Symantec Content Analysis System Turned into a Powerful File Security Platform via its API

Symantec CAS is a powerful dual AV, Predictive Analysis and Custom Sandbox Environment that provided a powerful API for external systems integrations along with standard ICAP server functions.

Our Client needed a solution to inspect thousands of files exchanged between document management systems part of the documents exchange eco system of the Bulgarian Government.

Each authenticated system was able to exchange documents with any other authenticated system utilizing strict encryption of the communication channel via a custom protocol.

Client systems authentication was certificate based and our client found it impossible to decrypt the custom protocol with a traditional network based inspection solution and analyze file contents for threats. Potential exchange of malicious files was very likely and could lead to a fast proliferation of threats across multiple critical government IT environments.

The Challenge

The Solution

Symantec Content Analysis automatically processes files through AV scanning, and escalates and brokers potential zero-day threats for dynamic sandboxing and validation before sending content to users.

In general we found the solution extremely valuable with its flexibility to add numerous control layers around files including but not limited to serve or block certain file types, policy for scanning files with a particular number of nested archives, serve or block password protected files, block files above specific file size and more.

In this project we utilized CAS powerful API and developed a middleware integration application that was able to receive uploaded files from any document management system and send it for inspection in CAS.

We integrated a complex task management framework in the middleware application which was responsible to provide asynchronous result distribution based on task unique UUIDs allowing simultaneous communication between all clients and fluent result distribution.

The architecture was developed with resiliency in mind and allowed us to apply future updates of the API interface once, in cases of major changes in CAS API specification, while client communication and result responses remained intact.


The Data Loss Prevention
that works

Automated Controls are Key to Managing and Securing Personal Data

View Story


Implementing a Holistic Monitoring Strategy

Your SIEM properly setup is all you need.

View Story


File Integrity Monitoring That Manages the Noise and Highlight the Important Changes

Tripwire FIM Monitors approximately 450 critical assets in one of the most critical Credit Card Production environments in Bulgaria.

View Story