UPDATED 20:00 EST / APRIL 15 2018

INFRA

Symantec seeks out targeted attacks with AI-based threat detection tool

Cybersecurity specialist Symantec Corp. says it’s targeting “targeted attacks” on enterprises with the launch of a new threat detection tool that was used to uncover some of the most infamous cyberattacks in history.

Symantec’s new Targeted Attack Analytics tool was created by the company’s Attack Investigation team, which used the technology to uncover malware attacks such as the Stuxnet bug that was responsible for causing substantial damage to Iran’s nuclear program. The same team also helped to uncover the Regin malware, which is said to have been used by the U.S. National Security Agency to attack computer systems in countries such as Russia and Saudi Arabia for gathering intelligence.

Symantec defines targeted attacks as those directed at a specific target or targets as opposed to widescale indiscriminate campaigns. “The primary motivation is intelligence gathering, sabotage, or financial. Broadly speaking they correspond to espionage,” said Adam Bromwich, senior vice president of Security Technology and Response at Symantec. “While these are the main disruptors, we have also observed these lines blur with private operators entering the picture and groups branching outside of espionage.”

TAA is powered by new artificial intelligence and machine learning capabilities that leverage the “human intelligence” of Symantec’s cybersecurity experts, Symantec said. That allows TAA to provide what the company calls “virtual analysts” to enterprises so they can focus on the most critical threats to their systems, eliminating time wasted on “false positives.”

Symantec says that targeted attacks are the most dangerous threat to enterprises today as they’re often hidden from view under a mountain of alerts generated by security systems. This is a problem, the company said, because it gives attackers all the time they need to gain access to corporate system and steal data. TAA helps to uncover such attacks by identifying targeted activity and making it known to security teams via incident reports.

“Symantec’s team of cyber analysts has a long history of uncovering the world’s most high-profile cyberattacks and now their deep understanding of how these attacks unfold can be put to use by our customers without the need to employ a team of researchers,” said Greg Clark, chief executive officer at Symantec. “Targeted Attack Analytics uses advances analytics and machine learning to shorten the time to discovery on the most targeted and dangerous attacks to keep customers and their data safe.”

The company said TAA uses machine learning models to analyze things such as network and system telemetry, comparing this activity with “one of the largest threat data lakes in the world.” TAA is also frequently retrained as more threat data comes available, allowing it to identify the most recent attack methods identified by Symantec’s researchers.

STAA recently uncovered a critical bug known as Dragonfly 2.0, which is malware that’s been used to target “dozens of energy companies” to gain access to their networks, according to Symantec.

“Up until now, we’ve had the telemetry and data necessary to uncover the warning signs of dangerous targeted attacks but the industry has lacked the technology to analyze and code the data quickly,” said Eric Chien, technical director of Symantec Security and Response and a Symantec fellow. “With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats themselves and take action.”

Symantec said TAA is generally available now as part of its cloud-based Integrated Cyber Defense Platform.

Image: Andrew Gustar/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU