With advanced threats such as ransomware, remote access Trojans, advanced persistent threats (APTs) and zero day attacks now reaching alarming proportions – and continuing to rise rapidly –security professionals are faced with an uphill battle when striving to keep their organizations safe.
This is especially so in an age when event threats are more technically complex and difficult to uncover than ever before. Criminals are employing increasingly sophisticated tactics to trick unsuspecting victims. They customize attack campaigns to bypass security defenses, using innovative, stealthy and highly persistent techniques to hide themselves from detection.
Attacks are remaining active and undiscovered for months, even years, allowing intruders to strengthen their foothold, all the while locating the valuable data they want to steal and then launching more attacks.
How widespread are such incidents? Symantec's 2015 Internet Security Threat Report (ISTR) shows that five out of every six large companies – 2,500 employees or more – were hit with a targeted attack last year. And 60% of all targeted attacks struck small and medium organizations showing that every organization is a potential target.
It isn’t that the enterprises being breached are failing to invest in security technology – it’s more that many of those products are not integrated across the business. The result is that security analysts end up having to examine a great swathe of security data manually, from multiple sources, trying to ‘connect the dots’ that will give them visibility into suspicious activity. Yet even as they connect those dots, intruders are continually morphing the ways in which they are penetrating their defenses, making it nigh on impossible to identify these threats.
Also, the sheer volume of incidents now occurring will sometimes turn into false positives, so analysts end up chasing into areas where there is no threat – and all of this is carried out manually and often without adequate staffing or cyber security skills. What may then happen is the one thing that isn’t a false positive slips through, because the analyst is having to trawl through a long laundry list of attacks every single day. People use the phrase, ‘Looking for a needle in a haystack’, but I tend to see this as ‘Looking for a specific needle in a massive pile of needles’.
Clearly, organizations can no longer rely on using individual point products at each control point to stop attacks. That manual and time-consuming process gives attackers a dangerous edge. Using Symantec Advanced Threat Protection (ATP), they can actually correlate suspicious activity across all control points – from a single console with just a click and with no new endpoint agents to deploy – and then prioritize the events that pose the most risk. Once a critical threat is identified, it can be quickly contained and new instances blocked.
With Symantec, enterprises are able to:
- Uncover a full range of threats, from APTs to zero day attacks, across endpoint, network and email, with cross-control point detection and environmental search
- Prioritize what matters most by correlating the threat intelligence from across local control points with all that Symantec sees globally through its massive telemetry
- Remediate the threats fast through containment of endpoints and blocking new instances across control points. All machines that have a problem can be quarantined and cleaned up, so the problem is contained
- Leverage existing investments in Symantec Endpoint Security and Email Security.cloud, without deploying any new endpoint agents.
With the average enterprise now believed to be using 75 distinct security products, the time has come for enterprises of all sizes to make the move to a strategy that gives them the proper safeguards to protect their data – and business – in an increasingly precarious threat landscape.
Miercom conducted an independent third party validation of an early version of the Symantec Advanced Threat Protection: Network appliance in April this year. Check out the report here.