9/13/2023 0 Comments Symantec vip access manager sdk![]() ![]() That can be done via different means and depends on the number of client machines. The steps involved for a cloud instance are that an account is created, the agent is downloaded, and you probably have to push the agent to different systems. Once we create the account, it doesn't take more than 30 to 45 minutes for us to get the setup done. A few of our clients use it on the cloud and a few have a hybrid with on-prem. The cloud-based setup is very straightforward. It is not only Windows devices that it covers but also mobile devices, Mac, Android, iOS, et cetera. Symantec is one of a very limited number of products that supports the entire gamut of devices. A link is then initiated between the infected device and Symantec's threat-hunting team. Based on the signature or the anomaly, when something is detected, the object that is compromised is isolated and we get an immediate response. In one or two cases we might need the experts, but most of our issues are known. Most incidents come through machine learning. We have no complaints so far, and it has been an excellent experience working with their threat-hunting team. We completely depend on Symantec's threat-hunting methodology. They have custom, built-in tools, and their own threat-hunting intelligence mechanism. They have a global SIEM and a global threat-hunting team. Symantec was an early starter with respect to threat hunting. They're one of the largest civilian cyber intelligence networks. In addition, for threat hunting, the API is integrated so that we get real-time updates. In those situations, Symantec is the go-to product. This is very critical in an instance where you should not have access to the internet, or you wanted to have it on-premises. That's a differentiating factor with Symantec. Currently, most antivirus and protection providers operate entirely from the cloud. But until then, Symantec will prevent Active Directory compromises.Īnd, in some cases, the architecture itself is an important feature because Symantec is one of the very few endpoint services that provides an on-premises management system. Once Microsoft releases patches, we immediately implement them. Even though there may be an issue with patches still not being updated by Microsoft, we have compensating control to prevent those kinds of attacks from happening. They obfuscate the request going to Active Directory. Whenever there is an issue with respect to Active Directory, Symantec identifies the issues and tries to create a signature to mimic the Active Directory-related attacks in their backend labs. That means that Symantec is protecting us well, and we have implemented it and been running it for the last three-plus years for multiple clients. In addition, we have third-party SIEM software monitoring all our assets on a day-to-day basis and they haven't identified any anomalies. We haven't faced any breaches so far, meaning we have been protected adequately. We actively perform quality assessments, penetration testing, and we do forensic analysis. The solution has helped organizations enhance their security posture considerably. You get an SMS alert or an email notification, but that's a secondary thing. That makes it a one-stop solution, where you can have everything integrated. It also helps us in orchestrating and correlating our security incidents.Īn added benefit is that if you have it integrated with your ticketing system, tickets will also be triggered. The major benefit of having Symantec's API is that you get access to all the methodologies and mechanisms, and it's accessed in a single dashboard. It has improved the efficiency of our operations. That has a direct impact on our business operations. This has reduced our efforts and the time we spend on incidents. Most of our incidents, no matter what has occurred, are automatically addressed. If there is an attack on a weekend, we can completely rely on Symantec, rather than needing someone to manually upload these things. It submits the file automatically, meaning that no manual intervention is required. When there is an incident, the EDR engine is based on AI/ML behavioral analytics. It takes direct action and remediates the infected file, isolating the endpoint, and establishing communication between the endpoint and Symantec's threat-hunting SOC. The reaction time for any incident has been reduced drastically. ![]() ![]() The very comprehensive machine learning platform has been very helpful and we have been able to prevent most attacks and detect and respond to those threats within minutes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |