Symantec uses machine learning to detect targeted attacks
Cybersecurity company Symantec announced it has made a threat detection technology used internally to detect targeted attacks available to its Advanced Threat Protection (ATP) customers.
Targeted attacks are one the biggest cybersecurity threats facing organizations. They can be difficult to view on account of being buried under alerts generated by security systems, which often distract security teams and restrict their ability to narrow in on advanced threats in real-time. Consequently, Symantec decided to make its threat detection system accessible to its customers.
The company’s Targeted Attack Analytics (TAA) technology enables ATP customers to leverage machine learning to automate the discovery of targeted attacks. With machine learning, a broad range of data can be analyzed, including system and network telemetry from Symantec’s global customer base. According to the company, this cloud-based approach enables the frequent re-training and updating of analytics to adapt to new attack methods without requiring product updates.
“Symantec’s team of cyber analysts has a long history of uncovering the world’s most high-profile cyber-attacks and now their deep understanding of how these attacks unfold can be put to use by our customers without the need to employ a team of researchers,” said Symantec CEO Greg Clark. “Targeted Attack Analytics uses advanced analytics and machine learning to help shorten the time to discovery on the most targeted and dangerous attacks and to help keep customers and their data safe.”
The company said the technology behind TAA is the same tool set it used to uncover Dragonfly 2.0, a cybersecurity attack in which hackers targeted dozens of energy companies during the spring and summer of last year. The company said TAA is the result of an internal joint-effort between Symantec’s Attack Investigation Team responsible for uncovering Stuxnet, Regin, Lazarus as well as links to SWIFT and WannaCry attacks, and the company’s security data scientists working on machine learning research. TAA is currently available as part of the company’s Integrated Cyber Defense Platform for Symantec ATP customers.
“Up until now, we’ve had the telemetry and data necessary to uncover the warning signs of dangerous targeted attacks but the industry has lacked the technology to analyze and code the data quickly,” said Technical Director of Symantec Security Eric Chien. “With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action.”