ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CloudSOC features added to Intelligence Service

book

Article ID: 200307

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS Web Security Service - WSS

Issue/Introduction

Announcing new value for Intelligence Services subscribers

 

Symantec is announcing new features for Intelligence Services, allowing subscribers to take advantage of Symantec’s market-leading CloudSOC technology with just their SWG solution. While SWG customers that also have Symantec’s CloudSOC CASB solution have been able to enrich their SWG appliance CloudSOC intelligence, we are extending this functionality to all SWG customers. We recognize the importance of having visibility and control over what applications are being used on your network. Now, with your existing SWG solution, along with your Intelligence Services subscription, users will be able to govern sanctioned applications on their networks. 

 

What are the new features?

 

IT administrators will now have access to intelligence data for over 37,000 applications. This intelligence allows subscribers to not only identify the applications running on their network, but also specific attributes of those applications such as how the application handles data, or what ciphers it uses, even CloudSOC’s Business Readiness Rating. This new intelligence is delivered through your existing Intelligence Services feed, allowing you to implement this technology using your existing SWG solution.

 

Specifically, new functionality includes:

 

  • Empower your SWG with rich cloud app data - Analyze tens of thousands of cloud-based apps, based on dozens of security characteristics, vastly enriching your SWG’s application visibility capabilities.
  • Control of Shadow IT - define policy based on application name or application attributes such as CASB's Business Readiness Rating, or other compliance metadata. 
  • Simplify Deployment -  With your Intelligence Services subscription, use your existing SWG solution stack to take immediate advantage of these new capabilities.

 

Key Features

Intelligence Services: Standard

  • Application Visibility
    • Write SWG based policy on more than 37,000 applications and 250 application groups

 

Intelligence Services: Advanced

  • Application Visibility
    • Write SWG based policy on more than 37,000 applications and 250 application groups
  • Application Attributes
    • Leverage critical security and compliance application metadata to further govern how applications are used on your network

Resolution

Timing:

October 14, 2020

FAQ

Q: Are there any prerequisites to being able to use these new features?

A: To take advantage of these new features, customers will need to have a SWG appliance (ProxySG, ASG, WSS, etc..) and an Intelligence Services subscription (note that WSS includes Intelligence Services: Standard)

 

Q: Do I need a separate SKU to take advantage of these new features?

A: The only SKUs you will need is a current SWG entitlement (Web Security Service or ProxySG) and a subscription for Intelligence Services. 

 

Q: How will the additional intelligence be made available to me?

A: For ProxySG customers, the new application data will be included in their application database - customers may see the database size increase, and new applications and application attributes will be made available after the supported database is made available. For WSS users, they will see the latest applications and attributes available after the feature release date.

 

Q: I have Symantec WebFilter (BCWF) will I be able to take advantage of these new CASB features?

A: No, the CASB feature set will only be available to subscribers of Intelligence Services. 

 

Q: I have an Intelligence Services subscription today, do I need to purchase a different Intelligence Services product?

A: No, ALL Intelligence Services customers will get this CASB functionality; this includes current subscribers, new subscribers, and renewing subscribers. There is a functional difference between the 2 package levels of Intelligence Services. Specifically, Intelligence Services Standard will not be able to take advantage of Application Attributes, along with Threat Risk Levels and GeoIP.

 

Q: Will I be impacted if I don’t want to use this new functionality?

A: For ProxySG customers, they can elect not to enable application downloads. Customer’s currently using the application database will automatically get the new application information. For WSS customers, customers can simply not use application data

 

Q:  I’m a SWG customer who also has CASB; how will this affect me?

A:  SWG customers who are also entitled to CASB will not be impacted by this change, as they were already entitled to this functionality. They will see that the application intelligence feed is entitled to them through 2 different services: their CASB entitlement and their Intelligence Services’ entitlement.

 

Q: I already have a CASB entitlement and am using that feed with my SWG deployment; how will this affect me?

A: There should be no impact to your services; you will continue to be able to use your SWG to write policies or reports for Application Names, Application Attributes, and Application Groups. The only change you will see on your SWG appliance is in the “Licensing” section. Namely, you’ll see that you have multiple “Cloud Application Classification” entitlements in your data feeds

 

Q: If I have a CASB entitlement and am leveraging application intelligence on SWG today, what will happen if my CASB entitlement expires?

A: Apart from your CASB/CloudSOC functionality being impacted, your SWG impact will depend on your intelligence services package; 1 of 2 things could happen:

  • Intelligence Services: Standard; Upon the expiration of the CASB entitlement, your SWG appliance will no longer be licensed to use attributes. Application Groups and Application identification will continue to work as expected. 
  • Intelligence Services: Advanced; from a SWG perspective, there will be no impact. Subscribers will be able to continue to use Application Groups, Names, and Attributes. However, any functionality offered through the CASB/CloudSOC entitlement will no longer work.

 

Q: How does the CASB SWG functionality differ from a full CASB/CloudSOC entitlement?

A: From a SWG perspective, the functionality provided by a CASB/CloudSOC entitlement offers many of the same features as an Intelligence Services Advanced subscription. Namely, the ability to create policies or reports based on application groups, names, or attributes. Beyond the SWG functionality, a CASB/CloudSOC entitlement is going a considerable amount of functionality above the CASB-SWG functionality. Not the least of which is the CloudSOC portal that will have more enriched visibility of the applications being used on your network.

 

Q: How do I see the full list of applications supported?

A: Because of the size of such a list and the fact that the list is in a constant state of evolution, there is no static list available. Customers can see the full list of applications available through SWG tools, such as the visual policy manager. They can also filter on the applications using Application Groups to see the list of applications inside a specific application group.

 

Q: Where can I view application attributes?

A: You can view application attributes from the SWG management console under "Configuration -> Application Classification -> Attributes -> Attribute Lookup" or you can view from the CLI: en -> conf t -> application-attributes using the "view attributes application application-name" command. You can also find the application attributes on sitereview: https://sitereview.symantec.com/#/application-descriptions