Abstract

Broadcom commissioned Tolly to examine the Symantec Security Service Edge portfolio against the industry Security Service Edge framework, with the main focus on documenting how Symantec’s cloud-delivered security offerings map to the core SSE functional categories defined by analysts. The report also highlights areas where Symantec extends beyond the baseline framework, while emphasizing that the portfolio can work with any SD-WAN solution rather than requiring a single-vendor SASE stack.  

The paper explains SSE as the cloud-security portion of the broader Secure Access Service Edge model and uses the industry framework to evaluate Secure Web Gateway, URL threat prevention and classification, advanced content analysis, CASB, Zero Trust Network Access, firewall-as-a-service, remote browser isolation, decryption and SSL inspection, and sensitive data awareness. Tolly concludes that Symantec’s portfolio covers all of these major SSE elements. In the summary table on page 1, Symantec Network Protection is positioned as the primary platform for SWG, URL filtering, malware sandboxing, CASB visibility, ZTNA, FWaaS, remote browser isolation, and encrypted traffic inspection, while Symantec DLP Cloud provides the data loss prevention component.  

A major theme in the report is breadth of function within Symantec Network Protection. Tolly notes that the SWG component acts as the core proxy between users and internet resources and can be deployed on premises or through the cloud, with Symantec Universal Policy Enforcement supporting consistent policy management and migration across both environments. Symantec also provides real-time URL classification across about 80 categories, including 12 security categories, and integrates threat intelligence from managed endpoints into Symantec’s Global Intelligence Network. For advanced threat defense, the platform includes multi-layer content analysis and cloud-based sandboxing to inspect potentially malicious files outside the user environment before delivery.  

The report also highlights application and data controls. Symantec Network Protection can recognize more than 45,000 cloud applications and provides basic CASB visibility and control, while more fine-grained cloud-application controls are available through CloudSOC CASB in Symantec DLP Cloud. ZTNA is described as agentless and appliance-free, with integration to MFA and corporate identity providers. FWaaS enforces TCP and UDP policies based on IP addresses, ports, locations, users, and groups. Remote Browser Isolation and High Risk Isolation allow suspicious sites to execute remotely, with only safe rendered output sent to the user. On the data side, Symantec DLP Cloud integrated with CloudSOC CASB provides protection for data at rest and in motion, with ready-made templates for PII, PCI, and HIPAA plus custom-policy support. Overall, the report presents Symantec SSE as a full-framework, open, and data-aware SSE portfolio with capabilities that extend beyond the core analyst model.