Upload
others
View
16
Download
0
Embed Size (px)
Citation preview
Agenda
• Security Report and Security News 2019
• Trend of technology and security 2020
• Security Framework with Zero Trust Network
• Symantec with Zero Trust Networking
Security Report and Security News 2018-2019B1G Numbers
Symantec security report 2019
FormJACKINGAttacks
Target Attacks
IoT Cloud
Web Attacks
Malicious URLs
CryptoJACKINGAttacks Ransomware
Supply Chain Attacks
Malicious Email
Vulnerability
Data Compromise
B1G Numbers
Symantec security report 2019
Malicious URLS
40 percent of malicious URLs were found on good domains.
https://www.helpnetsecurity.com/2019/03/01/malicious-urls-good-domains/
Security Report and Security News 2018-2019
B1G Numbers
Symantec security report 2019
Web AttacksOverall web attacks on
Endpoint increased by 56% in
2018, Symantec was blocking
more than 1.3m unique web
attacks on endpoint machines every day.
Security Report and Security News 2018-2019
B1G Numbers
Symantec security report 2019
FORMJACKING AttacksOne of the biggest cyber security
trends of the year
Average 4800 website
compromised with formjacking
code every month 2018, Steal
payment card information from e-
Commerce sites
Symantec Blocking 3.7m in 2018
Security Report and Security News 2018-2019
B1G Numbers
Symantec security report 2019
Malicious Email48% of Malicious Email attachments
are office files up from 5% in 2017,
(ransomware ,phishing ,spear-phishing
,spoofing ,MITM ,Whaling/Business
Email Compromise ,SPAM ,Keylogger
,Zero-day exploit and social
engineering)
Security Report and Security News 2018-2019
B1G Numbers
Symantec security report 2019
CryptoJACKING Attacks
Trending down, but certainly not out
2017-2018 symantec blocking around 8m
cryptojacking events per month, 2018 69m
cryptojacking events in the 12 month period
Cryptojacking doesn’t just affect websites. In July, Trustwave researchers detected and monitored a large-scale compromise in which attackers modified vulnerable MikroTik routers in Brazil to insert a Coinhive script onto every web page browsed via the router. Although, MikroTik actually patched the vulnerability the previous April, users tend to update devices with security patches much less frequently than they do computers.
Security Report and Security News 2018-2019
B1G Numbers
Symantec security report 2019
Supply Chain Attacks
Supply chain attacks continued to be a feature of the threat landscape, with attacks increasing by 78 % in 2018.
Security Report and Security News 2018-2019
Security Report and Security New 2018-2019
B1G Numbers
Symantec security report 2019
Ransomware
Overall ransomware down 20% but enterprise ransomware up to 12%. For mobile ransomware increased 33% in 2018-2019
Vulnerabilities
New CVE by year https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Report_Vulnerability_and_Threat_Trends_2019.pdf
2019
18,980 (14-11-2019) ?
https://cve.mitre.org/
Security Report and Security News 2018-2019
Vulnerabilities
https://cve.mitre.org/ https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Report_Vulnerability_and_Threat_Trends_2019.pdf
Security Report and Security News 2018-2019
Vulnerabilities
https://www.beyondtrust.com/assets/documents/Microsoft-Vulnerabilities-Report-2019.pdf
Break down of Microsoft Vulnerability 2018
Security Report and Security News 2018-2019
IoT
Trustwave security report 2019
Cryptojacking doesn’t just affect websites. In July, Trustwave researchers detected and monitored a large-scale compromise in which attackers modified vulnerable MikroTik routers in Brazil to insert a Coinhive script onto every web page browsed via the router. Although, MikroTik actually patched the vulnerability the previous April, users tend to update devices with security patches much less frequently than they do computers.
After a massive increase in Internet of Things (IoT) attacks in 2017, attack numbers stabilized in 2018, when the number of attacks averaged 5,200 per month against Symantec’s IoT honeypot. Routers and connected cameras were by far the main source of IoT attacks, accounting for over 90 percent of all attacks on the honeypot. The proportion of infected cameras used in attacks increased considerably during 2018. Connected cameras accounted for 15 percent of attacks, up from 3.5 percent in 2017. Attackers were also increasingly focused on Telnet as an avenue for attack. Telnet accounted for over 90 percent of attempted attacks in 2018, a jump from 50 percent in 2017.
New Mirai malware variant targets signage TVs and presentation systems, Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment.
https://www.zdnet.com/article/new-mirai-malware-variant-targets-signage-tvs-and-presentation-systems/
Security Report and Security News 2018-2019
Targeted AttacksThe most likely reason for an organization to experience a targeted attack was intelligence gathering, which is the motive for 96 percent of groups.
Spear-phishing emails remained the most popular avenue for attack and were used by 65 percent of all known groups.
Alongside the rise in popularity of living off the land tactics, the use of zero-day vulnerabilities declined in 2018, with only 23 percent of groups known to have exploited zero days, down from 27 percent in 2017. While still a niche area, the use of destructive malware continued to grow
Security Report and Security News 2018-2019
Data Compromise
Trustwave security report 2019
SpiderLabs at Trustwave team conducted of malicious data breaches affecting thousands of computer systems in 19 different countries.
Attackers appeared to shift their focus from the Americas to Asia-Pacific (APAC), mainly Australia, Singapore and Hong Kong
Security Report and Security News 2018-2019
Data Compromises
Trustwave security report 2019
The largest share of incidents involved the retail industry, with traditional brick-and-mortar retailers and e-commerce environments
By Industry
Security Report and Security News 2018-2019
Data Compromise
Trustwave security report 2019
By Motivation or Type of Data Targeted
About 25 percent of incidents targeted card-not-present (CNP) payment-card data, mostly from e-commerce environments. Overall, payment-card data comprised36 percent of incidents, including track (magnetic stripe) data at 11 percent
Security Report and Security News 2018-2019
Data Compromise
Trustwave security report 2019By Environment and Industry
Security Report and Security News 2018-2019
Method of Compromise
Trustwave security report 2019
Security Report and Security News 2018-2019
Some of the Reported Data/Privacy Breaches in 2018 - 2019
Security Report and Security News 2018-2019
Some of the Reported Data/Privacy Breaches in 2018-2019
3,500 ล้านบาท6,300 ล้านบาท
21,532 ล้านบาท153,800 ล้านบาทReference: https://www.theguardian.com
Security Report and Security News 2018-2019
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
1. Increased Automation in Cyber Security
A recent Ponemon Institute survey of more than 1,400 IT and IT security specialists demonstrates that 79% of respondents either right now use (29%) automation tools and platforms inside their company or plan to utilize them (50%) within the next couple of years.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
2. Spending on Cyber Security will Increaseinformation from IDC demonstrates that worldwide spending on cyber security solutions, for example, software, hardware and services is foreseen to top $103 billion this year alone.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
3. More use of AI for Attacks
Attackers won’t simply target AI systems, they will enroll AI strategies themselves to supercharge their own crimes. Automated systems controlled by AI could test systems and networks scanning for unfamiliar vulnerabilities that could be exploited. Artificial intelligence could likewise be utilized to make phishing and other social
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
4. Use of AI for Defending Attacks
The AI security story likewise has a brilliant side. Threat identification systems as of now use machine learning methods to distinguish completely new threats. Also, it isn’t simply attackers that can utilize AI frameworks to probe for open vulnerabilities; protectors can utilize AI to all the more likely solidify their surroundings from attacks
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
5. Development of Public InfrastructureUtilities are fundamental to a cutting-edge economy and furthermore, make incredible targets for cyber attacks. They give critical framework to a great many individuals and governments around the globe, yet they frequently work utilizing old, obsolete innovation.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
6. Growth of 5GVarious 5G network infrastructure deployments commenced for this present year, and 2019 is turning out to be a time of accelerating 5G activity. After some time, more 5G IoT gadgets will connect directly to the 5G network as opposed to by means of a Wi-Fi router. This pattern will make those gadgets progressively defenseless against direct attack.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
7. Capturing Data in TransitIn 2019 and past, we can anticipate that increasing endeavors should access home routers and other IoT centers to capture some of the data going through them. Malware embedded into such a router could, for instance, steal banking certifications, catch credit card numbers, or show satirize, malicious website pages to the client to compromise confidential data. Such sensitive information will, in general, be better verified when it is very still today.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
8. Shadow of IT resources By 2020, 33% of effective attacks experienced by companies will be on their shadow IT assets. Business units manage the truth of the enterprise and will draw in with any device that causes them to carry out the responsibility. Organizations should figure out how to address shadow IT and make a culture of acknowledgment and protection versus detection and punishment.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
9. Exploiting Supply ChainAn inexorably regular objective of attacks is the software supply chain, with attackers embedding malware into generally real software bundles at its typical distribution area. Such attacks could happen during generation at the software vendor or at a third-party provider.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
TOP 10 CYBER SECURITY TRENDS TO WATCH IN 2020
10. Cloud can be a ThreatBy 2020, 80% of new deals for cloud-based access security brokers (CASBs) will be bundled with a network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms. While concerns exist about client migration to the cloud and bundling buys, organizations should evaluate the application deployment guide and choose whether CASB investment is justified.
https://www.analyticsinsight.net/top-10-cyber-security-trends-to-watch-in-2020/
Trend of technology and security 2020
Security Framework with Zero-Trust Network
What Is a Zero Trust Network?
•The network is always assumed to be hostile.•External and internal threats exist on the network at all times.•Network locality is not sufficient for deciding trust in a network.•Every device, user, and network flow is authenticated and authorized.•Policies must be dynamic and calculated from as many sources of data as possible.
https://learning.oreilly.com/library/view/zero-trust-networks
Security Framework with Zero-Trust Network
What Is a Zero Trust Network?
Traditional network security architecture breaks different networks (or pieces of a single network) into zones, contained by one or more firewalls
https://learning.oreilly.com/library/view/zero-trust-networks
Security Framework with Zero-Trust Network
Zero Trust Control Plane
which the control plane coordinates and configures. Requests for access to protected resources are first made through the control plane, where both the device and user must be authenticated and authorized
There are three key components in a zero trust network: user/application authentication, device authentication, and trust.
https://learning.oreilly.com/library/view/zero-trust-networks
Security Framework with Zero-Trust Network
Implementing Zero Trust Using the Five-Step Methodology
1. Identify Your Sensitive Data: It's impossible to protect data that you can't see. If you don't know where your enterprise stores data, who specifically uses it, how sensitive it is, or how employees, partners, and customers use it.
2. Map the Data Flows of Your Sensitive Data: It's crucial to understand how data flows across the network and between users and resources. Engaging multiple stakeholders such as application and network architects to create a transaction flow map is important because they bring different information to the conversation
3. Architect Your Network: The actual design of a Zero Trust network should be based on how transactions flow across a network and how users and applications access toxic data
4. Create Your Automated Rule Base: Once the design team has determined the optimum traffic flow, the next step is to determine how to enforce access control and inspection policies at the segmentation gateway.
5. Continuously Monitor the Ecosystem: Another core tenet of the Zero Trust model is to log and
inspect all traffic, not just external traffic, for both malicious activity and areas of improvement.https://www.darkreading.com/attacks-breaches/zero-trust-the-way-forward-in-cybersecurity/a/d-id/1327827
Security Framework with Zero-Trust Network
Network Design for Zero Trust Network
Security Framework with Zero-Trust Network
Network Design for Zero Trust Network
Security Framework with Zero-Trust Network
Network Design for Zero Trust Network
Security Framework with Zero-Trust Network
Network Design for Zero Trust Network
Security Framework with Zero-Trust Network
Network Design for Zero Trust Network
Security Framework with Zero-Trust Network
Zero Trust Network with NIST Security Framework
Security Framework with Zero-Trust Network
CIS Critical Security Controls V.7
Zero Trust Network with NIST Security Framework
Security Framework with Zero-Trust Network
CIS to NIST Cybersecurity Framework
Zero Trust Network with NIST Security Framework
Security Framework with Zero-Trust Network
Network Design for Zero Trust Network
Security Framework with Zero-Trust Network
SEP (CIS 8,19)
ITMS (CIS 1,2,3)
ITMS (CIS 8,19)
WSS,CASB (CIS 7)
WSS,CASB (CIS 7)
ITMS (CIS 1,2,3)
350,000+customers worldwide
~3,500+company wide R&D
$5BFY18E revenue
2100+patents
Leader in 5 Gartner MQsEPP, SWG, DLP, MSS, and CASB
9 SOCthreat response centers
9 Trillion telemetry points
175Mendpoints under protection
Symantec | At a Glance
51
Driving operational improvement following the divestiture of Veritas
• Streamlining operational processes
• Eliminating stranded costs post-Veritas divestiture
Divested Storage
• Enabled Symantec to focus on growing its security business
Transforming Enterprise Security with Integrated Cyber Defense Platform
Leadership across information, users, web, and messaging
Symantec’s Transformation
52
Refocused onCybersecurity1
Improve Enterprise Security Business2
Acquisition3
Acquisition4
Two leading business segmentswith scale, focused management teams,
and strong financial profiles (growth, profitability, cash flow)
Creating Digital Safety Category
Identity Protection transcends hardware refresh
Return to growth, acquisition adjusted
EndpointProtection
EndpointDetection
WorkloadProtection
Management& Compliance
WebProtection
ContentAnalysis
CASB
SecurityAnalysis
Data Protection
Encrypted TrafficManagement
VIP/Identity
InformationCentric Security
EmailProtection
Anti-Phishing
MessageSecurity
Encryption
53
9 global threat response centers
3,800 researchers & engineers
3.7 Trillionlines of telemetry
430 millionnew unique malware
files discovered
40B Web attacks blocked
100Msocial engineering
scams blocked
22,000+cloud apps cataloged
& profiled
WWW
4.5 Billion new queries
processed daily
175MProtected Endpoints 6 Billion
daily Web Intelligence
requests
80MWeb Proxy Users 15,000 Largest
Global Enterprises
CorrelatedData
CorrelatedData
CorrelatedData
CORRELATION ACROSS VECTORS
2017
163MProtected Email Users
2 Billion emails scanned
per day
54
Web Isolation
Endpoint Protection
Mobile
WebSecurityService
DLPSecure Web Gateway
RiskInsight
MessagingGateway
Web Application Firewall
Advanced Threat Protection
MalwareAnalysis
EndpointManagement
Endpoint Protection (SEP, EDR)
Endpoint Protection
CloudVIP
Identity
LocalIntelligence
File
UR
L
Wh
itel
ist
Bla
cklis
t
Cer
tifi
cate
Mac
hin
e Le
arn
ing
SIEM Integration
Data Center Security
EncryptionContent Analysis
Performance Optimization
Cloud DLP CASB
Email Security
WorkloadProtection
Cloud Sandbox
Encryption
Risk &Compliance
Management
EncryptedTraffic
ManagementSecurity Analytics
Third Party Ecosystem
ON
-PR
EM
ISE
SC
LOU
D
Cloud Data Protection
StorageProtection
Cyber SecurityServices
55
SOC Workbench
Integrated Cyber Defense Platform
ASG
MAA
WAF
PacketShaper
DLPSMG
SAP
SSL-VA ATP
AppServer
EmailServer
FileServer
DatabaseServer
CCS ITMS
Server SecurityDCS – Data Center SecurityCCS – Control Compliance SuiteITMS – IT Management Suite
Endpoint SecuritySEP – Symantec Endpoint ProtectionSymantec Endpoint EncryptionDLP EndpointEDR - Endpoint Detection & ResponseVIP – Validation and ID ProtectionSEP Mobile – Mobile Security (Skycure)
Network SecurityASG – Advanced Secure Gateway (Web Gateway)PacketShaper (Bandwidth Management)DLP – Data Loss PreventionMAA – Malware Analysis Appliance (Sandbox)ATP – Advanced Threat ProtectionSSL-VA – SSL Visibility ApplianceSAP – Security Analytic PlatformWAF – Web Application FirewallSMG – Secure Mail GatewayCA+MA – Content Analysis + Malware AnalysisFIREGLASS - Web Isolation
CA+MA
Skycure
FIREGLASS
VIP
Global Intelligence
Network
WebServersDLP
Symantec Blueprint
Server SecurityDCS – Data Center Securityโซลชูัน่รักษาความปลอดภยัส าหรับ serverCCS – Control Compliance Suiteโซลชูัน่ส าหรับตรวจหาชอ่งโหวข่อง server เทียบกบัมาตรฐานหรือข้อบงัคบั ITMS – IT Management Suiteโซลชูัน่ส าหรับบริหารจดัการเคร่ือง client และ server เชน่ ลง patch และ software, เปล่ียน configuration และท า Inventory เป็นต้น
Endpoint SecuritySEP – Symantec Endpoint Protectionซอฟแวร์ส าหรับปอ้งกนั malware เชน่ virus บนเคร่ืองของ usersSymantec Endpoint Encryptionซอฟแวร์ส าหรับเข้ารหสัไฟล์ และ HarddiskDLP Endpointซอฟแวร์ส าหรับปอ้งกนัข้อมลูส าคญัร่ัวไหลEDR - Endpoint Detection & Responseความสามารถในการท างานร่วมกบัระบบ ATP เพ่ือก าจดั unknown malwares ท่ีหลดุมายงัเคร่ืองของผู้ใช้VIP – Validation and ID Protectionซอฟแวร์ส าหรับชว่ยพิสจุน์ตวัตน เพ่ือท า 2 Factor Authentication หรือ One time passwordSkycure – Mobile Securityซอฟแวร์ส าหรับท า security ให้กบัเคร่ือง Mobile (Andriod และ IoS)
Network SecurityASG – Advanced Secure Gateway (Web Gateway)อปุกรณ์เว็บ security ชัน้สงู, กรองเว็บ และปอ้งกนัอนัตราย เชน่ malware จากเว็บPacketShaper (Bandwidth Management)อปุกรณ์บริหารจดัการทราฟฟิค ท า QoS และ monitor การท างานของแอพพลิเคชัน่DLP – Data Loss Preventionระบบตรวจสอบและปอ้งกนัข้อมลูส าคญัร่ัวไหลMAA – Malware Analysis Appliance (Sandbox)อปุกรณ์ตรวจหา unknown malwares หรือ zero-day โดยการ run และตรวจสอบพฤตกิรรมของไฟล์ATP – Advanced Threat Protectionระบบตรวจหาและปอ้งกนั known และ unknown malwares สามารถค้นหาและจ ากดั unknown malwares ท่ีหลดุรอดไปยงัเคร่ือง endpoint ได้SSL-VA – SSL Visibility Applianceอปุกรณ์ถอดรหสัทราฟฟิคประเภท SSLSAP – Security Analytic Platformอปุกรณ์เก็บ packet และชว่ยวิเคราะห์ข้อมลู พร้อมแสดงรายงานทาง security สามารถวิเคราะห์ข้อมลูย้อนหลงัได้WAF – Web Application Firewallอปุกรณ์ไฟล์วอลล์ส าหรับเว็บSMG – Secure Mail Gatewayอปุกรณ์รักษาความปลอดภยัส าหรับ email และปอ้งกนั spamCA+MA – Content Analysis + Malware Analysisอปุกรณ์ชว่ยตรวจจบั known และ unknown malwaresFIREGLASS – Web Isolation อปุกรณ์จ าลองหน้าเว็บด้วยภาพ โดยเปล่ียนหน้าเว็บให้เป็นสตรีมของภาพ สามารถตรวจจบั input ทาง mouse และ keyboard เชน่ การ click หรือ การพิมพ์ข้อความ บนสว่นตา่ง ๆ ของภาพ สามารถปอ้งกนั Malware ได้ 100%
Symantec Blueprint
Endpoint Security for the Cloud Generation
PRODUCTS
Cloud Generation Endpoint Security Portfolio
Single
Agent
PROTECT AGAINST EMERGING THREATS• Adv. Machine Learning
• Behavioral Analysis
• Memory Exploit Mitigation
• Tunable Protection
• Emulator
• SEP Cloud
BLOCK COMMON THREATS• AV Engine
• File reputation
• Intrusion Prevention
• Application and device control
• Power Eraser
• Open API
DETECT AND RESPOND• IOC Hunting and Remediation
• Endpoint Activity Recording
• File-less Threat Detection
• Sandboxing
• Correlation Across Endpoint, Network and Email
• EDR Cloud
HARDEN ENDPOINTS• Application Attack Surface Visibility
• Vulnerability Assessment and Risk Classification
• Untrusted Application Isolation
• Application Defense
PROACTIVESECURITY• Deploy Baits and Decoys
• Enhanced Visibility into Attacker Intent
• High-Fidelity Alerts
• Deception at Scale
SECURE MOBILE ENDPOINTS• Crowd-sourced Intelligence
• Mobile Malware Detection
• Network Threats Protection
• Vulnerability Exploit Protection
PRODUCTS
59
Stop Targeted Attacks and Zero-Day Threats with layered protection
SEP: Most complete protection in the industry
Pre-execution detection of new
and evolving threats
NETWORK FIREWALL & INTRUSION
PREVENTION
DEVICE CONTROL & SYSTEM
LOCKDOWN
BEHAVIOR MONITORING
MEMORY EXPLOIT MITIGATION
REPUTATION ANALYSIS
ADVANCED MACHINE LEARNING
EMULATOR NETWORK FIREWALL & INTRUSION
PREVENTION
Blocks malware before it spreads to your machine
and controls traffic
Determines safety of files and
websites using the wisdom of the community
Monitors and blocks files that
exhibit suspicious behaviors
Blocks zero-day exploits against vulnerabilities in popular software
Control file, registry, and device access and behavior; whitelisting,
blacklisting, etc.
Virtual machine detects malware
hidden using custom packers
Blocks malware before it spreads to your machine
and controls traffic
Enhanced Enhanced Enhanced Enhanced
INCURSIONINFESTATION & EXFILTRATION
INFECTION
65% BETTER SECURITY
EFFICACY OVER SEP 12
Patented real-time cloud lookup for scanning of suspicious files
60
SEP: Most complete protection in the industry
Use APIs to orchestrate a
response from Secure Web
Gateway
POWER ERASER HOST INTEGRITY SECURE WEB GATEWAY
INTEGRATION
SEP EDR(ATP 3.0)
Quarantine, detect unauthorized
change, conduct damage
assessment and ensures
compliance
Aggressive remediation of hard-to-remove
pre-existing infections
Enhanced
Patented real-time cloud lookup for scanning of suspicious files
REMEDIATE
Full endpoint activity recording
and playback. Real-time IOC
hunting, correlation and
response.
PRODUCTS
61
SEP 14Advanced endpoint security solution with hybrid management
that combines Protection, Detection & Response, Deception and Hardening in a single agent and with granular management
SEP CloudAdvanced protection for users and all their devices including
mobile, with fully cloud managed and always up-to-date security that is easy to use and set up in under 5 minutes
• Advanced capabilities: Tunable protection, built-in deception and EDR, Application Isolation and Control add-on, Host Integrity, Mobile Threat Defense (add-on)
• Integrated Cyber Defense: Built-in integrations with web and email gateways and Open APIs for integrations with other vendors
• Advanced capabilities: Cloud EDR add-on, Mobile Security and Device Management, Encryption add-on, Mobile Threat Defense (add-on), Partner Management Console
• Integrated Cyber Defense: Built-in integrations with identity management, and Open APIs for integrations with other vendors
SEP Product Offerings
Same Multilayered Advanced ProtectionMachine Learning, Behavior Analysis, Exploit Prevention, Global Intelligence Network
PRODUCTS
62
Symantec Endpoint Detection & Response Overview
EDR with SEP (ATP: Endpoint) EDR Cloud
Headquarters Data Center
BranchOffice
GINSANDBOX
CORRELATION
Roaming Users & Mac, Linux Endpoints
BranchOffice
Headquarters Data Center
Leverage SEP footprintFull Endpoint Activity Recording
Correlation across Endpoint, Network and Email
Extend EDR to non-SEP endpointsPoint-in-time Scanning
Rule-based automation of best practices
Symantec EDR exposes, contains and resolves breaches resulting from advanced attacks
PRODUCTS
63
Provide incident investigation and response, using SEP agent
Symantec Endpoint Detection & Response ATP: Endpoint
Detect and Investigate suspicious events
Hunt for Indicators of Compromise
Record all events and get complete visibility with incident playback
Fix impacted endpoints, with one click
No new endpoint agent required
SEP Manager
Global Intelligence
Correlation
ATP: EndpointAppliance
Hybrid Sandbox
ATP Console
PRODUCTS
64
SEP Family Provides Complete Endpoint Security with a Single Agent
Anti-Malware
Advanced Malware
Protection
Application Isolation &
Control
Endpoint Detection &
Response
Deception
Mobile Threat Defense
PRODUCTS
65
#1 Reason why customers are adopting SEP14
Effective Protection against Ransomware
WANNACRY:1 billion+ infections
blocked!
PETYA:ZERO reported
infections on SEP 14 endpoints
PRODUCTS
66
Symantec positioned highest for ability to execute and furthest for completeness of vision in the leaders quadrant of 2019 MQ for Endpoint Protection Platforms
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
Source: Gartner, Inc., Magic Quadrant for Endpoint Protection Platforms, Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka, Jan 24, 2018
PRODUCTS
67
Data Loss Prevention
PRODUCTS
Symantec DLP Overview
Locate where your sensitive information resides across your cloud, mobile, network, endpoint and storage systems
DiscoverUnderstand how your sensitive information is being used, including what data is being handled and by whom
MonitorStop sensitive information from being leaked or stolen by enforcing data loss policies and educating employees
Protect
PRODUCTS
69
DISCOVER MONITOR PROTECT
DLP MANAGEMENT CONSOLE
SECURED CORPORATE LANRoaming
DLP ENDPOINT
DMZ
SPAN Port or Tap
MTA or Proxy
DLP NETWORK
DLP STORAGE
DLP CLOUD
PRODUCTS
70
IMAGES
FORM RECOGNITIO
N
Scanned or Electronically-Filled Forms
UNSTRUCTURED TEXT
MACHINE LEARNING
Source Code, Product Designs
DESCRIBED DATA
DESCRIBED CONTENT
MATCHING
Non-indexable data
STRUCTURED DATA
EXACT DATA MATCHING
Account Numbers, Credit Cards,
Government IDs,
UNSTRUCTURED DATA
INDEXED DOCUMENT MATCHING
Financial Reports, Marketing Plans
“Symantec offers the most comprehensive sensitive data detection techniques in the market, with advanced functionality that can cover a wide breadth of data loss scenarios.”Magic Quadrant for Data Loss Prevention, Gartner, January 2016
Gives you the highest accuracy and minimizes false positives
Most comprehensive data detection
FTP
WEB
IM
IPv6
SHAREPOINT
NAS FILERS
DESKTOP EMAIL
WEB APPS
VIRTUAL DESKTOPS
REMOVABLE STORAGE
BOX
O365 EXCHANGE
GMAIL
ManagementFILE SERVERS
EXCHANGE
DATABASES
CLOUD APPS
DLP for Network
DLP for Storage
DLP for Endpoint
DLP for Cloud
Broadest coverage of data loss channels
Unmanaged devicesExtended perimeter
Symantec DLP Management
Console
Managed devices with DLP Endpoint Agent
PoliciesIncidents
Corporate Datacenter
PoliciesIncidents
Extending DLP Cloud with CASB
Apply Fine-Tuned Policies to Cloud Leverage Workflow IntegrationsGain CASB Functionality
• Shadow IT Analysis•Granular Visibility and Control•User Behavior Analytics
Extend DLP to 60+ Cloud Apps
PoliciesIncidents
SymantecCloudDLP
SymantecCASB
PRODUCTS
73
VIP (Validation and ID Protection)
PRODUCTS
81% of Data Breaches Involve Leveraging Weak or Stolen Passwords
Source: Verizon Data Breach Report 2017
RegionalOffice
Headquarters Data Center
Remote Workforce
Personal Devices
Cloud Applications
3rd Party Vendors
PRODUCTS
75
MFA (Multi-Factor Authentication) is the Easiest Way to Protect Passwords
1. Somethingyou KNOW
2. Somethingyou HAVE3. Something
you ARE
PRODUCTS
What is MFA?
76
VIP and VIP Access Manager
Symantec Identity Access Management Solution
• Multi-Factor Authentication (MFA)
• Single Sign On (SSO)
Network(Enterprise Gateway)
Cloud Applications(Access Manager)
Consumer (CDK/API)
PRODUCTS
Made to protect both Enterprise Access as well as Consumer Applications
77
Protect Credentials by Locking Down All Access with Strong Multi-Factor Authentication (MFA)
78
Cloud VPN
NetworkData
PRODUCTS
78
Why VIP?
Cloud-based and zero capital investment(Bring-Your-Own-Credential)
Easy DeploymentAll-in-one pricing, many credential
modalities, and even for consumersEasy authentication methods and
enrollment means end users enjoy a great VIP experience.
Easy-to-Use Designed to Integrate
With the security and trust you expect from Symantec
APICDK
FIDOOATHPUSH
B2CB2E
RadiusSAML
PRODUCTS
79
Email Security for the Cloud Generation
PRODUCTS
Integrated
Solution
Email Security Portfolio Overview
PREVENT DATA LEAKAGE• Advanced Detection Technologies
• Multi-Channel Data Protection
• Policy-Driven Controls
• Push & Pull Encryption
PROACTIVELY PREVENT ATTACKS• Customizable Security Assessments
• Detailed Reporting & Visibility
• Integrated User Education
ISOLATE DANGEROUS THREATS• Malicious URL Isolation
• Attachment Isolation
• Credential Theft Protection
PROTECT AGAINST EMERGING THREATS• Machine Learning & Sandboxing
• Click-Time Protection
• Advanced Email Security Analytics
• SOC Integration
• Threat Remediation
STOP PHISHING ATTACKS• Link Protection
• Impersonation Controls
• Phishing Variant Detection
• Behavioral Analysis
BLOCK COMMON THREATS• Heuristics
• Reputation Analysis
• Connection-level Detection
• AV Engine
PRODUCTS
81
The Cloud Generation Email Security Solution
Solution Overview
• Protects against targeted attacks, ransomware, spear phishing & business email compromise
• Gives deep visibility into advanced attacks and accelerates threat response
• Controls sensitive data and helps meet compliance & privacy requirements
• Reduces business risks by training employees to recognize & report email attacks
Cloud Service or On-premises Appliance
On-Premises Email Server
Third-Party Email Server
Inbound/Outbound
Inbound/Outbound
Inbound/Outbound
ImpersonationControls
Security Awareness
Data ProtectionPolicy-Based Encryption
Anti-SpamAnti-Malware
Advanced Threat Protection
Threat Isolation
Email Analytics
Messaging Gateway
PRODUCTS
82
Most Complete Protection in the Industry
CONNECTION LEVEL
MALWARE & SPAM DEFENSE
ADVANCED MACHINE LEARNING
LINK PROTECTION
BEHAVIOR ANALYSIS
IMPERSONATION CONTROL
SANDBOXING
SMTP firewall, sender reputation
and authentication
reduce risks and throttle bad connections
Evaluates malicious links at
email delivery and time of click with advanced
phishing variant detection
Analyzes code for malicious
characteristics
Heuristics, reputation, and signature based engines evaluate files and URLs for
email malware & spam
Detonates only truly unknown files in both
physical and virtual environments
Global Intelligence Network
MALWARE & SPAM PROTECTION
Identifies new, crafted, and
hidden malware by examining the
behavior of suspicious email
PHISHING DEFENSE EMERGING THREAT PREVENTION
Blocks Business Email Compromise and other spoofing
attacks
PRODUCTS
83
Phishingemail
Isolated site+
Read-only
User clickson link
Mail serverSymantec Cloud Email Security
Links transformed to redirect through Web Isolation
Email Isolation Portal
Email Threat IsolationPRODUCTS
84
Visibility Into Targeted & Advanced AttacksAdvanced Email Security
Analytics
60+ Data Points on Clean and Blocked Emails
Email Volume
Malicious Email Senders & Recipients
Severity Level
Sandbox Detonation Information
Malware Category
URLInformation
Malicious Email Theme or Topic
Detection Method
File Hashes
ATP Platform
Symantec Managed Security
Services
Correlation & Response
Export Intelligence
Identify targeted attack recipients
Correlate threats with endpoints
Feed URLs into web proxy
Find patterns in threats
Monitor email logs
Benefits
Accelerate Threat Response
PRODUCTS
85
Gain Complete and Integrated Email Security with a Single Vendor Email Security
Advanced Threat
Protection
Email Encryption
Threat Isolation
Data Loss Prevention
Security Awareness
PRODUCTS
86
Symantec Web Isolation (Fireglass)
PRODUCTS
KnownBad
uncategorized or potentially risky* domains
Unknown/Risky
KnownGood
The Threat of the Unknown Web
THE CHALLENGE• Millions of new sites created every day
• 71% of all host names exist for 24 hours or less
• Many are legitimate, but some offer ideal cover for hackers launching attacks
• Difficult to assess w. traditional “detection” approaches
• Customizing protection without over-blocking
“HOW CAN I INCREASE SECURITYWITHOUT OVER-BLOCKING?”
Parameter
BLOCK
ALLOW
/BLOCK?
ALLOW?
PRODUCTS
88
Market View on Web Isolation
• Web isolation is a new threat prevention approach • Sometimes referred to as Remote
Browsing, but has broader applications for use
• Identified as top technology in 2016 & 2017
• Gartner predicts that over 50% of enterprises will adopt web isolation
“Evaluate and pilot a remote browser solution in 2017 as one of the most significant ways an enterprise can reduce the ability of web-based attacks on users to cause damage”
PRODUCTS
89
Web Isolation Fundamentals
Browsing session is secured through isolation; access not blocked• Everything assumed to be malicious
• All code and content prevented from reaching endpoints
• Enables access to unknown/risky content where there is a legitimate need
Web isolation eliminates patient zero• Isolation prevents infections before
they ever happen• Even zero-day vulnerabilities
• Malware has become extremely violent (e.g. ransomware) with close to zero dwell time for detection and remediation
PRODUCTS
90
RenderExecuteDownload
Web Isolation Architecture
Web
Documents
Risks User
User gestures
100% safe rendering information
Seamless browsing experience
Isolate both web and email, including documents
Secure Disposable Container
Secure Disposable Container
Secure Disposable Container
100101001010110100110010101
101010011010
011110
100101001010110100110010101
101010011010
011110
100101001010110100110010101
101010011010
011110
Symantec Web Isolation
PRODUCTS
91
Problem: Over-blocking the “Middle Ground” Sites
Web access policy:• Always allow
certain categories/sites
• Always block certain categories/sites
• Key Issue –Middle Ground• Over-block –
creates user issues
• Under-block –Increased risk of malware
Allowed Categories
Categories where some access may be required
Uncategorized Threat Cats
Health, Financial Services, etc.
Dynamic DNS Host
File Storage/Sharing
Hacking Uncategorized SuspiciousMalicious in/out…
…
ALLOW
ALLOW or DENY… DENY… MOSTLY
DENYDENY
…depending on organizational needs
Often requires additional ops to whitelist specific
domains/users
…for securitybest practices at the expense
of user experience.
Often requires additional ops
to whitelist specific
domains/users
SomeAllow
SomeAllow
LIST (WEB)
92
Web isolation with proxy using website categories
Stop Over-blocking
Web access policy:• Always allow
certain categories/sites
• Always block certain categories/sites
• Middle ground categories/sites get isolated• Expanded access
with no malware risk
Allowed Categories
Categories where some access may be required
Uncategorized Threat Cats
Health, Financial Services, etc.
Dynamic DNS Host
File Storage/Sharing
Hacking Uncategorized SuspiciousMalicious in/out…
…
ALLOW ISOLATE DENY
LIST (WEB)
93
Email Integration (Cloud and On-premises)
Phishingemail
Isolated site+
Read-only
User clickson link
Mail serverSymantec Messaging Solutions
Messaging Gateway rewrites link to direct to Symantec Click-Time URL Protection
Web Isolation Portal
URL risk rating analyzed in real-time to accurately isolate unknown or
suspicious sites
Global Threat Intelligence Network (GIN)
Click-time URLProtection
PRODUCTS
94
Web Security Service
PRODUCTS
Network Security Challenges
Mobile Workers
Headquarters Data Center
PublicCloud
IaaS/PaaS
PublicSaaSApps
WEB & SHADOW IT
Can I use cloud to simplify the ongoing use and operation of my
entire network security stack?
How can I ensure compliance & security of sensitive data in
O365, Dropbox, SFDC, and other cloud apps?
How do I protect myself from advanced threats
hidden inside traffic that is increasingly encrypted?
How can I secure my transforming network,
which is being stressed by web/cloud adoption and
remote/mobile users?
RegionalOffice
Stress on existing architecture:Backhauling to leverage security stack in datacenter- Expensive and slow - Complex security and compliance challenges
PRODUCTS
96
A Full Network Security Stack Delivered In the Cloud
Web Security Service
Web Security Service
Complete Network Security and the Power of HTTP Proxy to Secure AccessDeep Proxy for Web, Mobile, & Cloud Applications
Advanced Threat ProtectionMultiple antimalware inspection engines & sandbox, plus complete web isolation (Spring 18)
Information ProtectionEnterprise grade DLP from Symantec or data orchestration to your preferred vendor
Advanced User AuthenticationUser and group policy integrated with SYMC VIP and leading 3rd Identity Services
Secure SSL/TLS Decrypt to Enable InspectionStrong cipher & protocol support doesn’t degrade security, with privacy compliant selective decrypt
High Availability, High Capacity Global Access Backbone That Accelerates User Performance
Architect for High Availability
3rd PartyMonitoring
Telco POPBackbone
Elastic CloudSvc Structure
Accelerate Performance of O365 & Cloud Apps
Content Peering &Connection Scaling
Automated Policy & Content Acceleration
RoamingUsers
Remote Sites
Headquarters Data Center
PRODUCTS
97
Multiple Layers of Cloud Malware/ATP Defense
USER
Requests a File Download
Web Security Service Malware Analysis Service
Web Filtering and Categorization
1
Proxy Function
Web Threat Protection
Granular policy control fed by GIN, SSL
inspection and web application controls
Equivalent to ProxySGfunctionality
Black/White Lists + Multi-layered Analysis
2
Content Analysis
Allow Known Good, Block Known Bad
White/black lists (60+ vendors/4B+ files), dual anti-malware engines
Predictive file analysis (“known bad” static indicator matching)
Sandboxing and Behavioral Analysis
3
Malware Analysis
Analyze Unknown Files and Hold for Verdict at
the ProxyDual detonation
(virtual / emulation)
Behavioral and static (YARA) analysis, interact with
malware during detonation, custom risk scoring
PRODUCTS
98
Web Isolation With Web Security Service
99
Browsing session is secured through isolation; access not blocked• Everything assumed to be malicious
• All code and content prevented from reaching endpoints
• Enables access to unknown/risky content where there is a legitimate need
▪ Selective isolation of risky/uncategorized sites
▪ Full isolation of web browsing of privileged users
PRODUCTS
App Rating Database
Logs
Intelligence of 21,000+ Apps
Shadow IT Visibility
Scalable Proxy Policy to Control & Manage Risk
CASB Audit
Analytics
Web Security Service Audit & Policy Integration
Integrate CASB with Web Access Governance
OfficesRoaming/Mobile Users
Audit – AppFeed
GIN
Symantec Web Security Service
100
PRODUCTS
Simplified Governance & Accelerated User Experience
Optimized for Office 365
End
User
WSS4
2
3
Content Provider9
6
517
WIT
HO
UT
PEE
RIN
G
8
WIT
H P
EER
ING
End
User
2
Content Providers
1
WSS4
3
Auto-Alignment: Simplify Powerful Proxy
Policy for O365
Automate Classification of Office 365 Application Traffic
Synchronize Rapidly Changing O365 IP’s and URLs with MSFT
Enforce Security Policy
Simplify Governance
Accelerate Connections with TCP Window Scaling
Wider Transfer Windows
Increased Bandwidth Throughput
Fewer Round Trips & Reduced Latency
Accelerate User Experience
Optimize Content Delivery with Content Peering
Fewer “Hops”
Faster Path
Lower Latency
Quality of Service Controls
O365 Bandwidth Controls
TCP Window
PRODUCTS
101
SSAE16ISO 27001
Symantec WSS Global Cloud Infrastructure
• Any customer / any data center
• Standard 99.999% availability SLA
• Automatic closest data center selection
• >50% capacity utilization expansion trigger
• Hosted at top tier infrastructure providers
• Redundant within and between locations
• >55 service points https://www.symantec.com/products/web-and-cloud-security/cloud-delivered-web-security-services/resources
Symantec Web Security Service Cloud Footprint
102
PRODUCTS
9 global threat response centers
3,800 researchers & engineers
3.7 Trillionlines of telemetry
430 millionnew unique malware
files discovered
40B Web attacks blocked
100Msocial engineering
scams blocked
22,000+cloud apps cataloged
& profiled
WWW
4.5 Billion new queries
processed daily
175MProtected Endpoints 6 Billion
daily Web Intelligence
requests
80MWeb Proxy Users 15,000 Largest
Global Enterprises
CorrelatedData
CorrelatedData
CorrelatedData
CORRELATION ACROSS VECTORS
163MProtected Email Users
2 Billion emails scanned
per day
103
Deploy to Match Your Needs
True Hybrid Security
Private
Physical
Virtual Appliances
Virtual
IaaS
Public
Services
SaaS
ProxySG & ASGAppliances
VSWG SG VA
VSWGAWS AMI
Web SecurityService
Universal Policy
104
Consistent Policy for On-Prem, Mobile Users, Virtual
Centralize Reporting, Admin, & Policy with Management Center
Simply Extend Policy to Cloud Web Security Service
PRODUCTS
Cloud Access Security Broker (CASB)
PRODUCTS
25% of Cloud Docs are Broadly Shared1
1 1H 2016 Shadow Data Report
Proliferation of Cloud Apps
Variety of Endpoints
Shadow Data Problem
Compromised Accounts
Risk Assessment
Intrusion Detection
Proxy/Firewall
DLP
Incident Response
Investigations
Malware Detection
New Challenges
106
CASB Architecture
OutsidePerimeter
EnterprisePerimeter
Proxy Sec Events
CASB APIs
CASB Gateway
Shadow IT Discovery & Controls
Cloud Compliance
Tokenization
Cloud Incident Response
Cloud Investigations
Cloud Policy & Remediation
Cloud DLP
Cloud Intrusion Detection
Cloud Malware Detection
PRODUCTS
107
CASB 1.0PRODUCTS
108
Endpoint Security
Data LossPrevention
WebSecurity
Encryption
UserAuthentication
ATP
CASB 2.0 - CloudSOC™ PRODUCTS
109