Full Report
How two pioneering cybersecurity legacies continue to redefine cybersecurity for all
Analysis Summary
# Main Topic
The integration of Symantec and Carbon Black under Broadcom's Enterprise Security Group to redefine and deliver comprehensive, market-leading cybersecurity solutions, specifically focusing on democratizing enterprise-grade security for organizations of all sizes, including Small to Medium-sized Businesses (SMBs).
## Key Points
- The unification leverages the historical legacies of Symantec (pioneering in DLP, SWG, CASB) and Carbon Black (pioneering in positive security models and EDR).
- The combined portfolio aims to avoid offering mediocre, all-in-one solutions, instead providing market-leading, specialized products tailored to specific price points and pain points.
- Symantec focuses on endpoint, data, and network protection *at scale*.
- Carbon Black Cloud provides leading endpoint security optimized for *smaller organizations*.
- There is an increased focus on defending SMBs, who are becoming common targets due to the accessibility of modern threat tools (e.g., ransomware kits).
- A new Catalyst Partner program has been launched to assist organizations globally in implementing and operationalizing these combined solutions.
## Threat Actors
- **General Advanced Attackers:** Not tied to a specific named entity, but the report notes that advanced attackers are utilizing "Easy-to-access ransomware kits and expert threat actor services," which enables less experienced attackers.
- **Motivation:** Financial gain (implied via mention of ransomware kits).
## TTPs
- **Endpoint Compromise:** Sophisticated threats requiring proactive defense mechanisms like EDR.
- **Ransomware Delivery:** Use of readily available ransomware kits by opportunistic threat actors.
- **Security Model Shift:** Underlying defense philosophy contrasts traditional "negative" security with Carbon Black's foundational "positive security model" (default deny concept).
## Affected Systems
- **Target Landscape:** All organizations, with a specific call-out to **Small to Medium-sized Businesses (SMBs)** becoming increasingly targeted.
- **Security Domains Addressed:**
- Endpoint Security (EDR, Application Control)
- Cloud Security (ZTNA, CASB)
- Data Security (DLP on-premise and cloud)
- Network Security (Web isolation, advanced threat detection)
## Mitigations
- **Adoption of Comprehensive Portfolios:** Implementing wall-to-wall security provided by the combined Symantec/Carbon Black offerings.
- **Endpoint Protection:** Utilizing EDR and Application Control, including implementing a "default/deny" posture (Carbon Black App Control).
- **Modern Access Control:** Implementing Zero Trust Network Access (ZTNA).
- **Data Protection:** Deploying Data Loss Prevention (DLP) solutions.
- **Partner Alignment:** Engaging the Catalyst Partner program for expert guidance and regional support in deployment and risk reduction.
## Conclusion
The strategy focuses on merging deep, legacy security expertise (Symantec) with modern, proactive endpoint defense capabilities (Carbon Black) to create a robust, multi-faceted security architecture. The key takeaway for the threat landscape is the critical need for SMBs to adopt enterprise-grade protection due to the increased frequency of attacks leveraging accessible toolsets. Organizations should prioritize implementing EDR/App Control and ZTNA solutions supported by expert partners.