Symantec Lays Out Advanced Threat Protection Roadmap

"If you go back in time five years and you look at what was terrifying people in security, it was that data had a transfer price," says Brian Dye, senior vice president of Symantec Information Security. "Organized crime had a reason to go after that data."

And it did, in a big way, building out a whole black hat ecosystem dedicated to extracting data and getting it into the hands of buyers, with specialized skill sets and a training path for gifted individuals.

"If you understand what the bad guys are going after, you can do things totally differently." -- Brian Dye, Symantec Information Security

"What scares me now is that five years later, those organizations are going concerns," Dye says. "An attacking organization today can have as many as 100 to 150 people. They have a career advancement path. How many legitimate businesses in the world have more than 100 people in security? I would say less than 100."

[Related: 10 Top Information Security Threats for the Next Two Years]

Defending your data against determined attackers with such resources at their disposal requires a whole new approach to security, Dye says. He points to one organization, a typical one, he says, that experienced 256 billion events last year, resulting in 215,000 incidents and 3,000 security incidents.

The Focus Must Be Detection and Response, Not Prevention

"To successfully defend against the types of targeted attacks we're seeing today, you need to expand the focus from prevention to detection and response," Dye says.

"Network security alone isn't going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint," Dye says. "Organizations need security across these control points working together, with incident response capabilities and global information intelligence to beat the bad guys."

Symantec is approaching this problem in a multifaceted way with a range of services and solutions.

Next month, Symantec will make available its new Symantec Managed Security Service -- Advanced Threat Protection (MSS-ATP), a managed service that Dye says significantly reduces the time it takes to detect, prioritize and respond to security incidents. It's based on deep integration between Symantec's endpoint security offering and third-party network security products from partners including Check Point, Cisco Sourcefire and Palo Alto Networks.

[Related: Everything You Know About Enterprise Security Is Wrong]

Symantec calls this ecosystem of network security partners the Advanced Threat Protection Alliance, and Dye says it enables the detection and correlation of malicious network and endpoint activity to substantially reduce false alerts by pinpointing the important incidents.

"What does detection mean?" Dye asks. "Detection means you get a bunch of 'maybes.' That's good because you've detected an event, but it's bad because chasing down a maybe represents a bunch of OpEx."

MSS-ATP seeks to cut down the effort required to chase down those 'maybes' by correlating events and only surfacing those events that aren't blocked at the endpoint, email or gateway.

Security of the Future Requires Adversary Intelligence

Within the next two quarters, Symantec says it plans to introduce a new Security Intelligence service that leverages its Symantec Global Intelligence Network (GIN) and a team of more than 550 researchers around the world to anticipate attacks.

The GIN platform continuously collects anonymous telemetry submitted from hundreds of millions of customers and sensors - more than 3.7 trillion rows of security telemetry data, Dye says - that allow Symantec to discover new attacks and monitor attacker networks. The Security Intelligence service will use the intelligence gathered by Symantec to monitor bad guys and understand who they're attacking and why.

[Related: How to Test the Security Savvy of Your Staff]

"If you understand what the bad guys are going after, you can do things totally differently," Dye says.

For instance, if you know attackers are seeking a certain type of data, you build specific monitoring around that data and people in your organization with access to that data. If you know an attacker is seeking to insert malicious insiders into an organization like yours, you can give additional scrutiny to background checks on new people in your organization.

Also within two quarters, Symantec plans to introduce an Incident Response service that provides customers with immediate access to critical capabilities, knowledge and skill sets during incident response scenarios.

"We've been building up staff over the past six months," Dye says.

Finally, Symantec says it will tie it all together with a new Advanced Threat Protection Solution, an on-premise offering that Dye says will go into beta within the next six months and will be generally available within the next 12 months. The end-to-end solution will deliver integrated advanced threat protection across the endpoint, email and gateway.

It will leverage two new organically developed Symantec technologies: the Symantec Dynamic Malware Analysis Service and Synapse. The Dynamic Malware Analysis Service is a cloud-based sandbox environment for behavioral analysis of active content, while Synapse enables smooth communication between the endpoint, email and gateway.

"We're going to be pricing this aggressively and we're going to offer extended free trials to customers so they can see it for themselves," Dye says.

Follow Thor on Google+

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Read more about security in CIO's Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags Technology Topics | Securityblack hat hackersSymantec. Threat Protectionsymantecintegrated approach to advanced threat protectionsecuritysecurity organizationsTechnology Topics

More about ATPATPCheck Point Software TechnologiesCiscoCisco SecurityCisco SecurityFacebookGoogleIT SecurityMicrosoftPalo Alto NetworksSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts