Symantec Targeted Attack Analytics Enables Customers to Uncover the Most Sophisticated and Dangerous Cyber Attacks
AI and machine learning innovations automate capabilities of Symantec’s world-class investigations team to zero in on
most pressing threats
Auckland, New Zealand – 16 April 2018 – Symantec (Nasdaq: SYMC), the world's leading cyber security company, announced today that the powerful threat detection
technology used by its own world-class research teams to uncover some of the most notable cyber-attacks in history are
now available to its Advanced Threat Protection (ATP) customers. The Symantec Targeted Attack Analytics (TAA) technology
enables ATP customers to leverage advanced machine learning to automate the discovery of targeted attacks – the most
dangerous intrusions in corporate networks.
Targeted attacks represent one of the most dangerous threats to enterprise security today. Yet they are often hidden
from view under a mountain of alerts generated by security systems, giving attackers time to gain access to systems and
seize valuable data. TAA removes this distraction by identifying truly targeted activity and prioritising it in the form
of a highly reliable incident report for the security team.
TAA is the result of an internal joint effort between Symantec’s Attack Investigation Team, responsible for uncovering Stuxnet, Regin, Lazarus as well as links to SWIFT and WannaCry attacks among others, and a team of Symantec’s top security data
scientists on the leading edge of machine learning research. Unlike traditional solutions, TAA takes the process,
knowledge and capabilities of the world’s leading security experts and turns it into artificial intelligence, providing
companies with elite ‘virtual analysts,’ to allow security experts devote their limited time and resources to the most
critical attacks, instead of spending time sifting through false positives.
“Symantec’s team of cyber analysts has a long history of uncovering the world’s most high-profile cyber-attacks and now
their deep understanding of how these attacks unfold can be put to use by our customers without the need to employ a
team of researchers,” said Greg Clark, Symantec CEO. “Targeted Attack Analytics uses advanced analytics and machine
learning to help shorten the time to discovery on the most targeted and dangerous attacks and to help keep customers and
their data safe.”
The TAA technology implements machine learning to analyse a broad range of data, including system and network telemetry
fed by threat telemetry from Symantec’s global customer base which forms one of the largest threat data lakes in the
world. Symantec’s cloud-based approach to this technology also enables the frequent re-training and updating of
analytics to adapt to new attack methods without the need for product updates. This new approach provides ATP customers
with automated targeted threat detection, identifying sophisticated attacks where other solutions may fail.
The technology underlying Symantec TAA is the same toolset the company used to uncover Dragonfly 2.0, a major attack that targeted dozens of energy companies in an effort to gain access to operational networks. Since its
internal inception, Symantec TAA has detected security incidents at more than 1,400 organisations. As reported in
Symantec's Internet Security Threat Report (ISTR), Volume 23, the number of targeted attack groups is on the rise with Symantec now tracking 140 organised groups.
“Up until now, we’ve had the telemetry and data necessary to uncover the warning signs of dangerous targeted attacks but
the industry has lacked the technology to analyse and code the data quickly,” said Eric Chien, Technical Director of
Symantec Security and Response and Symantec Fellow. “With TAA, we’re taking the intelligence generated from our leading
research teams and uniting it with the power of advanced machine learning to help customers automatically identify these
dangerous threats and take action.”
TAA is now available as part of Symantec’s Integrated Cyber Defense Platform for Symantec Advanced Threat Protection (ATP) customers.