Security Market Segment LS
Tuesday, 01 November 2016 18:31

Symantec creates world’s largest GIN


Symantec has combined its threat intelligence and Blue Coat Threat Intelligence into its Global Intelligence Network (GIN). This creates the security industry’s largest and most diverse set of threat data combining threat data results in 500,000 additional attacks being blocked for Symantec customers every day.

And the power of this new data is evident to all from a micro (consumer) to macro (enterprise level). Two new attack campaigns and 137,000 new phishing campaigns have been uncovered.

“Symantec research teams have unparalleled visibility into the entire threat landscape, including the most advanced attacks, and Blue Coat researchers have been categorising, mapping, and fingerprinting the Internet with a view into the darkest parts of the web and malware tradecraft,” said Greg Clark, chief executive of Symantec.

“By fast-tracking the integration of the threat intelligence capabilities from Symantec and Blue Coat, Symantec products are now blocking 500,000 additional attacks per day for our endpoint, email, and Web security customers. Drawing out those kinds of results from data is only possible by using artificial intelligence, which gives our threat researchers a vastly augmented ability to spot attacks earlier than anyone else.”

The creation of the joint GIN brings significant enhancements to Symantec’s threat intelligence capabilities made uniquely possible by integrating Symantec and Blue Coat’s security telemetry and applying the data-crunching force of artificial intelligence that is needed when analysing numbers reaching into the trillions.

The GIN monitors more than nine trillion elements of security data, providing unparalleled visibility and protection for Symantec customers across their entire environments. Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million Web proxy users, and processes nearly eight billion security requests across these products every day.

The integration provides the foundation for Symantec’s Integrated Cyber Defence Platform, which allows Symantec products to share threat intelligence and improve security outcomes for customers across all control points. Symantec is the only vendor to connect endpoint, email, and Web protection across a single integrated intelligence platform.

The combined Symantec-Blue Coat threat telemetry has led to a series of significant protection improvements as well as discoveries of new attack campaigns. Examples cited by the company include:

Improved protection from sharing threat telemetry

Symantec and Blue Coat products are now automatically exchanging millions of malicious files and URL threat indicators daily. For example, when a ProxySG Web gateway installation at any customer site uncovers a brand new malicious file or URL, this telemetry is shared via the cloud with every Symantec Endpoint Protection and Norton Security deployment, thereby providing this same protection for all Symantec Endpoint Protection and Norton customers. Similarly, when an installation of Symantec Endpoint Protection or Norton Security discovers a new malicious file or URL, this intelligence is shared with all ProxySG installations, so that those customers can immediately benefit from the discovery of this new threat. This telemetry-sharing system is fully operational and has resulted in Symantec products blocking 500,000 additional attacks every day for the endpoint, email, and Web security customers.

New cyber espionage campaign discovered

After the cyber espionage agreement between the US and China was signed in September 2015, it was believed that the China-based cyber espionage group Buckeye had largely stopped their attack operations. Only through the combined threat intelligence of Symantec and Blue Coat did Symantec determine that the Buckeye group was still highly active, and had set their sights on a new target – Hong Kong political organisations. Symantec’s combined teams uncovered new spear-phishing emails targeting 13 political entities in Hong Kong leading up to the Hong Kong elections. These discoveries have allowed Symantec to enhance its protection capabilities against the Buckeye group’s campaigns, while also alerting customers to the re-emergence of this attack organization.

Sophisticated financial heists revealed

Symantec and Blue Coat’s combined telemetry led to the revelation that, since January 2016, a series of campaigns involving malware called Trojan.Odinaff has targeted roughly 100 financial institutions worldwide, including investment brokerage houses, consumer banks, and ATM networks. The Odinaff attack is unusual in that once attackers infiltrate a victim’s financial institution, they spend time learning about the exact capabilities of the target organisation, e.g., trading platforms, money wire capabilities, ATM networks, etc. Then the attackers execute an attack plan leveraging the specific capabilities of the compromised organisation, for example, withdrawing funds, making trades, or transferring money via the SWIFT wire transfer system. To date, the Odinaff attack group has stolen millions of dollars from victim institutions.  

Changing the game on anti-phishing

To combat the increased threat to enterprises and consumers from phishing emails, Symantec has developed technology that analyses new websites in real-time by comparing them to screenshots of known phishing sites. Leveraging machine learning and advanced image analysis, the technology is applied to more than 1.2 billion Web requests each day and has uncovered 137,000 new phishing campaigns since its release. New phishing sites identified by this system are now being blocked across Symantec’s endpoint, email, and Web security product portfolio.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News