Full Report
What Symantec’s 2025 telemetry reveals about today’s threat landscape
Analysis Summary
# Industry News: Symantec’s 2025 Telemetry Reveals Massive Shift Toward Pre-Infection Defenses
## Summary
Symantec’s 2025 threat telemetry report highlights a staggering 3.2 billion blocked attacks, with 97% of neutralizations occurring at the Intrusion Prevention System (IPS) layer. The data underscores a strategic pivot toward "pre-infection" defense, where threats are mitigated before they can establish a foothold or deploy malware payloads.
## Key Details
- **Date:** March 4, 2026
- **Companies Involved:** Symantec (by Broadcom), Carbon Black
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
Broadcom's Symantec unit released its 2025 performance data, revealing the "unseen wall" of enterprise defense. The core narrative focuses on the efficacy of a layered security stack in an era of automated, high-volume exploits. The standout performer was the **Intrusion Prevention System (IPS)**, which handled 3.1 billion blocks—95% of which occurred before an actual infection could take place.
The report also highlights the growing role of the **Symantec Web Extension**, which saw a 74.5% year-over-year increase in blocks, reflecting a surge in malicious web redirection. Furthermore, the integration with **Carbon Black** has bolstered ransomware defenses, with the combined stack achieving an 80% proactive blocking rate against prevalent ransomware families.
## Business Impact
### For the Companies Involved (Broadcom/Symantec)
- **Validation of M&A Strategy:** The inclusion of Carbon Black data suggests successful cross-pollination of telemetry and technology since its acquisition by Broadcom.
- **Service Efficiency:** By blocking 97% of threats at the IPS layer, Symantec reduces the computational load on downstream engines, lowering the total cost of ownership (TCO) for cloud and on-premise infrastructure.
### For Competitors
- **Benchmark Pressure:** Competitors like CrowdStrike or SentinelOne are pressured to prove their "pre-infection" efficacy. Symantec is pivoting the conversation from "detection and response" (EDR) back to "prevention" (EPP), challenging the dominance of the "assume breach" mentality.
### For Customers
- **Reduced Dwell Time:** By stopping threats at the network/kernel level, customers face significantly fewer remediation tasks and lower operational fatigue for their SOC teams.
- **Cloud Stability:** The 2.4 billion threats blocked by cloud-scale ML mean that customers benefit from "herd immunity"—once a threat is identified in one environment, it is blocked across the ecosystem.
### For the Market
- **Consolidation Trend:** The report reinforces the value of "platformization." Large enterprises are moving away from best-of-breed tool sprawl toward integrated stacks that can correlate data from web extensions, servers, and endpoints simultaneously.
## Technical Implications
- **IPS Dominance:** The fact that IPS handles nearly 97% of blocks suggests that vulnerability exploitation (rather than simple file-based malware) remains the primary entry vector.
- **ML at Scale:** 956 million blocks were driven specifically by ML engines in the cloud, proving that signature-based antivirus is now a secondary "safety net" rather than a primary shield.
## Strategic Analysis
- **Market Positioning:** Symantec is positioning itself as the high-volume, enterprise-scale choice capable of handling "billions" of events, targeting Global 2000 companies with complex, hybrid environments.
- **Competitive Advantage:** The "unseen wall" branding emphasizes stability and silence; for a CISO, a security tool that prevents an incident is more valuable than one that merely alerts them to an ongoing one.
- **Challenges:** Despite high blocking rates, the 2% of ransomware that survives dynamic protection still represents a massive business risk. Maintaining this "wall" requires constant, expensive R&D to keep pace with AI-driven attack automation.
## Industry Reactions
- **Analyst Opinions:** Market analysts view this as a push to re-legitimize traditional endpoint protection (EPP) features that were previously overshadowed by EDR.
- **Market Response:** The 74.5% increase in web-based blocks has sparked discussions among industry experts regarding the necessity of browser-level security as the new "perimeter."
## Future Outlook
- **Predictive Defense:** Expect Symantec to lean more heavily into "Behavioral AI" as attackers evolve to bypass static and signature-based checks.
- **Integration Watch:** Watch for deeper technical integration between Carbon Black’s forensic capabilities and Symantec’s high-volume prevention engines.
## For Security Professionals
Practitioners should note that **Web Server Vulnerabilities** (964M blocks) and **OS Vulnerabilities** remain the top targets. This data suggests that while EDR is fashionable, the "unsexy" work of maintaining a robust, properly configured IPS and patching web-facing servers remains the most effective way to reduce the vast majority of enterprise risk.