Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Enterprise SSL Security – Symantec Vision 2012
Making Your Enterprise SSL Security Less of a Gamble
Rob Glickman
Sr. Director, Product Marketing
Amar Doshi
Sr. Manager, Product Management
The VeriSign Seal is Now the Norton Secured Seal
Authentication | Identity Validation | Encryption | Security
Still the Most Recognized Trust Mark on the Internet
2 Enterprise SSL Security
Help enterprises secure and protect their business
Help SMBs grow their online business via our brand
Assure businesses and consumers that the website is highly-trusted and secure
Now even more powerful at inspiring consumer trust and confidence
Cyber Attacks On The Rise Everyone Has a Part to Play To Help Combat These
Enterprise SSL Security
Frequency of cyber attacks experienced by enterprises*
Viruses, worms, trojans
Malware
Botnets
Web-based attacks
Stolen devices
Malicious code
Malicious insiders
Phishing & social engineering
Denial of service
100%
96%
82%
64%
44%
42%
30%
30%
4%
* Source: Ponemon Institute 2012
How We Play Our Part: A 3600 View of Website Security Strategy
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
3600 View: Step 1
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
Your Website: End-to-End User Protection Proves Critical
Enterprise SSL Security
‘Always On SSL’ Deployment
Enterprise SSL Security
Early Adopters
• Persistent security across website from arrival to login to logout
• Proven, practical security measure for all websites where users share or view
sensitive information
• High adoption rate in the financial industry and across major online properties
Alexa’s Top Sites Are Also Implementing ‘Always On SSL’
Enterprise SSL Security
3600 View: Step 2
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
SSL Usage Across the Enterprise Is Driven By Trends
Enterprise SSL Security
When an SSL Certificate Expires…Chaos
Enterprise SSL Security
Chaos Drives Costs, Losses & Brand Damage
Enterprise SSL Security
CALLS TO TECH SUPPORT
USERS TRAINED TO IGNORE WARNINGS
LOST PRODUCTIVITY
MISSED SALES OPPORTUNITIES
DEFECTION TO COMPETITORS
DAMAGE TO BRAND AND CREDIBILITY
CALLS TO CUSTOMER SUPPORT
INTE
RN
AL
AP
PLI
CA
TIO
NS EX
TERN
AL
AP
PLIC
ATIO
NS
Many teams that manage our combined infrastructure and each following a different informal process – no controls
Constantly changing team with people unfamiliar with our process for requesting, installing and managing SSL
No solid process or tooling in place to appropriately manage SSL holistically including EOL of services
Inherited a team or company through reorganization or acquisition, and was not aware the certificate existed
And The Most Common Reasons Provided
Every application follows a different SSL installation process; complexity and variance of approach causes mistakes
The person responsible left the company and there was no way to identify and transition to someone new
Enterprise SSL Security
INHERITED INFRASTRUCTURE
GENERAL PROCESS ISSUES
TRAINING CONSTRAINTS
TOO MANY COOKS
ADMIN LEFT THE COMPANY
TOO MUCH VARIANCE
“I don’t really know what’s in my network, and where! My teams
have a hard time keeping our SSL installation inventory current and
accurate.”
“Certificate expiration presents a huge risk with revenue impact to my business
and loss of productivity.”
“Enforcing my SSL policies across the enterprise is not feasible with my tools
today. Fines for not being compliant with regulations add up!”
“Enabling my teams to spend their valuable time on items other than SSL installation and life cycle management
would be ideal.”
Increasing Asset
VISIBILITY Maintaining
CONTINUITY
Meeting and Remaining
COMPLIANT Increasing Operational
EFFICIENCY
Enterprise Challenges with SSL Management
Enterprise SSL Security
Discover the Power of: Symantec Certificate Intelligence Center Monitor and Manage your SSL Certificate enterprise environment
Enterprise SSL Security
SSL Certificate Discovery
Reports and Audit
Alert and Notification
Management
User and Administration Management
Server Risk Assessment
What Customers Have Said About CIC
Enterprise SSL Security
I didn’t realize we have these many CAs in our environment until CIC. We need to consolidate! - Telecom Operator Great reports and visibility into
data to help us plan. We can’t afford expirations in our business. - Social Networking Company
The scans were easy to configure once the sensors were setup. Provided great results and some very useful insights into our SSL lay of the land. - Enterprise Software Company
CIC did what it said it would do. We want to roll this out to all our BUs. - Hosting Provider
21
22
23
24
25
26
Symantec Certificate Intelligence Center for Mobile Discover and manage SSL certificates issued from any Certificate Authority. Anytime. Anyplace.
Enterprise SSL Security
• Maintain business continuity:
• Minimize risks of unavailable or unknown website services across enterprise network
• Enhance Agility:
• Remediate out-of-status SSL certificates quickly
• Increase Operational Visibility:
• Provide up-to-date data and information on SSL certificate inventory for compliance and management control
Releasing May 2012
3600 View: Step 3
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
Cyber Attack Vectors
Enterprise SSL Security
Frequency of cyber attacks experienced by enterprises*
44%
42%
30%
30%
4%
Stolen devices
Malicious code
Malicious insiders
Phishing & social engineering
Denial of service
100%
96%
82%
64%
Viruses, worms, trojans
Malware
Botnets
Web-based attacks
* Source: Ponemon Institute
Today’s Web Threat Lifecycle
Source: 2010-2012 Symantec Research Enterprise SSL Security
signatures created per day 13,300
emails are Phishing 1in298
More Malware Variations
Attack Target Users vs Machines
Unique websites containing malware 1in156
Increasing Attack Success
of malicious websites are legitimate, but compromised sites 61%
Web 2.0 is the Catalyst
increase of Web-based
Attacks
93%
Easy way to identify the most critical vulnerabilities on your website most commonly exploited
• Check for SQL injection, Cross Site scripting and other vulnerabilities
• Weekly scan for the entry points frequently used for attacks
• Easy-to-read, actionable report
Vulnerability Assessment
Discover the Power of: Website Protection
Enterprise SSL Security
Protect you from being blacklisted by search engines and reduce risk of propagating viruses to customers’ systems:
• Daily review for malicious code
• Immediate alert by email warns of malware infection
• List of infected pages and problems help pinpoint and remove malware
Malware Scanning
Symantec Recommends:
Enterprise SSL Security
Gain visibility and control of certificates using appropriate tools to reduce risk of business interruption and increase compliance
Turn on ‘Always-On SSL’ to protect customer’s identities, enhance their experience, and strengthen your brand position
Use value-add features like malware, vulnerability scanning & display of trust seals to validate web site security and drive more trusted customer interactions
Check out the 2012 Symantec ISTR – Just Released
Enterprise SSL Security
2012 ISTR:
www.symantec.com/threatreport/
Always-On SSL:
go.symantec.com/always-on-ssl/
Symantec Certificate Intelligence Center:
go.symantec.com/certificate-intelligence-center
Symantec Website Security Solutions
www.symantec.com/ssl
Q & A Rob Glickman
Amar Doshi
Enterprise SSL Security
Thank You!