Making Your Enterprise SSL Security Less of a Gamble B17.pdfMaking Your Enterprise SSL Security Less of a Gamble Andrew Horbury Sr. Manager, Product Marketing Dave Corbett Sr. Manager,

Enterprise SSL Security – Symantec Vision 2012

Making Your Enterprise SSL Security Less of a Gamble

Andrew Horbury

Sr. Manager, Product Marketing

Dave Corbett

Sr. Manager, Product Management

SYMANTEC VISION 2012

The VeriSign Seal is Now the Norton Secured Seal

Authentication | Identity Validation | Encryption | Security

Still the Most Recognised Trust Mark on the Internet

2 Enterprise SSL Security

Helps enterprises secure and protect their business

Helps SMBs grow their online business via our brand

Assure businesses and consumers that the website they are visiting is highly-trusted and secure.

Now even more powerful at inspiring consumer trust and confidence


Cyber Attacks On The Rise Everyone Has a Part to Play To Help Combat These

Enterprise SSL Security

Frequency of cyber attacks experienced by enterprises*

Viruses, worms, trojans

Malware

Botnets

Web-based attacks

Stolen devices

Malicious code

Malicious insiders

Phishing & social engineering

Denial of service

100%

96%

82%

64%

44%

42%

30%

30%

4%

* Source: Ponemon Institute 2012


How We Play Our Part: A 3600 View of Website Security Strategy


End-to-End protection of user

experience on web site

Assurance of Persistent Protection

Web site Security


3600 View: Step 1





Web site Security


Your Website: End-to-End User Protection Proves Critical


Read: http://www.wired.com/gadgetlab/2012/08/apple-

amazon-mat-honan-hacking/all/

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/











‘Always On SSL’ Deployment


Early Adopters

• Persistent security across website from arrival to login to logout

• Proven, practical security measure for all websites where users share or view

sensitive information

• High adoption rate in the financial industry and across major online properties


Top Sites Are Also Implementing ‘Always On SSL’



3600 View: Step 2





Web site Security


SSL Usage Across the Enterprise Is Driven By Trends



When an SSL Certificate Expires…Chaos



Chaos Drives Costs, Losses & Brand Damage


CALLS TO TECH SUPPORT

USERS TRAINED TO IGNORE WARNINGS

LOST PRODUCTIVITY

MISSED SALES OPPORTUNITIES

DEFECTION TO COMPETITORS

DAMAGE TO BRAND AND CREDIBILITY

CALLS TO CUSTOMER SUPPORT

INTE

RN

AL

AP

PLI

CA

TIO

NS EX

TERN

AL

AP

PLIC

ATIO

NS

12


Many teams that manage our combined infrastructure and each following a different informal process – no controls

Constantly changing team with people unfamiliar with our process for requesting, installing and managing SSL

No solid process or tooling in place to appropriately manage SSL holistically including EOL of services

Inherited a team or company through reorganization or acquisition, and was not aware the certificate existed

And The Most Common Reasons Provided

Every application follows a different SSL installation process; complexity and variance of approach causes mistakes

The person responsible left the company and there was no way to identify and transition to someone new


INHERITED INFRASTRUCTURE

GENERAL PROCESS ISSUES

TRAINING CONSTRAINTS

TOO MANY COOKS

ADMIN LEFT THE COMPANY

TOO MUCH VARIANCE

13


“I don’t really know what’s in my network, and where! My teams

have a hard time keeping our SSL installation inventory current and

accurate.”

“Certificate expiration presents a huge risk with revenue impact to my business

and loss of productivity.”

“Enforcing my SSL policies across the enterprise is not feasible with my tools

today. Fines for not being compliant with regulations add up!”

“Enabling my teams to spend their valuable time on items other than SSL installation and life cycle management

would be ideal.”

Increasing Asset

VISIBILITY Maintaining

CONTINUITY

Meeting and Remaining

COMPLIANT Increasing Operational

EFFICIENCY

Enterprise Challenges with SSL Management

Enterprise SSL Security 14


Discover the Power of: Symantec Certificate Intelligence Center

Monitor and Manage your SSL Certificate enterprise environment


SSL Certificate Discovery

Reports and Audit

Alert and Notification

Management

User and Administration Management

Server Risk Assessment

15

SYMANTEC VISION 2012 Enterprise SSL Security 16

Telecom Operator

I didn’t realise we had this many CAs in our environment until CIC. We need to consolidate!

What Customers Have Said About CIC

Great reports and visibility into data to help us plan. We can’t afford expirations in our business. Social Networking Company

The scans were easy to configure once the sensors were setup. Provided great results and some very useful insights into our SSL lay of the land. Enterprise Software Company

CIC did what it said it would do. We want to roll this out to all our BUs. Hosting Provider












Symantec Certificate Intelligence Center for Mobile

Discover and manage SSL certificates issued from any Certificate Authority. Anytime. Anyplace.


• Maintain business continuity:

• Minimise risks of unavailable or unknown website services across enterprise network

• Enhance Agility:

• Remediate out-of-status SSL certificates quickly

• Increase Operational Visibility:

• Provide up-to-date data and information on SSL certificate inventory for compliance and management control

27


3600 View: Step 3





Web site Security


Cyber Attack Vectors


Frequency of cyber attacks experienced by enterprises*

44%

42%

30%

30%

4%

Stolen devices

Malicious code

Malicious insiders

Phishing & social engineering

Denial of service

100%

96%

82%

64%

Viruses, worms, trojans

Malware

Botnets

Web-based attacks


Today’s Web Threat Lifecycle

Source: 2010-2012 Symantec Research


signatures created per day 13,300

emails are Phishing 1in298

More Malware Variations

Attack Target Users vs. Machines

Unique websites containing malware 1in156

Increasing Attack Success

of malicious websites are legitimate, but compromised sites 61%

Web 2.0 is the Catalyst

increase of Web-based

Attacks

93%


Easy way to identify the most critical vulnerabilities on your website most commonly exploited

• Check for SQL injection, Cross Site scripting and other vulnerabilities

• Weekly scan for the entry points frequently used for attacks

• Easy-to-read, actionable report

Vulnerability Assessment

Discover the Power of: Website Protection


Protect you from being blacklisted by search engines and reduce risk of propagating viruses to customers’ systems:

• Daily review for malicious code

• Immediate alert by email warns of malware infection

• List of infected pages and problems help pinpoint and remove malware

Malware Scanning


Symantec Recommends:


Gain visibility and control of certificates using appropriate tools to reduce risk of business interruption and increase compliance

Turn on ‘Always-On SSL’ to protect customer’s identities, enhance their experience, and strengthen your brand position

Use value-add features like malware, vulnerability scanning & display of trust seals to validate web site security and drive more trusted customer interactions


For more information


2012 ISTR:

www.symantec.com/threatreport/

Always-On SSL:

go.symantec.com/always-on-ssl/

Symantec Certificate Intelligence Center:

go.symantec.com/certificate-intelligence-center

Symantec Website Security Solutions

www.symantec.com/ssl

Q & A Andrew Horbury

[email protected]

Dave Corbett

[email protected]


Thank You!

Documents

Making Your Enterprise SSL Security Less of a Gamble B17.pdfMaking Your Enterprise SSL Security Less of a Gamble Andrew Horbury Sr. Manager, Product Marketing Dave Corbett Sr. Manager,