Skip to main content
TrustRadius
Symantec Content & Malware Analysis

Symantec Content & Malware Analysis

Overview

What is Symantec Content & Malware Analysis?

Symantec Content & Malware Analysis is an application which provides advanced threat detection and threat hunting through advanced machine learning, based on intelligence gathered from ProxySG, threat intelligence services, and other sources.

Read more
Recent Reviews
Read all reviews
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Symantec Content & Malware Analysis?

Symantec Content & Malware Analysis is an application which provides advanced threat detection and threat hunting through advanced machine learning, based on intelligence gathered from ProxySG, threat intelligence services, and other sources.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

4 people also want pricing

Alternatives Pricing

What is Sumo Logic?

Sumo Logic is a log management offering from the San Francisco based company of the same name.

What is EclecticIQ Platform?

EclecticIQ Platform is an analyst-centric Threat Intelligence Platform (TIP). The vendor says it is optimized for the collection of intelligence data from open sources, commercial suppliers and industry partnerships into a single collaborative analyst workbench. EclecticIQ Platform aims to…

Return to navigation

Product Details

What is Symantec Content & Malware Analysis?

Symantec Content & Malware Analysis Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(7)

Reviews

(1-1 of 1)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
We are one of the first users of Symantec Content and Malware Analysis in the region. We've been using the solution since the Bluecoat. This service/product line in fact was a two product Content Analysis (CAS) and Malware Analysis (MAS). Than it has been merged in a single service. It's the part of Bluecoat/Symantec services ecosystem. Main usage is the integration with the proxy servers. I have made several deployments in multiple regions. It works smoothly with proxy servers. It's communicating through the ICAP. High availability and redundancy is set through proxy settings by selecting multiple ICAP servers tab. I don't like to use the load balancer for HA in the setup as the load balancers have negative performance effect on file transmission. File types and conditions are set on the proxy servers than CAS makes the static and heuristics analysis. MAS is used sandboxing and APT. It's very effective in finding out the 0 days and prevents the malwares. Central management is done through the CMS in which enforces the common security standards throughout the organizations. It has a built-in url detection engine using the same service with the bluecoat family. Symantec URL categorization service is marvelous. Using the Symantec Endpoint on the clients completes the ecosystem with full TX sharing.
  • 0 day detection and prevenion
  • Flawless integration with Symantec Ecosystem
  • Integration with other vendors supporting ICAP is also working
  • Custom and golden image support
  • High performance on busy environments
  • Many threats are already detected and prevented through the CAS, it improves the performance drastically.
  • Already builtin virustotal integration
  • Reference to updates and updates information where I can see the product/service detecting which APTs
  • Multiple Antivirus engines which you can select/subscribe
  • Manual submission of file is supported through the gui
  • URL manual submission is also supported
  • API support is lacking
  • Symantec/Broadcom security vision in general
  • Symantec support is not perfect
  • You can't run the product as a standalone network device
  • No packet capture capabiliy or work in span mode
  • You need a dedicated hardware to make it run
  • You need to buy
If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.
  • Flawless Integration with Bluecoat -Symantec proxy servers
  • Additional and flexible choice of different antivrus providers, like we have Mcafee at the front, than Karpersky and than the Sophos on CAS for static analysis.
  • Manual submission support for sandboxing. I don't need to pay for additional solution just for manual submission.
  • Already integrated with Bluecoat webpulse environment for analysis
  • Ability to customize and select the sandbox images
  • 0-day and APT risk is covered by the SCMA
  • As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed.
  • Getting full visibility at file trajectory level
  • As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats.
  • Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers.
  • A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost.
We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.
FortiAnalyzer, FortiInsight, CrowdStrike Falcon Endpoint Protection, Splunk Enterprise Security (ES), Forcepoint Web Security, Forcepoint URL Filtering, Palo Alto Networks Threat Protection, Check Point Harmony Endpoint Security (formerly Sandblast Agent)
Return to navigation