Symantec Content & Malware Analysis is an application which provides advanced threat detection and threat hunting through advanced machine learning, based on intelligence gathered from ProxySG, threat intelligence services, and other sources.
N/A
Trend Micro Deep Discovery
Score 9.9 out of 10
N/A
Trend Micro Deep Discovery is a family of advanced threat protection products that enables users to detect, analyze, and respond to today’s stealthy, targeted attacks. Deep Discovery blends specialized detection engines, custom sandboxing, and global threat intelligence from the Trend Micro Smart Protection Network, boasting a high detection rate against attacks that are invisible to standard security products. Deployed individually or as an integrated solution, Deep Discovery works with Trend…
If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.
I think Trend Micro Deep Discovery will be suitable for every system, but considering its cost, companies that will want to work in this scenario will usually have systems with multiple branches, multiple clients, and systems that host many independent platforms and communication methods - protocols. In summary, if you have a medium to large structure and you cannot protect this structure because you cannot monitor it in every area, you definitely need this product.
We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.
When you use Trend Micro Deep Discovery, it feels like you are running the SOC team of a company like Trend Micro in your own office. Other companies can also provide this, but the feeling it gives feels like they are providing service by phone from a distant city.
As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed.
Getting full visibility at file trajectory level
As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats.
Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers.
A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost.