skip to main content


ICDx is a platform that enables enterprises to collect, aggregate, normalize, correlate and analyze alerts and events both from Symantec and third-party security tools deployed across their infrastructure.


  • Platform plays are largely the preserve of major players in the security industry with a broad portfolio of tools and a large customer base.

Features and Benefits

  • Explains the purpose of platform plays, what benefits they should bring to customers, and how they will favor the prospects of the companies developing them.
  • Describes how Symantec's ICDx platform works.

Key questions answered

  • What is the purpose of an API for a platform play?
  • Does ICDx already have a partner ecosystem?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for enterprises
  • Recommendations for vendors

Platforms address infrastructure heterogeneity

  • Silos of discrete security tooling are now commonplace
  • Platforms address the challenge of silos
  • Platforms coexist with SIEMs or could replace them

ICDx began as a nexus for Symantec products

  • Blue Coat’s partner list boosted the platform initiative
  • APIs enable heterogeneous reporting into platforms

ICDx now supports heterogeneous environments

  • A partner ecosystem enables third-party integrations with ICDx
  • ICDx includes Events, Actions, and Threat Intelligence pillars


  • Author