Evaluate The Cybersecurity Company Symantec On — Security Operations Automation [2021]

However, For an enterprise heavily invested in the Broadcom/Symantec ecosystem—one that prioritizes automated containment of malware and phishing over cross-platform orchestration—Symantec delivers robust value. The company’s post-Broadcom strategy appears to prioritize reliability and low-latency response on its own agents over open orchestration. Therefore, the ideal deployment is not Symantec as the SOA platform, but rather Symantec as a high-fidelity data source and automated actuator within a larger, more open SOAR platform. In the race to fully autonomous SOCs, Symantec is a powerful engine, but not yet the driver.

To contextualize Symantec, consider the MITRE ATT&CK evaluations for SOC assessment. Symantec’s SES has performed well in detection, but its automated response has largely been limited to its own agent. In contrast, Microsoft Sentinel’s automation rules or Palo Alto’s XSOAR offer hundreds of pre-built, low-code integration connectors. A 2023 Gartner Magic Quadrant for SOAR notably did not list Symantec/Broadcom as a Leader or even a Visionary, placing them effectively as a niche player whose automation is an adjunct to endpoint protection rather than a standalone SOA solution. However, For an enterprise heavily invested in the

Evaluating Symantec on security operations automation yields a nuanced verdict. It is not a market leader in holistic SOA or SOAR. Organizations seeking a central nervous system to orchestrate a diverse tech stack should look elsewhere. In the race to fully autonomous SOCs, Symantec

Introduction In the modern cybersecurity landscape, the volume of alerts has outpaced the capacity of human analysts, a phenomenon often termed “alert fatigue.” Consequently, Security Operations Automation (SOA)—the use of technology to automatically triage, investigate, and remediate threats—has shifted from a luxury to a necessity. Symantec, a long-standing titan in enterprise security (now a division of Broadcom), presents a complex case study. While historically renowned for its endpoint protection and DLP, an evaluation of Symantec’s current posture on SOA reveals a company with robust, deep-seated automation capabilities in specific domains (endpoint and email) but notable limitations in platform openness and native SOAR (Security Orchestration, Automation, and Response) maturity compared to pure-play innovators like Palo Alto Networks (Cortex) or Splunk. In contrast, Microsoft Sentinel’s automation rules or Palo

A crucial evaluation metric is whether automation reduces burnout. Symantec’s ICDM dashboard provides a unified incident view, and its “automated playbooks” for common threats (ransomware, BEC) are pre-configured. However, the lack of a visual playbook builder (a low-code drag-and-drop interface, which is standard in XSOAR or Splunk Phantom) means that customizing automation requires scripting or Symantec Professional Services. This increases the barrier to entry for mid-sized SOC teams, limiting their ability to adapt automation to unique internal processes.