Symantec Content & Malware Analysis

We are one of the first users of Symantec Content and Malware Analysis in the region. We've been using the solution since the Bluecoat. This service/product line in fact was a two product Content Analysis (CAS) and Malware Analysis (MAS). Than it has been merged in a single service. It's the part of Bluecoat/Symantec services ecosystem. Main usage is the integration with the proxy servers. I have made several deployments in multiple regions. It works smoothly with proxy servers. It's communicating through the ICAP. High availability and redundancy is set through proxy settings by selecting multiple ICAP servers tab. I don't like to use the load balancer for HA in the setup as the load balancers have negative performance effect on file transmission. File types and conditions are set on the proxy servers than CAS makes the static and heuristics analysis. MAS is used sandboxing and APT. It's very effective in finding out the 0 days and prevents the malwares. Central management is done through the CMS in which enforces the common security standards throughout the organizations. It has a built-in url detection engine using the same service with the bluecoat family. Symantec URL categorization service is marvelous. Using the Symantec Endpoint on the clients completes the ecosystem with full TX sharing.

If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.