Symantec Advanced Threat Protection:

Network
Data Sheet: Advanced Threat Protection
Almost no company, whether large or small, is immune to targeted attacks. Five out of every six large companies (2,500+
employees) were targeted with spear phishing attacks in 2014, a 40 percent increase over the previous year. Small and
medium-sized businesses also saw an uptick, with attacks increasing 26 percent and 30 percent, respectively.1
Advanced threats are engineered to closely resemble legitimate applications, URLs, and emails, so threat signatures,
reputation scoring, and behavioral heuristics alone cannot detect everything, and with the ever increasing number of attack
vectors, systems, adversaries, and targets, it's becoming impossible to block every threat before it reaches a network.
Pro
Protect
tect,, Detect
Detect,, and Respond
Organizations can no longer focus purely on preventing threats at the endpoint; they must also ensure that they can detect
threats as they enter the network, as well as detect and respond to threats which have already taken a foothold. Symantec
Advanced Threat Protection: Network provides automated threat analysis at the network for rapid detection of even the most
advanced malware designed to evade traditional Virtual Execution techniques.
Agentless integration with Symantec Endpoint Protection and Symantec Email Security.cloud gives a unique view across
multiple control points. This allows for automated and accurate prioritization of security events, reducing the volume of
security alerts and prioritizing the most significant threats.
Real-time threat prevention blocks net
network
work-based
-based attacks
Symantec Advanced Threat Protection: Network is available in either hardware appliance or Virtual Machine (VM) form-factors
and includes multiple protection components on-box, including Symantec Insight, Mobile Insight, and Symantec Vantage, to
detect threats and suspicious behavior as they occur on the network. These patented technologies detect and block threats in
real-time.
Symantec Insight and Mobile Insight are reputation-based security technologies that identify how common or rare a file is, how
old it is, and where it was first seen, and through context, it can detect new or rapidly mutating threats, as well as targeted
attacks. Symantec Vantage is an Intrusion Prevention System (IPS) technology, used to identify compromised machines by
detecting suspicious activity inside the network.
In addition, Symantec Advanced Threat Protection: Network includes Symantec Antivirus and IP, URL, and Domain blacklists
generated by the Symantec Global Intelligence Network.
Detect intelligent malware designed to ev
evade
ade virtual ex
execution
ecution techniques
Symantec Cynic is a new, cloud-based service that detects unknown malware and advanced threats by executing content in
virtual and bare-metal sandbox environments. Cynic mimics human behavior over a range of operating systems and commonly
exploited applications to remotely execute suspicious files, and combines SONAR behavioral analysis with global threat
1

intelligence to return a verdict for a faster more confident detection. In 2014, 28 percent of all malware was VM-aware , and
with most sandboxing technologies heavily reliant on hypervisors for content execution and analysis, the use of bare metal
environments is critical to detecting advanced malware.
1.

Symantec Internet Threat Report, Volume 20, April, 2015

Data Sheet: Advanced Threat Protection

Symantec Advanced Threat Protection: Network
Symantec Cynic records all actions a file takes as potential Indicators of Compromise, and is able to determine if the content is
malicious within minutes, not hours. All of the file behavior is available within the Symantec Advanced Threat Protection:
Network management console, providing a thorough understanding of the files intended action.
Correlate acro
across
ss net
network
work,, endpoint
endpoint,, and email
Advanced Threat Protection: Network is part of Symantec Advanced Threat Protection, a solution that detects and prioritizes
threats across network, endpoint, and email. It combines Symantecs global threat intelligence with local intelligence to
strengthen protection capabilities, accelerate response times, and reduce security operating costs.
Symantec Synapse technology enables event correlation between Symantec Advanced Threat Protection: Network, Symantec
Endpoint Protection, and Symantec Email Security.cloud. Synapse removes the need for unnecessary manual investigations of
all reported security events, saving the time and effort of security analysts. With Synapse, only events that need attention are
investigated, driving down the overall cost of the security operations required to manage a steady stream of network events.
Features & Benefits
Agentless integration across Network, Email, and Endpoint
Detailed file inspection intelligence, behavioral details, and analysis across multiple control points
Better threat detection with Symantec Cynic, detecting even the most complex threats which are designed to evade the
virtualized sandbox environments commonly used to inspect files for malware
Save time and effort by only investigating detection events that require the attention and intervention of security operations

Data Sheet: Advanced Threat Protection

Symantec Advanced Threat Protection: Network
SYS
YSTEM
TEM RE
REQUIREMENT
QUIREMENTS
S
Browser Clients ffor
or the UI
Microsoft Internet Explorer 11 or later
Mozilla Firefox 26 or later
Google Chrome 32 or later
Virtual Appliance Deployment
VMware ESXi 5.1, 5.5
Intel virtualization technology enabled
Virtual Machine (VM) Requirements
Four CPUs (physical or logical)
At least 16 GB memory
100 GB disk
Ph
Physical
ysical Appliance Deployment
Appliance Model 8840

Appliance Model 8880

Form Factor

1U Rack Mount

2U Rack Mount

CPU

Single, Intel Xeon Six-core

2 x 12 core Intel Xeon

Memory

32 GB

96 GB

Hard Drive

1 x 1TB drive

RAID 5 4 x 300GB

Power Supply

Non-redundant PSU

2 x 750W Redundant power supply

Network Interface Cards

Four Gigabit Ethernet ports:

Four 10Gigabit Ethernet ports

Two 1Gigabit Ethernet ports

1 WAN / LAN pair

2 WAN / LAN pairs (10Gigabit)

1 Management port

1 Management port (1Gigabit)

1 Monitor port

1 Monitor port (1Gigabit)

Data Sheet: Advanced Threat Protection

Symantec Advanced Threat Protection: Network
More Information
Visit our website
http://enterprise.symantec.com
To speak with a Product Specialist in the U.S.
Call toll-free 1 (800) 745 6054
To speak with a Product Specialist outside the U.S.
For specific country offices and contact numbers, please visit our website.
About Symantec
Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments
seeking the freedom to unlock the opportunities technology bringsanytime, anywhere. Founded in April 1982, Symantec, a
Fortune 500 company operating one of the largest global data intelligence networks, has provided leading security, backup,
and availability solutions for where vital information is stored, accessed, and shared. The company's more than 20,000
employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal
2014, it recorded revenue of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at:
go.symantec.com/socialmedia.
Symantec World Headquarters
350 Ellis St.
Mountain View, CA 94043 USA
+1 (650) 527 8000
1 (800) 721 3934
www.symantec.com

Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.
and other countries. Other names may be trademarks of their respective owners.
21349720 04/15