Providing World Class Security – Symantec Leads With Its Teams

Symantec, as a division of Broadcom, continues to provide best in class security protection, leveraging the strength of its innovation, breadth of solutions, and its people. Symantec’s Bret Jordan, technical director in the Office of the CTO, has been named a Distinguished Contributor by the OASIS Open standards body for his long standing work with the cyber security and threat intelligence communities, demonstrating the cutting-edge work necessary to keep our customers safe.

Jordan is a prime example of how Symantec’s thought leaders now deliver world-class insight and products to the marketplace as part of Broadcom.

Jordan has more than 25 years of experience in cyber security – from both product and end-user perspectives. In the recent past, he focused on long-term research and market strategy for the company. “I generally worked on problems that were much further out,” he says. “I worked generally in the five to seven-year timeframe.” Over the years, Jordan’s prognostications have been strikingly accurate – in the 80 percent range. 

He is currently in Symantec’s Product Management group leading work on security effectiveness and standards. “Standards are fundamentally important for the technology ecosystem at large,” Jordan explains. “If you have standards without implementations you just have a bunch of books on a shelf. However, if you have code without standards, you end up with ecosystem chaos and a general lack of interoperability.” Bottom line: Without standards chaos reigns.

The work allows Jordan to collaborate with government agencies, critical infrastructure, industry thought leaders and academic researchers worldwide to help drive creative technologies and solutions to protect crucial systems and data. At Broadcom that includes some of the largest customers and networks in the world.

How threat intelligence is communicated particularly interests Jordan. He helped write the STIX and TAXII standards that allow organizations to create, document and share cyber threat information. That includes information about threat actors, campaigns, hacker tool kits, malware, and vulnerabilities. 

Historically, when an organization fends off an attack, it usually targets the Internet Protocol address, URLs, or file hashes of the threat. “That’s very inexpensive for attackers – they can change those pretty quickly,” Jordan points out. “What you want to do is block the higher level Techniques, Tactics and Procedures – the modus operandi of the threat actor.” 

Central to that effort has been Jordan’s work on cyber security playbooks – a way to codify and quickly distribute ways to prevent, detect, mitigate, or even remediate security threats in cyber relevant time and then share them between organizations and even devices. “Standards enable vendors to compete on the value and effectiveness of their solution, not on the basics of protocols, languages, taxonomies, and APIs.” 

Currently, many organizations still keep their playbooks in a binder or in a WIKI. This is where the CACAO (Collaborative Automated Course of Action Operations for Cyber Security) comes into play. They create a structure for putting that information into a machine-readable format. “If you see a Fuzzy Panda outbreak you can look for a playbook on how to mitigate or remediate that,” Jordan explains.  “It can give step-by-step commands for all of the cyber community.” Symantec is leading the way with helping organizations protect their networks, data, systems, and devices, along with designing solutions that will enable the SOC of the future to respond to threats in cyber relevant time.

Jordan’s standards work has had a direct impact on Symantec’s products and services – as well as the Internet at large. He has worked on the TLS1.3 standard that improves transport layer security; the QUIC protocol that improves performance of connection-oriented web applications like mobile and hand-held computers; and the DOH (DNS over HTTPS) standard which allows the Domain Name System, the phone book of the Internet, to operate with more privacy protections.

“I can bring my standards knowledge into our product groups and help make sure that our solutions are compatible with upcoming protocols that the market is asking for,” Jordan says. “It helps some of the largest customers and networks on the planet understand that we have a lot of technical insight and knowledge about how things are working.”

This kind of insight is central to Symantec’s work. In June 2020, the division’s Threat Hunter Team proactively detected a wave of attacks against dozens of American companies and identified the code as WastedLocker ransomware. The end goal of such incursions is to cripple the victim’s IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion-dollar ransom. Symantec was able to warn the companies involved and help them block the assault before damage ensued.

Similarly, Symantec spotted a resurgence of so-called Dragonfly attacks on American and European energy companies in 2017. The threat’s origins were unclear, but the intent was not: potential sabotage. Customers were warned and protected.

Looking ahead, Jordan sees the urgent need for real-time security automation as devices proliferate on global networks and the opportunity for attacks expands exponentially. “Being able to mitigate and remediate in cyber-relevant time is going to be critical for every sector in the market – not just critical infrastructure,” he says.

Currently, the complex arc of identifying a threat, determining who is affected and creating a fix can be remarkably slow. “If you can take a mitigation response which is right now measured in terms of months and turn it into hours or days, that’s huge,” explains Jordan. More automation is also essential because the challenge grows daily. “You will not be able to hire enough people to touch every device manually. There are just not enough security practitioners on the planet.”