Network Forensics & Security Analytics

Symantec Security Analytics (SA) 8.1 is now available, adding new capabilities to Symantec’s powerful network traffic analysis and forensics solution. Enhancements include: added support for deployment in Microsoft Azure, Session View for easy evidence discovery, Intelligent Capture, ICDx integration, Dynamic Storage Expansion, Splunk>Phantom integration, Threat Explorer Pivot integration, and a new Dark Theme UI to better align with SOC preferences.

What’s New to Security Analytics 8.1?

• Session View –Session View provides Incident Response teams a quicker way to narrow down searches to interesting activity before requesting actual artifacts, significantly reducing the time to obtaining evidence and answers. Quickly get details of all network flows.
• Intelligent Capture – All captured traffic is sent through full metadata generation, then only packets deemed necessary for long-term storage are retained, optimizing available storage and easing adoption of Security Analytics.
• Dynamic Storage Expansion – Seamlessly scale storage to meet growing needs and extend your window of available traffic for forensics analysis. Add storage to a Security Analytics head unit without reinstalling software or destroying already captured packets and metadata
• Integrated Cyber Defense Exchange (ICDx) Integration – Security Analytics now supports ICDx and provides extremely rich metadata to this threat intelligence platform. When a Security Analytics rules is matched, event metadata can automatically be sent to ICDx where other tools can consume, further analyze or execute other security and remediation actions.
• Splunk>Phantom Integration – Direct integration with Splunk>Phantom automates the orchestration of defined plays such as: further data enrichment, third-party malware scanning, endpoint detection and response, or IoC Verification and Remediation.
• Threat Explorer Pivot Integration – Pivot directly from a Security Analytics artifact to Threat Explorer for detailed reputation reports on URLs, IP addresses and files. Safely browse potentially malicious sites through Symantec Web Isolation.
• Dark Theme UI – The new dark theme option supports SOC teams’ preferences and enables more comfortable, extended viewing time
• Azure support for Security Analytics in the Cloud – Adding to existing support for AWS and Oracle cloud workloads, customers can now deploy Security Analytics in Microsoft Azure for full visibility, network traffic analysis and incident response for cloud workloads.

Why Security Analytics?

• Get full visibility across your entire network as well as your cloud workloads – SA inspects all traffic on all protocols, delivering comprehensive network traffic analysis and detection of thousands of applications. It can capture every packet, enrich them with massive threat intelligence, and reconstruct all activity for complete evidence of threats targeting your network and cloud data.
• Conduct a forensics investigation and accurately detect the source and scope of an attack and quickly resolve the issue – With SA, incident response teams have a complete “system of record” to conduct retrospective analysis and get insight into critical post-breach questions: Who did this? How? When? What was accessed? Support for ICDx allows other tools to leverage SA data to streamline workflow and speed incident response.
• Arm your SOC team with tools for proactive hunting exercises to identify potential threats before they become a problem and cause extensive damage – SA provides real-time threat intelligence and data enrichment collected from thousands of customers and millions of users. It uses sophisticated anomaly detection and advanced network traffic analysis to expose developing attacks and hidden threats.

Upgrade your Security Analytics system to 8.1 and check out these powerful new features. You can also check out the release notes, a slideshare of the new features and the Web Guide (documentation) for more details. 

- Symantec Product Management