Endpoint Security Complete

Hi.

Trying to understand the Threat Hunting Center and Managed Hunting Services included as an add-on in SESC:

TH Center is the connection to the ICDx platform? on the THC admin guide it says it requires an appliance so, it is different than the EDR appliance, correct? also, the THC is a service to correlate security events from different sources and integrate them with external SIEM infrastructure...is this correct?

TH Service is actually a service like MSS where you are assigned to a security team to analyze your incidents and you are contacted in case they find something critical?...is this correct?

Any additional information or reference is highly appreciated!

Thanks

------------------------------
|| Alex ||
------------------------------

Threat Hunter Center is the name of a Symantec OEM branded version of Anomali's Match appliance (this is no longer sold by Symantec). If this is something you are interested in using, reach out to Anomali. Symantec ICDx will forward normalized data to Anomali Match.

Threat Hunter in regards to EDR is related to notifications on your EDR dashboard. We do have a team that reviews data at large and may provide possible threats via dashboard notifications. These notifications are not specifically tailored to one customer, but are a "we see this, it usually means that" notification. Very good for newer threats and threats your org might not be familiar with.

I hope this helps clarify the two products.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom
------------------------------

Original Message:
Sent: 08-27-2020 04:21 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Hi.

Trying to understand the Threat Hunting Center and Managed Hunting Services included as an add-on in SESC:

TH Center is the connection to the ICDx platform? on the THC admin guide it says it requires an appliance so, it is different than the EDR appliance, correct? also, the THC is a service to correlate security events from different sources and integrate them with external SIEM infrastructure...is this correct?

TH Service is actually a service like MSS where you are assigned to a security team to analyze your incidents and you are contacted in case they find something critical?...is this correct?

Any additional information or reference is highly appreciated!

Thanks

------------------------------
|| Alex ||
------------------------------

Thank you so much for your quick response Kris!

So, if a customer buys the add-on service, he will see notifications on his EDR dashboard about events he may have? or will see the "opinion" of the analysts related to a specific behavior?...are there any datasheets or information related to the scope of these add-ons?

Thanks again Kris!
Alex

------------------------------
|| Alex ||
------------------------------

Original Message:
Sent: 08-27-2020 04:42 PM
From: Kris Gainsforth
Subject: About Threat Hunting Center and Managed Hunting Service

Threat Hunter Center is the name of a Symantec OEM branded version of Anomali's Match appliance (this is no longer sold by Symantec). If this is something you are interested in using, reach out to Anomali. Symantec ICDx will forward normalized data to Anomali Match.

Threat Hunter in regards to EDR is related to notifications on your EDR dashboard. We do have a team that reviews data at large and may provide possible threats via dashboard notifications. These notifications are not specifically tailored to one customer, but are a "we see this, it usually means that" notification. Very good for newer threats and threats your org might not be familiar with.

I hope this helps clarify the two products.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-27-2020 04:21 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Hi.

Trying to understand the Threat Hunting Center and Managed Hunting Services included as an add-on in SESC:

TH Center is the connection to the ICDx platform? on the THC admin guide it says it requires an appliance so, it is different than the EDR appliance, correct? also, the THC is a service to correlate security events from different sources and integrate them with external SIEM infrastructure...is this correct?

TH Service is actually a service like MSS where you are assigned to a security team to analyze your incidents and you are contacted in case they find something critical?...is this correct?

Any additional information or reference is highly appreciated!

Thanks

------------------------------
|| Alex ||
------------------------------

https://docs.broadcom.com/docs/symantec-endpoint-security = Current as of August 3rd, 2020.

There isn't an add-on, it's just part of the SESC license. The full SESC license includes on-prem and cloud endpoint protection, on-prem and cloud based EDR, Threat Detection for Active Directory (on-prem), endpoint for mobile OSes, and the behavioral/threat forensics. SESC does not include a FULLY MANAGED EDR, but we do put our machine learning and human review into our EDR offerings.

The only Add-On for SESC is Vulnerability Remediation for Windows workstations.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom
------------------------------

Original Message:
Sent: 08-27-2020 04:51 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Thank you so much for your quick response Kris!

So, if a customer buys the add-on service, he will see notifications on his EDR dashboard about events he may have? or will see the "opinion" of the analysts related to a specific behavior?...are there any datasheets or information related to the scope of these add-ons?

Thanks again Kris!
Alex

------------------------------
|| Alex ||

Original Message:
Sent: 08-27-2020 04:42 PM
From: Kris Gainsforth
Subject: About Threat Hunting Center and Managed Hunting Service

Threat Hunter Center is the name of a Symantec OEM branded version of Anomali's Match appliance (this is no longer sold by Symantec). If this is something you are interested in using, reach out to Anomali. Symantec ICDx will forward normalized data to Anomali Match.

Threat Hunter in regards to EDR is related to notifications on your EDR dashboard. We do have a team that reviews data at large and may provide possible threats via dashboard notifications. These notifications are not specifically tailored to one customer, but are a "we see this, it usually means that" notification. Very good for newer threats and threats your org might not be familiar with.

I hope this helps clarify the two products.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-27-2020 04:21 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Hi.

Trying to understand the Threat Hunting Center and Managed Hunting Services included as an add-on in SESC:

TH Center is the connection to the ICDx platform? on the THC admin guide it says it requires an appliance so, it is different than the EDR appliance, correct? also, the THC is a service to correlate security events from different sources and integrate them with external SIEM infrastructure...is this correct?

TH Service is actually a service like MSS where you are assigned to a security team to analyze your incidents and you are contacted in case they find something critical?...is this correct?

Any additional information or reference is highly appreciated!

Thanks

------------------------------
|| Alex ||
------------------------------

Thank Kris, I was confusing because on the SESC documentation it says it is an add-on https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Getting-Started/what-is-v129161010-d4161e112.html I guess it will be updated with the info you shared.

One more time, thanks for your clarification.
Alex

------------------------------
|| Alex ||
------------------------------

Original Message:
Sent: 08-27-2020 05:05 PM
From: Kris Gainsforth
Subject: About Threat Hunting Center and Managed Hunting Service

https://docs.broadcom.com/docs/symantec-endpoint-security = Current as of August 3rd, 2020.

There isn't an add-on, it's just part of the SESC license. The full SESC license includes on-prem and cloud endpoint protection, on-prem and cloud based EDR, Threat Detection for Active Directory (on-prem), endpoint for mobile OSes, and the behavioral/threat forensics. SESC does not include a FULLY MANAGED EDR, but we do put our machine learning and human review into our EDR offerings.

The only Add-On for SESC is Vulnerability Remediation for Windows workstations.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-27-2020 04:51 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Thank you so much for your quick response Kris!

So, if a customer buys the add-on service, he will see notifications on his EDR dashboard about events he may have? or will see the "opinion" of the analysts related to a specific behavior?...are there any datasheets or information related to the scope of these add-ons?

Thanks again Kris!
Alex

------------------------------
|| Alex ||

Original Message:
Sent: 08-27-2020 04:42 PM
From: Kris Gainsforth
Subject: About Threat Hunting Center and Managed Hunting Service

Threat Hunter Center is the name of a Symantec OEM branded version of Anomali's Match appliance (this is no longer sold by Symantec). If this is something you are interested in using, reach out to Anomali. Symantec ICDx will forward normalized data to Anomali Match.

Threat Hunter in regards to EDR is related to notifications on your EDR dashboard. We do have a team that reviews data at large and may provide possible threats via dashboard notifications. These notifications are not specifically tailored to one customer, but are a "we see this, it usually means that" notification. Very good for newer threats and threats your org might not be familiar with.

I hope this helps clarify the two products.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-27-2020 04:21 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Hi.

Trying to understand the Threat Hunting Center and Managed Hunting Services included as an add-on in SESC:

TH Center is the connection to the ICDx platform? on the THC admin guide it says it requires an appliance so, it is different than the EDR appliance, correct? also, the THC is a service to correlate security events from different sources and integrate them with external SIEM infrastructure...is this correct?

TH Service is actually a service like MSS where you are assigned to a security team to analyze your incidents and you are contacted in case they find something critical?...is this correct?

Any additional information or reference is highly appreciated!

Thanks

------------------------------
|| Alex ||
------------------------------

Hi Kris,

I had also noticed this on the SES documentation and on the TechDocs, which mention a Managed Service (Threat Hunting Service) add-on.
Several partners were asking questions.  Thanks for clearing up the confusion.

Can you confirm what/if any service options (EDR or otherwise) are currently available to a Symantec Partner or End-User?

Thanks again,

------------------------------
CiaranCMS
------------------------------

Original Message:
Sent: 08-27-2020 05:05 PM
From: Kris Gainsforth
Subject: About Threat Hunting Center and Managed Hunting Service

https://docs.broadcom.com/docs/symantec-endpoint-security = Current as of August 3rd, 2020.

There isn't an add-on, it's just part of the SESC license. The full SESC license includes on-prem and cloud endpoint protection, on-prem and cloud based EDR, Threat Detection for Active Directory (on-prem), endpoint for mobile OSes, and the behavioral/threat forensics. SESC does not include a FULLY MANAGED EDR, but we do put our machine learning and human review into our EDR offerings.

The only Add-On for SESC is Vulnerability Remediation for Windows workstations.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-27-2020 04:51 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Thank you so much for your quick response Kris!

So, if a customer buys the add-on service, he will see notifications on his EDR dashboard about events he may have? or will see the "opinion" of the analysts related to a specific behavior?...are there any datasheets or information related to the scope of these add-ons?

Thanks again Kris!
Alex

------------------------------
|| Alex ||

Original Message:
Sent: 08-27-2020 04:42 PM
From: Kris Gainsforth
Subject: About Threat Hunting Center and Managed Hunting Service

Threat Hunter Center is the name of a Symantec OEM branded version of Anomali's Match appliance (this is no longer sold by Symantec). If this is something you are interested in using, reach out to Anomali. Symantec ICDx will forward normalized data to Anomali Match.

Threat Hunter in regards to EDR is related to notifications on your EDR dashboard. We do have a team that reviews data at large and may provide possible threats via dashboard notifications. These notifications are not specifically tailored to one customer, but are a "we see this, it usually means that" notification. Very good for newer threats and threats your org might not be familiar with.

I hope this helps clarify the two products.

------------------------------
Kris Gainsforth
Solutions Engineer
Broadcom

Original Message:
Sent: 08-27-2020 04:21 PM
From: Alex Z
Subject: About Threat Hunting Center and Managed Hunting Service

Hi.

Trying to understand the Threat Hunting Center and Managed Hunting Services included as an add-on in SESC:

TH Center is the connection to the ICDx platform? on the THC admin guide it says it requires an appliance so, it is different than the EDR appliance, correct? also, the THC is a service to correlate security events from different sources and integrate them with external SIEM infrastructure...is this correct?

TH Service is actually a service like MSS where you are assigned to a security team to analyze your incidents and you are contacted in case they find something critical?...is this correct?

Any additional information or reference is highly appreciated!

Thanks

------------------------------
|| Alex ||
------------------------------