- Combining threat data results in 500,000 additional attacks being blocked for Symantec customers every day.
- Two new attack campaigns uncovered by unifying intelligence, including a China-based attack that many considered dormant.
- Innovative new anti-phishing technology powering Symantec security products has exposed 137,000 new phishing campaigns.
MOUNTAIN VIEW, Calif., Oct. 26, 2016 – Symantec Corp (NASDAQ:SYMC), the world’s leading cyber security company, today reported significant enhancements to its threat intelligence capabilities made uniquely possible by integrating Symantec and Blue Coat’s security telemetry and applying the brute data-crunching force of artificial intelligence that is needed when analyzing numbers reaching into the trillions. Symantec and Blue Coat together have the broadest and deepest set of threat intelligence in the industry. Combined, the companies leverage more than nine trillion elements of security data, providing unparalleled visibility and protection for Symantec customers across their entire environments. Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million web proxy users, and processes nearly eight billion security requests across these products every day. This level of visibility across endpoint, email, and web traffic allows Symantec to discover and block targeted attacks that would be otherwise undetectable from any one control point.
“Symantec research teams have unparalleled visibility into the entire threat landscape, including the most advanced attacks, and Blue Coat researchers have been categorizing, mapping, and fingerprinting the Internet with a view into the darkest parts of the web and malware trade craft,” said Greg Clark, CEO of Symantec. “By fast-tracking the integration of the threat intelligence capabilities from Symantec and Blue Coat, Symantec products are now blocking 500,000 additional attacks per day for our endpoint, email, and web security customers. Drawing out those kinds of results from data is only possible by using artificial intelligence, which gives our threat researchers a vastly augmented ability to spot attacks earlier than anyone else.”
This integration provides the foundation for Symantec’s Integrated Cyber Defense Platform, which allows Symantec products to share threat intelligence and improve security outcomes for customers across all control points. Symantec is the only vendor to connect endpoint, email, and web protection across a single integrated intelligence platform.
“The fragmentation that exists amongst threat intelligence solutions continues to have a negative impact on organizations across all industries,” said Jon Oltsik, Senior Principal Analyst at the Enterprise Strategy Group. “In today’s threat landscape, an integrated solution that combines security intelligence and detection engines, helps organizations stay ahead of advanced threats.”
In a short time, the combined Symantec-Blue Coat threat telemetry has led to a series of significant protection improvements as well as discoveries of new attack campaigns. Examples include:
- Improved Protection from Sharing Threat Telemetry
Symantec and Blue Coat products are now automatically exchanging millions of malicious files and URL threat indicators daily. For example, when a ProxySG web gateway installation at any customer site uncovers a brand new malicious file or URL, this telemetry is shared via the cloud with every Symantec Endpoint Protection and Norton Security deployment, thereby providing this same protection for all Symantec Endpoint Protection and Norton customers. Similarly, when an installation of Symantec Endpoint Protection or Norton Security discovers a new malicious file or URL, this intelligence is shared with all ProxySG installations, so that those customers can immediately benefit from the discovery of this new threat. This telemetry-sharing system is fully operational and has resulted in Symantec products blocking 500,000 additional attacks every day for endpoint, email, and web security customers.
- New Cyber Espionage Campaign Discovered
After the cyberespionage agreement between the U.S. and China was signed in September 2015, it was believed that the China-based cyberespionage group Buckeye had largely stopped their attack operations. Only through the combined threat intelligence of Symantec and Blue Coat did Symantec determine that the Buckeye group was still highly active, and had set their sights on a new target – Hong Kong political organizations. Symantec’s combined teams uncovered new spear-phishing emails targeting 13 political entities in Hong Kong leading up to the Hong Kong elections. These discoveries have allowed Symantec to enhance its protection capabilities against the Buckeye group’s campaigns, while also alerting customers to the re-emergence of this attack organization.
- Sophisticated Financial Heists Revealed
Symantec and Blue Coat’s combined telemetry led to the revelation that, since January 2016, a series of campaigns involving malware called Trojan.Odinaff have targeted roughly 100 financial institutions worldwide, including investment brokerage houses, consumer banks, and ATM networks. The Odinaff attack is unusual in that once attackers infiltrate a victim’s financial institution, they spend time learning about the exact capabilities of the target organization, e.g., trading platforms, money wire capabilities, ATM networks, etc. Then the attackers execute an attack plan leveraging the specific capabilities of the compromised organization, for example, withdrawing funds, making trades, or transferring money via the SWIFT wire transfer system. To date, the Odinaff attack group has stolen millions of dollars from victim institutions.
- Changing the Game on Anti-phishing
To combat the increased threat to enterprises and consumers from phishing emails, Symantec has developed an innovative technology that analyzes new websites in real time by comparing them to screenshots of known phishing sites. Leveraging machine learning and advanced image analysis, the technology is applied to more than 1.2 billion web requests each day and has uncovered 137,000 new phishing campaigns since its release. New phishing sites identified by this system are now being blocked across Symantec’s endpoint, email, and web security product portfolio.