Symantec Corp., the global leader in cyber security, today announced the availability of Content Analysis 2.4, the latest version of its multi-layer, advanced threat detection solution which now includes integration with Splunk>Phantom for automated threat orchestration and response.
Unlike traditional blocking tools, Content Analysis delivers an enterprise-level, single-box platform with a multi-layer scanning and analysis approach to more effectively detect and block known and unknown threats. This optimizes the workflow of Security Operations and Incident Response teams, so they only need to address threats that specifically target their unique environment.
Content Analysis deeply inspects unknown files delivered by Symantec’s network, email, endpoint and cloud solutions as well as numerous third-party security tools. All content passes through multiple steps to scan, identify and block uncovered attacks against the organization using a sophisticated layered, filtering approach to threat detection and protection to help prevent users from receiving malicious content. These layers include: comprehensive hash reputation using custom white and blacklists, advanced machine learning and static code analysis, malware signature inspection using dual anti-malware engines, and comprehensive file detonation using Symantec’s dynamic sandboxing solution.
What’s New to Content Analysis 2.4?
- Splunk > Phantom Integration – Symantec and Splunk have developed Symantec-specific automation and orchestration “playbooks” that run on the Phantom SecOps Platform. These playbooks orchestrate Symantec Content Analysis and improve SOC efficiency by automatically addressing use cases common to many security organizations, including: Alert Enrichment, Malware Detonation, IoC Verification, Threat Feed Sharing, and Accelerated Response. For more on these playbooks, visit: https://www.symantec.com/connect/groups/phantom-app-page-connect.
- Enhanced Sandbox Search – Elastic Search has been added across the data fields and sandboxing tasks. This extremely flexible search capability helps Security and IR teams quickly narrow down specific sandbox results.
- Modular AV Engine Downloads – 2.4 introduces the ability to download malware AV engines independent of the Content Analysis software.
- Offline Pattern Support – Customers can run Content Analysis with a Symantec File Inspection subscription in a closed network. Certain customers, especially within the Federal space, have restrictions for communication outside of their closed network and require Content Analysis deployment in a closed environment. This new capability allows those customers to securely obtain pattern updates.
- Win XP ISO import – Added support for Windows XP images in sandboxing.
- Improved inspection performance – Optimizations throughout Content Analysis to enhance detection results
- AWS support – Content Analysis can now be deployed in AWS cloud environments.
Source Symantec Press Release