The Unseen Wall: How Billions of Attacks Were Blocked in 2025

Exploits

What Symantec’s 2025 telemetry reveals about today’s threat landscape

  • Symantec’s layered security stack blocked about 3.2B attacks in 2025, showing what defense in depth looks like at enterprise scale.
  • IPS did the heavy lifting (about 97% of all blocks), and it stopped the vast majority of threats before infection, cutting risk and dwell time early.
  • The numbers point to today’s pressure points: web redirection, cloud-scale malware, and ransomware, curtailed by ML and behavior-based engines.

The threat landscape is more challenging than ever, but our security architecture remains the bedrock of modern defense. In 2025, Symantec’s security technologies blocked approximately 3.2 billion attacks across enterprise environments. Behind that number is layered architecture at massive scale—an unseen, unbreachable wall designed to stop threats early, reduce dwell time, and protect users wherever they work. 

We’ve prepared a closer look at exactly how each protection layer performed last year and what that tells us about today’s attack patterns, backed by hard data. 

The front line of enterprise defense 

Intrusion Prevention System (IPS)

IPS continues to be a crucial layer of Symantec defense, responsible for stopping nearly all major attacks. Here’s why: 

  • IPS blocked ~3.1 billion attacks, accounting for 96.94% of all attacks stopped.
  • ~95% of all IPS blocks were executed at the pre-infection stage, minimizing risk to organizations.
  • ​​This pre-infection blocking is critical, as it halts vulnerability exploitation attempts—even those without a malware payload (e.g., credential theft via server vulnerability)—before they can establish a foothold, conserving resources for downstream security engines (like AV) and eliminating the risk of infection, a capability that often differentiates it from other vendor solutions.
  • Kernel IPS blocked an average of 6.9 million attacks daily, demonstrating constant, high-volume threat neutralization.
  • The highest volume threats mitigated by Kernel IPS were web server vulnerabilities, which accounted for over 964 Million blocks.

Securing the user edge 

Symantec Web Extension

Web-based activity and malicious redirection remain one of the most frequent high-risk attack vectors. Symantec Web Extension plays a vital role in protecting users from malicious sites and redirects. Here’s how: 

  • Symantec Web Extension blocked 545.3 million web attacks,showcasing effective coverage.
  • Its value surged with a massive ~74.5% increase in blocks since last year.
  • With 35 million malicious redirection attacks intercepted, users were protected from high-risk pathways in this top-blocked category. 

Scaling detection through the cloud 

Cloud Protection

Cloud Protection is an essential, high-volume layer that leverages broad threat intelligence to prevent attacks across a diverse product ecosystem. Here’s how it stood up to threats:

  • 2.4 billion threats blocked,a massive scale of malicious attempts.
  • 956 million blocks came from the Machine Learning engine, accounting for the highest number of threats blocked. 

Known-threats neutralization

Static Protection (AV)

The Static Protection engine layer neutralizes known and emerging threats, complementing the preventative power of IPS and driving down enterprise risk. Here are its standout protections from last year:

  • Static Protection engines neutralized 72.5 million threats.
  • The Reputation engine blocked 35 million threats.
  • The Machine Learning engine stopped 10.3 million threats

While preventative controls stop most threats upstream, static protection acts as a much-needed safety net for known malware families. 

Behavioral and zero-day defense in action

Dynamic Protection  

Our behavioral-based engines are designed to catch what static methods miss—particularly  advanced and zero-day threats designed to evade static detection. Last year:

  • These engines successfully blocked well over 26 million threats.
  • Dynamic Protection proactively stopped ~98% of all ransomware infection attempts—critical for zero-day defense.

Proactive server and specialized defense

Our protection also extends to specialized and high-value environments, ensuring consistent defense across the entire enterprise.

  • Enterprise Server Protection:IPS blocked a total of 288.2 Million attacks on enterprise servers. Top-blocked threats were Web Server Vulnerabilities (117.8 Million Pings) and OS Vulnerabilities (42.9 Million Pings).
  • Carbon Black Endpoint Detection & Prevention: This capability achieved ~80% proactive blocking coverage against prevalent ransomware families.

Security across the entire enterprise

As Symantec and Carbon Black continue to innovate and extend your defenses, the numbers speak for themselves. Our capabilities blocked billions of attacks in 2025, helping organizations maintain strong preventative postures, even for smaller teams.

Robust, modern defenses demand depth, scale, and seamless coordination across multiple protection layers. That’s exactly what this architecture is built to deliver—quietly, consistently, and at enterprise scale. 

Ready to turn security up to 11? Connect with your local Symantec and Carbon Black partner to learn how these enterprise-grade protections can help lock down your environment. 

You might also enjoy

 

BladeOne
BladeOne

Latest articles

Previous article
War exclusions protect insurers as cyber spillover risk emerges
Next article
New RFP Template for AI Usage Control and AI Governance

Related articles