Symantec On Automate Security Operations Fix — Evaluate The Cybersecurity Company

Symantec, a division of Broadcom , has repositioned itself as a leader in autonomous security through its . By shifting from traditional manual oversight to an AI-guided model, Symantec aims to reduce the "noise" of security alerts and accelerate response times. Core Automation Capabilities

Here is an interesting guide to evaluating their progress, broken down into five distinct dimensions.

A standout feature of Symantec Endpoint Security Complete is its ability to "predict" an attacker’s next four or five moves with high confidence. This allows the system to disrupt attack chains, such as "Living off the Land" (LotL) attacks, and automatically revert the environment to its normal state.

The evaluation of (a Broadcom Inc. company) reveals a robust ecosystem for automating security operations, particularly through its Integrated Cyber Defense (ICD) platform . This platform unifies endpoint, network, information, and email security to reduce operational complexity. Key Automation Features Symantec, a division of Broadcom , has repositioned

Capabilities like Symantec EDR automate immediate mitigation actions, including isolating infected endpoints, terminating malicious processes, and deleting files.

If you use Symantec Endpoint Security, DLP, Email Security, and Web Security, the automation is stellar. Playbooks can automatically isolate a compromised endpoint, revoke session tokens, and quarantine emails—all within 15–30 seconds . The tight coupling beats piecing together best-of-breed tools.

The "Context"

The drag-and-drop playbook designer is intuitive, with over 300 pre-built actions and connectors to common tools (ServiceNow, Splunk, Jira, etc.). Creating a “phishing response” playbook takes about 20 minutes without coding.

Basic automation is easy, but complex conditional logic, looping, or data transformation requires understanding of Symantec’s proprietary “Automation Language.” There’s no Python/Lua option. Smaller teams without a dedicated SOAR engineer may struggle.

Modern automation relies heavily on identity context. Symantec integrates identity threat detection with its endpoint and cloud security. A standout feature of Symantec Endpoint Security Complete

Automation feeds into a centralized case dashboard. Analysts can see what’s been auto-remediated, what needs review, and run on-demand automations. The Slack/Teams integration for auto-notifications works reliably.

Symantec has long been a titan in endpoint protection (SEP) and DLP. Under Broadcom, the focus shifted toward across its security stack. Their Symantec Security Orchestration, Automation, and Response (SOAR) and Advanced Threat Protection (ATP) promise to reduce mean time to respond (MTTR) by automating triage, investigation, and remediation. Does it deliver? Mostly—but with caveats.