Symantec Network Forensics: Security Analytics

Get complete security visibility, advanced network forensic analysis, and real-time threat detection with enriched, full-packet capture

Read the Brief Learn More

Security Analytics 8.1: Now Available

What’s New in Security Analytics 8.1

Symantec Security Analytics 8.1 is now available, adding new capabilities to Symantec’s powerful network traffic analysis and forensics solution. Enhancements include: added support for deployment in Microsoft Azure, Session View for easy evidence discovery, Intelligent Capture, ICDx integration, Dynamic Storage Expansion, Splunk>Phantom integration, Threat Explorer Pivot integration, and a new Dark Theme UI to better align with SOC preferences.

Security Analytics 8.1 Additions:

  • Session View – Quickly get details of all network flows
  • Intelligent Capture – Only retain packets deemed necessary for long-term storage and optimize available storage
  • Dynamic Storage Expansion – Add storage without reinstalling software or destroying already captured packets and metadata
  • Integrated Cyber Defense Exchange (ICDx) Integration – Automatically share event metadata to ICDx for further analysis or to execute security and remediation actions
  • Splunk>Phantom Integration – Automate the orchestration of defined plays for further data enrichment or remediation
  • Threat Explorer Pivot Integration – Pivot from artifacts to Threat Explorer for detailed reputation on URLs, IP addresses and files
  • Dark Theme UI – Dark theme option supports SOC teams’ preferences for more comfortable, extended viewing time

Comprehensive Network Traffic Analysis and Forensics to Expose the Source and Scope of Any Attack

Like a security camera or DVR for your network.

Symantec Security Analytics delivers enriched, full-packet capture for full network security visibility, advanced network forensics, anomaly detection, and real-time content inspection for all network traffic. Armed with this detailed record, you can conduct forensic investigations, respond quickly to incidents, and resolve breaches in a fraction of the time you would spend with conventional processes. Security Analytics is an advanced network traffic analysis and forensic tool enabling you to:

  • Thoroughly analyze all network traffic
  • See the full source and scope of cyber attacks and respond faster
  • Arm incident response teams with clear, concise answers and forensic evidence
  • Use unrivaled data enrichment and cyber threat intelligence
  • Add context to existing security tools
  • Integrate with Symantec solutions to extend investigations across network, endpoint and email

Know Your Security Risks at the Push of a Button

Get advanced network traffic analysis and forensics to see what's happening on your network.

Simply deploy Security Analytics appliance or virtual appliance on your network and capture traffic. Let it run for a few days, then push a button and generate a comprehensive PDF report that covers full network traffic analysis and critical areas including:

  • Predicted file count hidden in encrypted traffic
  • The amount of encrypted traffic crossing your network
  • Risky applications on the network
  • Anomalous network behavior based on a benchmark of your actual traffic
  • An executive summary to share with security team or management so you can prioritize activities

Four Years in a Row Symantec Selected as the Top Leader in Radicati's APT Protection Market Quadrant 2019 report

The Radicati group views the Advanced Persistent Threat (APT) Protection market as a set of integrated solutions for the detection, prevention and possible remediation of zero-day threats and persistent malicious attacks. Once again, Symantec Security Analytics plays a critical role in Symantec's being selected as the Top Leader in their 2019 report.

Go Beyond Manual Forensics and Packet Capture

Transform manual forensic data analysis into advanced network traffic analysis and automated incident response.

With a fully enriched "system of record," your incident response teams will reduce time to resolution and answer the what, when, and how of any security incident. Find answers through comprehensive network traffic analysis and forensic evidence, including root-cause exploration, deep packet inspection, integrated reputation services and data enrichment, and advanced context-based reporting on malicious activity.

  • Enrich all traffic data with the latest cyber threat intelligence
  • Rely on multiple reputation sources
  • Perform sophisticated anomaly detection
  • Scan SCADA protocols
  • Extract and broker only truly unknown files for sandbox analysis to save resources

Threat Hunting: A Proactive Approach to Forensic Investigation and Cybersecurity

Why react when you can act?

With Symantec Security Analytics, your IT security team gets forensic tools and traffic analysis to proactively search for potential hidden threats and potential gaps across your network, endpoint and servers, to identify and remove advanced threats before they can launch an attack.

  • Expose the source and scope of a developing attack with unrivalled data enrichment and threat intelligence
  • Uncover hidden threats in encrypted traffic when deployed with Symantec SSL Visibility
  • Reduce time-to-resolution with sophisticated anomaly detection and advanced network forensics
  • What's the difference between Incident Response and Threat Hunting? Read the blog.

Uncover Security Threats Hiding in Encrypted Traffic

Gain total visibility into network traffic by deploying with Symantec SSL Visibility.

Use Symantec Security Analytics to enable meticulous network forensics and monitoring across all network traffic, thousands of applications, dozens of file transports, all flows, and all packets—including encrypted traffic when deployed with Symantec SSL Visibility. Gain total forensic data analysis of your network traffic with actionable intelligence so you can quickly shut down exposure and mitigate ongoing risk.

  • Conduct complete network traffic analysis, even on encrypted data
  • See detailed insights from all forensic captures
  • Establish policies to selectively decrypt SSL traffic
  • Share encrypted traffic insight with your security applications

Symantec Blogs

Discover Our Community

View the latest product discussions in our forums.

Need help?

Technical support and more.

Related Products and Services

Data Sheets

Security Analytics Software

Gain the visibility, analytics, real-time threat intelligence, and system of record you need to uncover and stop advanced threats.

Security Analytics Appliance

Get complete network visibility and forensics out of the box to run full retrospective analysis and react to issues in real time.

Security Analytics Virtual Appliance

Get visibility and retrospective analysis into your traffic with full capture and replay, classification, anomaly detection, and inspection.

White Papers

Security Analytics – A Cornerstone of Effective Security Incident Response

Understand why security analytics is the cornerstone of incident response.

The Value of Enhancing Information Security and Incident Response with Automated Anomaly Detection

Learn about the value of improving information security and incident response with automated anomaly detection.

Solution Briefs

Extend Visibility and Forensics to the Cloud

Seamless security intelligence and network forensics for modern hybrid environments - on-prem and in the cloud - with Security Analytics and Ixia CloudLens

Security Analytics

See, understand, and swiftly respond to advanced threats.

Moving Beyond Check-Box Compliance to Truly Effective Security

Effective security supports compliance but also provides total network visibility to prevent attacks and swiftly respond to incidents.


Analyst Market Leadership Award

Security Analytics is recognized by Frost and Sullivan for Network Security Forensics Market Leadership.

A Proactive Approach to Incident Response

Is your organization operating at a Manual Forensics, Basic Forensics, or Proactive Incident Response capacity? Read the SANS paper and see what you can do to improve.

Radicati APT Protection Market Quadrant 2019

Security Analytics plays an important role in Symantec's "Top Player" recognition

Other Resources

Security Analytics Integration Partners

Integrate with leading NGFW, IPS, SIEM, Sandboxing and EDR solutions to gain actionable intelligence with detailed forensic evidence.

Threat Hunting – Be Proactive to Be Protected

What's the difference between Incident Response and Threat Hunting? Read the blog.

Customer Success


Rackspace Turns Traditional Incident Response into "Proactive Hunting"


Jefferies - Compliance Without Constraint

Government Defense Contractor

Major Government Defense Contractor Speeds Incident Response with Symantec


Legal Information

Learn more about legal terms, policies and notices.

License and Service Terms & Repository