Making Your Enterprise SSL Security Less of a Gamble B31.pdf · Enterprise SSL Security – Symantec Vision 2012 Making Your Enterprise SSL Security Less of a Gamble Rob Glickman

Enterprise SSL Security – Symantec Vision 2012

Making Your Enterprise SSL Security Less of a Gamble

Rob Glickman

Sr. Director, Product Marketing

Amar Doshi

Sr. Manager, Product Management

The VeriSign Seal is Now the Norton Secured Seal

Authentication | Identity Validation | Encryption | Security

Still the Most Recognized Trust Mark on the Internet

2 Enterprise SSL Security

Help enterprises secure and protect their business

Help SMBs grow their online business via our brand

Assure businesses and consumers that the website is highly-trusted and secure

Now even more powerful at inspiring consumer trust and confidence

Cyber Attacks On The Rise Everyone Has a Part to Play To Help Combat These

Enterprise SSL Security

Frequency of cyber attacks experienced by enterprises*

Viruses, worms, trojans

Malware

Botnets

Web-based attacks

Stolen devices

Malicious code

Malicious insiders

Phishing & social engineering

Denial of service

100%

96%

82%

64%

44%

42%

30%

30%

4%

* Source: Ponemon Institute 2012

How We Play Our Part: A 3600 View of Website Security Strategy


End-to-End protection of user

experience on web site

Assurance of Persistent Protection

Web site Security

3600 View: Step 1





Web site Security

Your Website: End-to-End User Protection Proves Critical


‘Always On SSL’ Deployment


Early Adopters

• Persistent security across website from arrival to login to logout

• Proven, practical security measure for all websites where users share or view

sensitive information

• High adoption rate in the financial industry and across major online properties

Alexa’s Top Sites Are Also Implementing ‘Always On SSL’


3600 View: Step 2





Web site Security

SSL Usage Across the Enterprise Is Driven By Trends


When an SSL Certificate Expires…Chaos


Chaos Drives Costs, Losses & Brand Damage


CALLS TO TECH SUPPORT

USERS TRAINED TO IGNORE WARNINGS

LOST PRODUCTIVITY

MISSED SALES OPPORTUNITIES

DEFECTION TO COMPETITORS

DAMAGE TO BRAND AND CREDIBILITY

CALLS TO CUSTOMER SUPPORT

INTE

RN

AL

AP

PLI

CA

TIO

NS EX

TERN

AL

AP

PLIC

ATIO

NS

Many teams that manage our combined infrastructure and each following a different informal process – no controls

Constantly changing team with people unfamiliar with our process for requesting, installing and managing SSL

No solid process or tooling in place to appropriately manage SSL holistically including EOL of services

Inherited a team or company through reorganization or acquisition, and was not aware the certificate existed

And The Most Common Reasons Provided

Every application follows a different SSL installation process; complexity and variance of approach causes mistakes

The person responsible left the company and there was no way to identify and transition to someone new


INHERITED INFRASTRUCTURE

GENERAL PROCESS ISSUES

TRAINING CONSTRAINTS

TOO MANY COOKS

ADMIN LEFT THE COMPANY

TOO MUCH VARIANCE

“I don’t really know what’s in my network, and where! My teams

have a hard time keeping our SSL installation inventory current and

accurate.”

“Certificate expiration presents a huge risk with revenue impact to my business

and loss of productivity.”

“Enforcing my SSL policies across the enterprise is not feasible with my tools

today. Fines for not being compliant with regulations add up!”

“Enabling my teams to spend their valuable time on items other than SSL installation and life cycle management

would be ideal.”

Increasing Asset

VISIBILITY Maintaining

CONTINUITY

Meeting and Remaining

COMPLIANT Increasing Operational

EFFICIENCY

Enterprise Challenges with SSL Management


Discover the Power of: Symantec Certificate Intelligence Center Monitor and Manage your SSL Certificate enterprise environment


SSL Certificate Discovery

Reports and Audit

Alert and Notification

Management

User and Administration Management

Server Risk Assessment

What Customers Have Said About CIC


I didn’t realize we have these many CAs in our environment until CIC. We need to consolidate! - Telecom Operator Great reports and visibility into

data to help us plan. We can’t afford expirations in our business. - Social Networking Company

The scans were easy to configure once the sensors were setup. Provided great results and some very useful insights into our SSL lay of the land. - Enterprise Software Company

CIC did what it said it would do. We want to roll this out to all our BUs. - Hosting Provider

21

22

23

24

25

26

Symantec Certificate Intelligence Center for Mobile Discover and manage SSL certificates issued from any Certificate Authority. Anytime. Anyplace.


• Maintain business continuity:

• Minimize risks of unavailable or unknown website services across enterprise network

• Enhance Agility:

• Remediate out-of-status SSL certificates quickly

• Increase Operational Visibility:

• Provide up-to-date data and information on SSL certificate inventory for compliance and management control

Releasing May 2012

3600 View: Step 3





Web site Security

Cyber Attack Vectors


Frequency of cyber attacks experienced by enterprises*

44%

42%

30%

30%

4%

Stolen devices

Malicious code

Malicious insiders

Phishing & social engineering

Denial of service

100%

96%

82%

64%

Viruses, worms, trojans

Malware

Botnets

Web-based attacks

* Source: Ponemon Institute

Today’s Web Threat Lifecycle

Source: 2010-2012 Symantec Research Enterprise SSL Security

signatures created per day 13,300

emails are Phishing 1in298

More Malware Variations

Attack Target Users vs Machines

Unique websites containing malware 1in156

Increasing Attack Success

of malicious websites are legitimate, but compromised sites 61%

Web 2.0 is the Catalyst

increase of Web-based

Attacks

93%

Easy way to identify the most critical vulnerabilities on your website most commonly exploited

• Check for SQL injection, Cross Site scripting and other vulnerabilities

• Weekly scan for the entry points frequently used for attacks

• Easy-to-read, actionable report

Vulnerability Assessment

Discover the Power of: Website Protection


Protect you from being blacklisted by search engines and reduce risk of propagating viruses to customers’ systems:

• Daily review for malicious code

• Immediate alert by email warns of malware infection

• List of infected pages and problems help pinpoint and remove malware

Malware Scanning

Symantec Recommends:


Gain visibility and control of certificates using appropriate tools to reduce risk of business interruption and increase compliance

Turn on ‘Always-On SSL’ to protect customer’s identities, enhance their experience, and strengthen your brand position

Use value-add features like malware, vulnerability scanning & display of trust seals to validate web site security and drive more trusted customer interactions

Check out the 2012 Symantec ISTR – Just Released


2012 ISTR:

www.symantec.com/threatreport/

Always-On SSL:

go.symantec.com/always-on-ssl/

Symantec Certificate Intelligence Center:

go.symantec.com/certificate-intelligence-center

Symantec Website Security Solutions

www.symantec.com/ssl

Q & A Rob Glickman

[email protected]

Amar Doshi

[email protected]


Thank You!

mailto:[email protected]

mailto:[email protected]

Documents

Making Your Enterprise SSL Security Less of a Gamble B31.pdf · Enterprise SSL Security – Symantec Vision 2012 Making Your Enterprise SSL Security Less of a Gamble Rob Glickman