In February 2014, the Commerce Department's National Institute of Standards and Technology (NIST) created the Framework for Improving Critical Infrastructure Cybersecurity 1.0 (the "Framework"). The Framework was designed to help organizations plan for and address cybersecurity threats.
Table: Cybersecurity core functions describes how Symantec Advanced Threat Protection (ATP) can help your organization with cybersecurity preparedness, detection, and response.
Table: Cybersecurity core functions
Perform an internal assessment of your organization to identify your potential risks and security goals. Develop a risk management strategy based on your business needs.
ATP's network control point analyzes incoming data streams while they travel through the network. ATP uses this information to create events and generate incidents to help you find potential threats in your environment. When you configure ATP to use the inline block operation mode, ATP blocks access to the files and external computers that it detects are malicious. You can further control the files and websites that ATP blocks or doesn't block through Blacklist and Whitelist policies.
ATP may be unable to block 100% of malicious detections, such FTP file downloads.
When you integrate the ATP network control point with Symantec Endpoint Protection and Email Security.cloud, the Synapse cloud service can correlate events from each product to give you a comprehensive picture of threats to your network, endpoints, and email system.
ATP shows the threats that it detects on the Dashboard and in the Incident Manager. You can also view all the events that have occurred in your organization chronically.
Use ATP to search for indicators of compromise (IOC) and to find artifacts. ATP can search for these items in the ATP database and on your endpoints. If you enable the endpoint data recorder, it can also search within the endpoint's data recorder.
ATP provides the one-click containment and remediation capability that works across endpoints, network, and email control points. For example, you can delete a malicious file from an endpoint or isolate a breached endpoint.