Targeted attacks often pose the greatest threats to organizations, but a deluge of security alerts usually distracts the attention of security teams and limit their capacity to zero in on high-level risks in real time. Symantec aims to address that by opening its threat detection system to customer use.
The Symantec Targeted Attack Analytics tool uses the power of machine learning to automatically discover targeted attacks against corporate networks. The technology behind this tool has been used by Symantec's research teams to expose a number of high-profile cyber attacks in recent times, including Dragonfly 2.0 which targeted several energy companies last year to infiltrate their operational networks. The threat detection tool was born out of a collaboration between Symantec's security data scientists and a team of attack investigators that uncovered the Stuxnet, Regin, Lazarus attacks as well as links to the SWIFT and WannaCry ransomware.
Greg Clark, Symantec CEO, said:
Symantec’s team of cyber analysts has a long history of uncovering the world’s most high-profile cyber-attacks and now their deep understanding of how these attacks unfold can be put to use by our customers without the need to employ a team of researchers.
Targeted Attack Analytics uses advanced analytics and machine learning to help shorten the time to discovery on the most targeted and dangerous attacks and to help keep customers and their data safe.
Symantec's Targeted Attack Analytics works to analyze huge volumes of data comprising the system and network telemetry from the security vendor's global customer base. The analytics system also keeps learning and adapting constantly to new attack methods even with no updates from Symantec, thanks to the company's cloud-based approach.
Eric Chien, technical director of Symantec Security and Response and Symantec Fellow, added:
Up until now, we’ve had the telemetry and data necessary to uncover the warning signs of dangerous targeted attacks but the industry has lacked the technology to analyze and code the data quickly. With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action.
Symantec noted that since the very beginning the analytics tool has helped the company unearth security incidents at more than 1,400 organizations, with the Mountain View-based software firm now monitoring 140 organized groups.