Symantec Email Threat Detection and Response


Prevent the Most Advanced Email Attacks

Symantec™ Email Threat Detection and Response (ETDR) is a cloud-based service that uncovers and prioritizes advanced attacks entering your organization through email by adding advanced detection technologies such as cloud-based sandboxing and Click-Time URL Protection to the Symantec Email service. In addition, it helps accelerate your response to targeted and advanced threats with advanced email security analytics that provide the deepest visibility into targeted and advanced attack campaigns. This intelligence includes insights into both clean and malicious emails as well as more Indicators of Compromise (IOCs) than any other vendor, with more than 60 data points such as URLs, file hashes, and targeted attack information.

You can export this data to your Security Operations Center (SOC) to quickly determine the severity and scope of any targeted or advanced attack. Furthermore, you can quickly remediate email attacks by automatically blacklisting IOCs found while hunting threats. Moreover, ETDR reduces the risk of phishing by preparing your users to recognize the latest phishing attacks with built-in security awareness training. Finally, when used alongside Symantec Endpoint Detection and Response and the Symantec Secure Web Gateway family to detect advanced threats, you can automatically correlate events across all control points.

Cloud-Based Sandboxing

ETDR customers can leverage cloud-based sandboxing capabilities to discover and prioritize today’s most complex targeted and advanced attacks. This service uses advanced machine learning, network traffic analysis, and behavior analysis to detect even the most stealthy and persistent threats. In addition, it’s infused with security telemetry from the Symantec Global Intelligence Network, the world’s largest civilian threat intelligence network. The Symantec Global Intelligence Network provides comprehensive visibility into the threat landscape and delivers better security outcomes by collecting and analyzing security telemetry from more than 175 million endpoints, 80 million web proxy users, and 8 billion daily security requests across 157 countries. Our cloud-based sandboxing also provides you the details of malicious files and their execution actions, so that all relevant attack components can be quickly investigated and remediated. Today, many advanced attacks are virtual machine-aware, which means they don’t reveal suspicious behavior when run in typical sandboxing systems. To combat this, we employ techniques to mimic human behavior and execute suspicious files both virtually and on physical hardware to uncover attacks that evade detection by traditional sandboxing technologies.

Threat Detectionimage -1.png