentVirtual Appliance Deployment

VMware® ESXi 5.1, 5.5

Intel virtualization technology enabled

Virtual Machine (VM) Requirements

• Four CPUs (physical or logical)

• At least 16 GB memory

• 100 GB disk

PhPhysical Appliance Deploymentysical Appliance Deployment

Appliance Model 8840Appliance Model 8840 Appliance Model 8880Appliance Model 8880

Form Factor 1U Rack Mount 2U Rack Mount

CPU Single, Intel Xeon Six-core 2 x 12 core Intel Xeon

Memory 32 GB 96 GB

Hard Drive 1 x 1TB drive RAID 5 4 x 300GB

Power Supply Non-redundant PSU 2 x 750W Redundant power supply

Four Gigabit Ethernet ports: Four 10Gigabit Ethernet ports

Two 1Gigabit Ethernet ports

Network Interface Cards

1 WAN / LAN pair

1 Management port

1 Monitor port

2 WAN / LAN pairs (10Gigabit)

1 Management port (1Gigabit)

1 Monitor port (1Gigabit)

Data Sheet: Advanced Threat ProtectionSymantec™ Advanced Threat Protection: Network

3

More Information

Visit our website

http://enterprise.symantec.com

To speak with a Product Specialist in the U.S.

Call toll-free 1 (800) 745 6054

To speak with a Product Specialist outside the U.S.

For specific country offices and contact numbers, please visit our website.

About Symantec

Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments

seeking the freedom to unlock the opportunities technology brings—anytime, anywhere. Founded in April 1982, Symantec, a

Fortune 500 company operating one of the largest global data intelligence networks, has provided leading security, backup,

and availability solutions for where vital information is stored, accessed, and shared. The company's more than 20,000

employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal

2014, it recorded revenue of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at:

go.symantec.com/socialmedia.

Symantec World Headquarters

350 Ellis St.

Mountain View, CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

www.symantec.com

Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.and other countries. Other names may be trademarks of their respective owners.

21349720 04/15

Data Sheet: Advanced Threat ProtectionSymantec™ Advanced Threat Protection: Network

4