Symantec, Fortinet announce new security tools with analytics, automation for cyber response
Hospitals and health systems have a couple new options for their cybersecurity armamentarium, with new technologies unveiled this week by Symantec and Fortinet.
Symantec unveiled the Targeted Attack Analytic tech – the same one used by its own research teams – is now available to its Advanced Threat Protection customers. The analytics allow those customers to put machine learning to work automating the detection of targeted attacks.
TAA helps to identify truly targeted activity, which is often hard to notice amid the profusion of alerts generated by security systems, prioritizing it in the form of a highly reliable incident report for the security team, according to Symantec.
The technology was developed jointly by Symantec’s Attack Investigation Team, which discovered threats such as Stuxnet, Regin, Lazarus, and also uncovered links to SWIFT and WannaCry attacks, officials say.
TAA uses machine learning to analyze an array of data, including system and network telemetry from Symantec's customers worldwide. The cloud-based tool enables frequent re-training and updating of analytics to adapt to new attack methods without the need for product updates.
The technology underlying TAA is the same one Symantec used to uncover Dragonfly 2.0, a major attack that targeted dozens of energy companies in an effort to gain access to operational networks.
Symantec CEO Greg Clark in a statement that TAA uses "advanced analytics and machine learning to help shorten the time to discovery on the most targeted and dangerous attacks and to help keep customers and their data safe.”
Fortinet new infosec technology, meanwhile, aims to help automate security response, by integrating the network operations center and the security operations center. The company bills it as a purpose-built NOC-SOC tool to bridges workflow, analysis and automated response across operational and security processes.
The technology builds on the Fortinet Security Fabric architecture, combining the capabilities of FortiManager 6.0, FortiAnalyzer 6.0 and FortiSIEM 5.0, officials say, and combines analytics from FortiGate, FortiAnalyzer and FortiManager with threat intelligence services from FortiGuard to offer customers an enhanced security posture.
New incident response tracking capabilities allow users to automate responses across silos based either on predefined triggers (system events, threat alerts, user and device status) or through direct ServiceNow IT Service Management integration.
Fortinet points to cybersecurity workforce challenges, with many organizations facing a shortage of employees even as IT needs to support complex applications across systems in multiple locations. It says that integration across security disciplines, rather than just products, is key to enabling better visibility and control over security threats.
The new NOC-SOC solution combines the operational context of the NOC, – appliance status, network performance and application availability – with the security insights of the SOC, such as breach identification, stopping data exfiltration and uncovering compromised hosts, officials say.
Fortinet’s tool allows each team to operate with the benefit of the other’s perspective, enhancing defensive posture and risk management.
“Both security and IT teams are challenged by resource constraints,” Fortinet senior vice president John Maddison said in a statement. “Yet workloads and the rate of cyberthreats continue to rise in scope and complexity.”
Healthcare Security Forum
The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.