Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Broadcom Introduces Industry's First Incident Prediction Capability to Stop Living-Off-The-Land Attacks

Broadcom Inc. announced Incident Prediction, an industry-first security capability that extends Adaptive Protection, a unique feature of Symantec Endpoint Security Complete (SES-C), by leveraging AI to identify and disrupt living-off-the land (LOTL) attacks and other cyberthreats.

Trained on a catalog of over 500,000 real-world attack chains built by the world-class Symantec Threat Hunter Team, Incident Prediction puts the advantage back in defenders' hands by: predicting attackers' behaviors, preventing their next move in the attack chain even when they're using legitimate software, and then quickly returning the enterprise to its normal state. With Incident Prediction, SES-C delivers exceptional cyber resilience against motivated adversaries.

"The inspiration for Incident Prediction came from how GenAI can ‘predict' the next word when generating text," said Eric Chien, Fellow, Symantec Threat Hunter Team, Broadcom. "By leveraging our extensive attack chain repository and threat intelligence using advanced AI and ML, Incident Prediction can predict the next four or five possible moves attackers will make in a customer's environment, disrupt them, and then revert to normalcy right away. As a result, security analysts no longer need to triage the event to figure out mitigation strategies; Incident Prediction does that automatically for them."

With Incident Prediction, SOC analysts and other security professionals can:

  • Automate mitigation and disrupt attackers: Automatically identify the next steps that a specific attacker will most likely take based on past attack patterns. It then applies mitigation policies to block those predicted actions, disrupting most attacker's progress before they can reach their end goal of encrypting data or exfiltrating information.
  • Reduce burden on SOC analysts: Eliminate the need for SOC analysts to manually triage alerts, analyze attack sequences and determine mitigation strategies. It handles this automatically, freeing up analysts to focus on other security priorities.
  • Avoid business impact: Incident Prediction provides specific granular attacker behaviors to block limiting impact to normal business processes. Common day, but crude mitigation measures, which disrupt business such as quarantining machines, shutting down the network, removing user access, or reimaging machines are largely unnecessary.
  • Reduce attack surface: Enhancing Symantec Adaptive Protection, which identifies and recommends blocking low-prevalence applications and behaviors to proactively shrink the attack surface. It helps close the "doors" to attackers and their common attack techniques.

The use of legitimate software by cybercriminals, the approach used in LOTL attacks, is on the rise. According to "Ransomware 2025: A Resilient and Persistent Threat," a new report by the Symantec Threat Hunter Team, LOTL attacks are used by nearly all ransomware actors. Nation-state actors also use them to conduct surveillance or exfiltrate data. And large organizations are not the only victims - mid-market businesses increasingly are targeted. Instead of re-imaging the whole machine or changing everyone's credentials when an attack is discovered, security professionals can use Incident Prediction to have more granular control over their security by blocking only the attacker's most likely behaviors to reduce the risk of business disruption and enable a streamlined incident response - as attacks happen - all without additional cost.

"Broadcom is focused on providing enterprise-grade security for all organizations, whether they have a mature SOC or a small security team. Incident Prediction delivers on this commitment - organizations can enhance SOC capabilities regardless of sophistication," said Jason Rolleston, Vice President and General Manager, Enterprise Security Group, Broadcom. "Today, every organization needs to empower their security teams to become faster, stronger and more resilient against highly sophisticated APT groups. With Incident Prediction, they now have an automated system that can flag, act and help protect against cyberattacks - as they happen - faster and more cost-effectively."

Pricing and Availability

Incident Prediction is available now as a new feature for Adaptive Protection, which is part of Symantec Endpoint Security Complete (SES-C), at no additional cost to current SES-C customers. SES-C is one of the most integrated endpoint security platforms on the planet and delivers cloud-based protection with AI-guided security management, all on a single agent/console architecture.

Published Tuesday, April 15, 2025 10:43 AM by David Marshall
Filed under:
Get This Featured White Paper: High Availability Clusters in VMware vSphere without Sacrificing Features or Flexibility
You may also be interested in this white paper: Understanding Windows Server Cluster Quorum Options
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<April 2025>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910