Symantec, a division of Broadcom , has repositioned itself as a leader in autonomous security through its . By shifting from traditional manual oversight to an AI-guided model, Symantec aims to reduce the "noise" of security alerts and accelerate response times. Core Automation Capabilities
| Category | Poor | Average | Excellent | | :--- | :--- | :--- | :--- | | | Multiple consoles, manual correlation. | Single pane of glass, separate data silos. | Unified data lake, cross-domain correlation. | | SOAR Flexibility | Vendor lock-in (Symantec only). | REST API access, custom scripting required. | Bi-directional integrations with 3rd parties. | | AI Transparency | "Trust us, it's AI." | Provides confidence scores. | Explains why an alert was auto-closed. | | Speed to Value | 6+ month implementation. | Weeks to configure playbooks. | Out-of-the-box active playbooks on day one. | Symantec, a division of Broadcom , has repositioned
Here is an interesting guide to evaluating their progress, broken down into five distinct dimensions. | Single pane of glass, separate data silos
The built-in machine learning models (powered by the Symantec Intelligence Services cloud) do an excellent job grouping related alerts into incidents and prioritizing them. In testing, false positive noise reduced by ~70% compared to manual tuning. Automated deduplication and severity scoring are genuinely useful. | REST API access, custom scripting required
This is often the most brutal part of the evaluation. Broadcom’s acquisition of Symantec changed the licensing landscape significantly.
: Leverages AI to predict an attacker’s next moves and provides automated containment actions, such as isolating infected devices and deleting malicious files.