The net new additions are a new Managed Cloud Defense monitoring and response service, and a new Managed Cloud Defense service that brings a service Symantec had provided to very large customers to the broader market.
Cybersecurity vendor Symantec has announced a series of enhancements to the Symantec’s Cyber Defense Platform, their cloud platform that provides a variety of Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service capabilities. The new announcements add Cloud Workload Assurance, a new protection capability, and a new Managed Cloud Defense service to provide SOC-level threat monitoring, containment, and hunting capabilities. Their Cloud Workload Protection and CloudSOC CASB have been enhanced. All these capabilities significantly both broaden Symantec’s Total Addressable Market for their cloud services, and the opportunities for their channel partners. They also reflect a fundamentally different philosophy towards providing solutions, said Ajay Sood, Vice-President and General Manager for Symantec Canada.
“Historically, a platform has basically really consisted of ‘you need to buy all our stuff and get an integrated fabric,’ Sood said. “We are redefining the definition. It’s no longer about the product so much. We are thrilled if people buy all our products, but what’s really important is providing a unified set of data formats and treatments and processing strategies, including a back end. It’s a relatively new concept. Having products today in information security that are managed centrally is less important than having products that can exchange information in real time. As an industry, we haven’t done a great job of that. This platform does, and is a differentiator for us.”
Cloud Workload Assurance [CWA] is a net-new addition to the platform.
“Cloud Workload Assurance is both a new product and a new paradigm,” Sood stated. “You have more use now of shared cloud resources, with so many agile servers and services. The result of that is that we are seeing configuration drift in the clouds, where people don’t know if they have configuration issues and vulnerabilities on these agile servers. CWA gives the customer a level of visibility they don’t get from the Cloud Service Provider. The CSP gives you stats, but you don’t know that things have been processed securely. CWA does this, monitoring for configuration errors and correcting those it finds, to ensure customers adhere to best practices and don’t drift from being compliant.
Symantec has enhanced their Cloud Workload Protection [CWP] solution with Data Loss Prevention [DLP] capabilities and integrated it into their CloudSOC CASB [Cloud Access Security Broker].
“We are sending a really strong message with this,” Sood said. “The DLP message that we pioneered is not new, but what we have done here is taken it to the CASB so you can apply it universally. The problem with the cloud is controlling what data goes in and out. The integration between DLP and CASB is actually in the cloud, to handle this issue.”
Symantec has also introduced a new Managed Cloud Defense service, to provide SOC-level cloud native monitoring, analytics and response to cloud-based threats. The service includes both containment and threat hunting as part of the response, and correlates attack activity in the cloud with the Symantec Global Intelligence Network and assists humans with their remote investigations.
“Managed Cloud Defense extends a lot of what we already do now – at the behest of larger clients,” Sood said. “We actively review the logs, and observe and report on violations and security events. When people move towards the cloud, they sometimes do it in a way that’s not tremendously informed, because they don’t fully understand the threats that exist in the cloud. We have the tools to find more and dig deeper here than most of our competitors, and certainly more than the client.
These new cloud offerings are ideally suited for Symantec partners, Sood stated.
“MSSPs have enabled the mid to bottom of the customer pyramid to have more agile security defense,” he stated. “With these announcements, what were formerly platform services available to only high-level clients are now available to any organization embracing the cloud, and our channel can provide any of these services through the Cyber Defense platform. We expect that this will enable many small and mid-sized organizations to onboard securely to the cloud. We expect that this will translate very nicely into the midmarket, specifically here in Canada.”