When a security threat is at your doorstep, you want information as quickly as possible. Is it new? What do I do first to stop the most urgent threat? Where has it been seen before? How far has it spread and what is it related to? Often the process means manually checking databases from multiple sources. Our new Threat Intelligence API, available through Symantec Endpoint Security Complete (SESC), jumpstarts the process, putting Symantec’s Global Intelligence Network at your fingertips – on a platform you probably already use.
The API has been integrated with Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR) and Threat Intelligence Platform (TIP) partners ThreatQuotient, Anomali, and Siemplify. It’s also available directly through Symantec’s Integrated Cyber Defence Manager (ICDm) cloud platform. The point here is not to introduce a new toolset – we’re adding this capability to a workflow you already know. What is new is that we’ve opened our full programmatic and human enhanced intelligence capabilities to our customers on an automated basis.
"Broadcom's SES Complete Intelligence provides broad visibility into real cyber threats and their impact on an organization’s infrastructure,” said Mark Alba, Chief Product Officer at Anomali. “With this intelligence integrated into Anomali’s ThreatStream Intelligence platform, security teams can quickly identify the risk, investigate a response and preemptively mitigate cyber threats before they hit.”
Symantec’s Global Intelligence Network is one of the largest civilian networks of its kind in the world. The network applies artificial intelligence to analyze more than nine petabytes of security threat data. It offers the broadest and deepest set of threat intelligence in the industry that allows Symantec to discover and block advanced targeted attacks that would otherwise go undetected. That includes information correlated from 175,000,000 endpoints and 126,000,000 attack sensors. We track more than 25,000 ongoing network vulnerabilities.
The system has a proven track record. Last year, Symantec researchers identified the WastedLocker ransomware code that attackers were about to deploy against dozens of U.S. corporations, including eight Fortune 500 companies. Also, Symantec has assisted in the arrest of almost 200 cyber criminals, including individuals associated with the Blackshades, Bayrob, Nanocore, Scan4You, and Operation WireWire attacks. We’ve also helped law enforcement dismantle some of the biggest cyber crime botnets: Waledac, Bamital, ZeroAccess, GameOverZeus and Ramnit.
Specifically, the new API provides real-time information on any file hash, domain, or IP address. That includes reputation, threat name, prevalence, age, industry, geography, and related indicators. This information assists in making quick decisions on how to prioritize investigations and respond to potential breaches. Even better, there’s nothing to download and store locally.
And when it comes to threat hunting, the API delivers relevant data in a flash directly where you can act on it. You can pull a thread on a threat actor, see related attacks, and chase down new clues more efficiently.
“This is a game-changing approach to managing risk within the MSSP community,” says Dean Papa, VP of Global Service Providers at Siemplify. “The ability to enable Symantec’s Global Intelligence Network provides Siemplify service providers real-time access to the largest global intelligence network in the world to quickly validate the efficacy of the alert and use Siemplify’s platform to automate a response and protect the customer environment.”
You also can use the new feature for planning ahead. In addition to the real-time threat enrichment, this new SES Complete component includes curated, strategic intelligence in the form of regularly updated reports and bulletins on trends and specific threats evolving in the threat landscape. These documents are delivered to customers via email regularly, making it easier to prepare for emerging threats and campaigns, learn more about threats targeting specific industries or geographies, or gain perspective on global threats. We also track and provide in-depth profiles on over 140 threat actors that can help you determine urgency by showing whether a particular threat is part of a known campaign.
“ThreatQuotient is pleased to partner with Symantec to provide organizations with curated threat intelligence to improve their threat hunting and adversary countermeasures. Threat intelligence provided by a trusted source is an effective measure against adversarial TTPs. We encourage network defenders to use Symantec Threat Intelligence to reduce their attack surface,” said Haig Colter, Director of Alliances at ThreatQuotient.
Buying the new API is easy – it’s part of our SES Complete package. No separate purchase is required. The offering provides your organization with the best security at the endpoint for both traditional and mobile devices across the entire attack chain for rapid containment.
Proactive attack surface reduction and innovative attack prevention technologies provide the strongest defense against the hardest-to-detect threats that rely on stealthy malware, credential theft, fileless, and “living off the land” attack methods. Symantec also prevents full-blown breaches before exfiltration can occur. Sophisticated attack analytics, behavior forensics, automated investigation playbooks, and industry-first lateral movement and credential theft prevention provide precise attack detections and proactive threat hunting to contain the attacker and resolve persistent threats in real time.
The smarter you can be about threats – present and future – the better you can protect your network.
That’s what motivates us at Symantec.
**For more information on how to use the Threat Intel API, check out the API documentation here**
Threat Intelligence Platform (TIP) Partners:
Threat Intelligence from Symantec Endpoint Security Complete
Join us for a webinar with Endpoint Product Management Director Adam Licata, and Director Security Response Kevin Haley, Thursday, April 15, 2021, 11 am PST, to learn about our new Threat Intelligence API, available through Symantec Endpoint Security (SES) Complete.
We encourage you to share your thoughts on your favorite social platform.