SDxCentral
Join Login
SD-WAN 3 5G 6 MEC IoT 3 SDN 5 NFV 7 Containers 5 Cloud 8 Security 6 AI 3 Converged DC 2 SD-Storage 3 NPM/APM 1

Login to SDxCentral

Your login link has been emailed to you.

Or login with your password

Enter Your Password

Forgot your password? Login as a different user?
  • Directory
  • Reports
  • Webinars
  • eBooks
  • eBriefs
  • White Papers
  • Sponsored Content
  • Videos
  • Resources
  • Use Cases
  • Participate

Join SDxCentral and get information tailored to your particular interests everyday.

Join
Sponsored:
Citrix 4 Dell EMC 1 Linux Foundation 10 Lumina OCP OpenStack 11 Palo Alto Networks 1 Riverbed 1 Verizon VMware 9

Symantec Shares Its Own Internal Threat Detection Tools for Targeted Attacks

Symantec Shares Internal Threat Detection Tools With Targeted Attack Analytics
Jessica Lyons Hardcastle
Jessica Lyons HardcastleApril 15, 2018
5:00 pm PT

Symantec’s security researchers uncovered last year’s Dragonfly 2.0 attacks targeting energy companies and the power grid as well as Lazarus hackers’ links to the WannaCry attack in May 2017.

Now the company is making its internal threat detection tools available to businesses with its Targeted Attack Analytics (TAA). The technology comes built in to Symantec’s Advanced Threat Protection (ATP) product; existing ATP customers will automatically get Targeted Attack Analytics in their next product upgrade.

Related Articles

Networking Gets Entangled in Geo-Political Feuds
Networking Gets Entangled in Geo-Political Feuds
Ericsson Hired 500 Engineers for 5G
Ericsson Hired 500 Engineers for 5G
If 5G Is Coming, Why Are Operators Touting 4G Upgrades?
If 5G Is Coming, Why Are Operators Touting 4G Upgrades?
Pivotal Raises $555 Million, Makes New York Stock Exchange Debut
Pivotal Raises $555 Million, Makes New York Stock Exchange Debut
Cloud Foundry Remains Committed Cautious on Kubernetes
Cloud Foundry Remains Committed, Cautious on Kubernetes

TAA uses machine learning to automate the discovery of targeted attacks — these are the most dangerous threats to corporate networks. They are highly sophisticated attacks and difficult to discover, which means they sometimes aren’t found for several months. This gives the attackers plenty of time to gain access to systems, seize data, and cause massive amounts of damage.

Targeted attacks are often hidden from companies beneath a glut of alerts generated by security systems. Symantec’s new product eliminates false positives, identifies real targeted activity, and prioritizes it via an incident report.

Targeted Attacks Increasing

The number of targeted attack groups is growing, with Symantec’s attack investigation team now following 140 of these organized groups, many of whom are state-sponsored actors.

“We’ve taken the knowledge that our advanced attack investigation team has, and we’ve codified that knowledge by pairing that team up with advanced machine learning and artificial intelligence (AI) experts,” said Alejandro Borgia, vice president of product management at Symantec. “These are attacks that often are only discovered after the damage is done. We’ve enabled companies to find these attacks before they inflict damage, to find them automatically, and extract them.”

The company has been using this technology internally since last year. Since then, TAA detected about 1,400 of these targeted attacks, at a rate of about 10 per week, Borgia said, adding that by comparison Symantec blocks billions of attacks on an annual basis.

“With targeted attacks of this nature, finding the initial seed can take months or years, and running the investigation often takes three months or more of manual work,” Borgia said. “We’ve codified that work and automated it so we can do so much more. We would never have been able to scale up and find 10 attacks per week if it wasn’t for this technology.”

Automated Detection and Response

The technology uses machine learning to analyze data including knowledge from the company’s internal investigation team as well as system and network telemetry fed by Symantec’s global customer base. It runs analytics in the cloud, which enables frequent re-training and updating to adapt to new attack methods without customer impact or the need for product updates. It then connects to ATP, where a targeted attack alert appears.

The APT product then automates threat response and remediation.

“It has the capability to remediate any endpoint involved in that targeted attack,” said Adam Bromwich, senior vice president of engineering at Symantec. “It connects directly to the endpoint products and can take action on those endpoints as needed.”

And while companies will initially access the new threat-detection technology via the ATP product, Symantec built it as a backend capability for its integrated cyber defense platform that connects all of the company’s security products. “The technology was architected such that we can connect it through many other products in our portfolio, and we’ll do that over time,” Bromwich said.

Share:

Article Categories:

News

Jessica Lyons Hardcastle

About Jessica Lyons Hardcastle

Jessica is a Senior Editor, covering next-generation data centers, security, and software-defined storage at SDxCentral. She has worked as an editor and reporter for more than 15 years at a number of B2B publications including Environmental Leader, Energy Manager Today, Solar Novus Today and Silicon Valley Business Journal. Jessica is based in the Silicon Valley.

Have a story? Have a News Tip?

Send it to SDxCentral editors as editors@sdxcentral.com.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Join SDxCentral™ to receive exclusive access.

Sign Up Now!

New Report: 2018 Future of the Converged Data Center

2018 Future of the Converged Data Center is available for free download. In this FREE Report, find out why CI and HCI are the hot new platforms in 2018, and understand their relevance to enterprise, cloud and service provider data centers.

About SDxCentral

  • About Us
  • Editorial Team
  • Editorial Calendar
  • Work With Us
  • Careers at SDxCentral
  • Support
  • Legal
  • Contact Us

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

© 2012-2018 SDxCentral, LLC, All Rights Reserved. SDNCentral™, the SDNCentral logo, SDxCentral™, SDxCentral logo, SDxNews™, SDxTech™, SDx™, the SDx logo, and DemoFriday™ are trademarks of SDxCentral, LLC in the U.S. and other countries.

  • Terms of Service
  • Privacy

Please enter your Business Email to view this asset:

We are requesting you provide a valid business, education, non-profit or government email address not from free or temporary email providers or ISPs. If you feel that our filters are incorrectly disallowing your email, please contact us at support@sdxcentral.com.