Symantec is releasing its own targeted attack analytics (TAA) tool to existing Symantec Advanced Threat Protection (ATP) customers free of additional charge. It is the same tool that Symantec’s researchers use, and was used to uncover Dragonfly 2.0. Its primary purpose is to uncover stealthy and targeted attacks.
Symantec’s data scientists developed TAA by applying artificial intelligence machine learning to the process, knowledge and capabilities of the firm’s own security experts and researchers. These researchers have a long and successful history of detecting and analyzing global cyber threats. The reasoning behind TAA was to automate the task of analyzing the vast pool of telemetry gathered from the Symantec global customer base with the expertise of its human researchers; that is, to automate those tasks previously performed by human analysts — finding more things, faster, with the help of advanced analytics.
Now made available to customers, TAA analyzes incidents within the network against incidents discovered within one of the largest threat data lakes in the world. Since its inception, TAA has been used by Symantec to detect security incidents at more than 1,400 organizations, and to help track around 140 organized hacking groups.
It functions by uncovering suspicious activity in individual endpoints and collating that information to determine whether individual actions indicate stealthy malicious activity. “Security has changed a lot over the last couple of decades,” commented Eric Chien, distinguished engineer at Symantec, in a blog post. “It used to be a question of defending a single machine and making sure that it was protected. That’s no longer the case.”
This is particularly relevant to today’s stealthy, targeted attacks. With criminals increasingly making use of built-in OS tools in fileless attacks, individual actions on one endpoint need to be analyzed in the context of actions on other systems. Kevin Haley, director of Symantec’s Security Technology and Response Group comments, “You have to bring your security data together because if something is happening in one place and something else is happening in another, by themselves that may not have meaning.”
“Symantec’s team of cyber analysts has a long history of uncovering the world’s most high-profile cyber-attacks and now their deep understanding of how these attacks unfold can be put to use by our customers without the need to employ a team of researchers,” said Greg Clark, Symantec CEO. “Targeted Attack Analytics uses advanced analytics and machine learning to help shorten the time to discovery on the most targeted and dangerous attacks and to help keep customers and their data safe.”
TAA continuously learns from and adapts to the evolving attack methods used by increasingly sophisticated criminals and nation-state actors, and the cloud-based approach enables the frequent re-training and updating of analytics to adapt to the new attack methods without the need for product updates.
“Up until now, we’ve had the telemetry and data necessary to uncover the warning signs of dangerous targeted attacks, but the industry has lacked the technology to analyze and code the data quickly,” said Chien. “With TAA, we’re taking the intelligence generated from our leading research teams and uniting it with the power of advanced machine learning to help customers automatically identify these dangerous threats and take action.”
TAA, says the blog, “merges the best threat hunting talent in the business with machine learning and AI and productizes it, putting in our customers hands, the most sophisticated advance threat detection possible.” It is available now as part of Symantec’s Integrated Cyber Defense Platform for Symantec Advanced Threat Protection (ATP) customers.