AI and machine learning innovations automate capabilities of Symantec’s investigations team to zero in on the most pressing threats.
Symantec has announced that the powerful threat detection technology used by its own research teams to uncover some of the most notable cyber attacks in history are now available to its Advanced Threat Protection (ATP) customers. The Symantec Targeted Attack Analytics (TAA) technology enables ATP customers to leverage advanced machine learning to automate the discovery of targeted attacks – the most dangerous intrusions in corporate networks.
Targeted attacks represent one of the most dangerous threats to enterprise security today. Yet they are often hidden from view under a mountain of alerts generated by security systems, giving attackers time to gain access to systems and seize valuable data. TAA removes this distraction by identifying truly targeted activity and prioritising it in the form of a highly reliable incident report for the security team.
TAA is the result of an internal joint-effort between Symantec’s Attack Investigation Team, responsible for uncovering Stuxnet, Regin, Lazarus as well as links to SWIFT and WannaCry attacks among others, and a team of Symantec’s top security data scientists on the leading edge of machine learning research. Unlike traditional solutions, TAA takes the process, knowledge and capabilities of the world’s leading security experts and turns it into artificial intelligence, providing companies with elite “virtual analysts,” to allow security experts to devote their limited time and resources to the most critical attacks, instead of spending time sifting through false positives.
“Symantec’s team of cyber analysts has a long history of uncovering the world’s most high-profile cyber-attacks and now their deep understanding of how these attacks unfold can be put to use by our customers without the need to employ a team of researchers,” said Greg Clark, Symantec CEO. “Targeted Attack Analytics uses advanced analytics and machine learning to help shorten the time to discovery on the most targeted and dangerous attacks and to help keep customers and their data safe.”
The TAA technology implements machine learning to analyse a broad range of data, including system and network telemetry from Symantec’s global customer base which forms one of the largest threat data lakes in the world. Symantec’s cloud-based approach to this technology also enables the frequent re-training and updating of analytics to adapt to new attack methods without the need for product updates. This new approach provides ATP customers with automated targeted threat detection, identifying sophisticated attacks where other solutions may fail.
The technology underlying Symantec TAA is the same toolset the company used to uncover Dragonfly 2.0, a major attack that targeted dozens of energy companies in an effort to gain access to operational networks. Since its internal inception, Symantec TAA has detected security incidents at more than 1,400 organisations. As reported in Symantec's Internet Security Threat Report (ISTR), Volume 23, the number of targeted attack groups is on the rise with Symantec now tracking 140 organised groups.
“Up until now, we’ve had the telemetry and data necessary to uncover the warning signs of dangerous targeted attacks but the industry has lacked the technology to analyze and code the data quickly,” said Eric Chien, Technical Director of Symantec Security and Response and Symantec Fellow. “With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action.”
TAA is now available as part of Symantec’s Integrated Cyber Defense Platform for Symantec Advanced Threat Protection (ATP) customers.