Embed Size (px)
Citation preview
Symantec Website Security Threat Report 2016
Lee-Lin Thye
Senior Product Marketing Manager
Introducing Symantec, the Global Website Security Leader
Copyright © 2016 Symantec Corporation2
*Source:Customer analysis using Fortune 500 Pub. 2015, Forbes Global 2000 Pub. 2015, Internet Retailer Top 500 guide 2015 Edition, Internet Retailer Europe Top 500 Guide 2015 Edition, Internet Retailer Latin America Top 500 Edition 2015
Discover Symantec Website Security Threat Report
• Annual report on internet threat data around the world
• Source: Symantec™ Global Intelligence Network– 63.8 million attack sensors
– records thousands of events per second
– threat activity compiled from over 157 countries and territories through a combination of Symantec products and services:• Symantec DeepSight™ Intelligence• Symantec™ Managed Security Services• Norton™ consumer products• Symantec™ Website Security• And other 3rd party data sources
• World’s most comprehensive vulnerability database– 66,400 recorded vulnerabilities
– 21,300 vendors
– 62,300 products
Spam, Phishing, and Malware
• Sources for Data Capture include:
– Symantec Probe Network
• More than 5 million decoy accounts
– Symantec.cloud
– Symantec Website Security
• Secures more than 1,000,000 web servers worldwide with 100 percent availability
• Secures more than 83 percent of global ecommerce revenue
• Validates revocation status of more than 6 billion Online Certificate Status Protocol (OCSP) look-ups per day
• Norton Secured Seal is displayed almost one billion times per day on websites in 170 countries
Security Breaches Numbers
Source: Symantec Internet Threat Response volume 21, 2016
Copyright 2016 Symantec Corporation5
Tracking Down the Numbers
Data Breach: How and What
Spam
More than 50% inbound business email traffic was spam
Phishing
Web Attacks
Malicious Activity by Web Attack Origins
Vulnerabilities on Websites
78%Scanned Websites with
Vulnerabilities
15%Critical Vulnerabilities
Top 10 Vulnerabilities Found Unpatched
Best Practice Guidelines
• Get in line with industry standards– Implement always-on SSL/TLS
– Migrate to SHA-2
– Consider adopting Elliptic Curve Cryptography
• Use SSL/TLS Correctly– Keep protocol libraries up to date
– Don’t let your certificates expire
– Display easily recognizable trust marks (e.g. Norton Secured Seal)
• Manage your SSL/TLS keys properly– Limit access to keys
– Compartmentalize access
– Deploy automated certificate and key management systems
– Report key breaches to CA immediately
• Adopt Comprehensive Website Security– Scan regularly
– Consider the whole ecosystem including defense against injection and DDoS attacks
Discover website vulnerabilities and
malware. Protect against DDoS,
Layer 7 attacks and more
DETECTION, MITIGATION AND REPORTING
Stay Always-on
SSL/TLS CERTIFICATE OPTIONS & CODE SIGNING
KEY SECURITY
Automate certificate lifecycle
management, and get support 24/7
MANAGEMENT TOOLS & SUPPORT
Optimize performance with high-
performing algorithms
CRYPTOGRAPHIC ALOGRITHM & PERFORMANCE
ENCHANCERSIncrease user confidence with
visual indicators and assurance
CONVERSION OPTIMIZATION ENABLERS
Eliminate risks of stolen and
misused keys. Transfer sensitive
data securely.
AUTOMATED SCANS & VISIBILITY
Ensure compliance with industry
standards and best practices
Maintain Compliance
Strengthen Defenses
Optimize Performance
Build Confidence (and business)
Powerful solutions to deliver a single source of protection
Protect Data & Keys
Symantec™ Complete Website Security:
Discover website vulnerabilities and
malware. Protect against DDoS,
Layer 7 attacks and more
Malware Scanning, Vulnerability Assessment, Imperva Incapsula WAF, Imperva Incapsula DDoS Protection
Stay Always-on
Secure App Service, Private Certificate Authority, ECC
SSL/TLS Certificates
Automate certificate lifecycle
management, and get support 24/7
Certificate Intelligence Center Automation, Support
Optimize performance with high-
performing algorithms
ECC SSL/TLS Certificates, Imperva Incapsula CDN
Increase user confidence with
visual indicators and assurance
Norton Secured Seal, EV SSL/TLS Certificate, Seal in Search
Eliminate risks of stolen and
misused keys. Transfer sensitive
data securely.
Certificate Intelligence Center Discovery
Ensure compliance with industry
standards and best practices
Maintain Compliance
Strengthen Defenses
Optimize Performance
Build Confidence (and business)
Powerful solutions to deliver a single source of protection
Protect Data & Keys
Symantec™ Complete Website Security:
Summary
• Threat landscape continues to be more menacing than ever
– Mega breach on the rise
– Total identities stolen increasing
• Avoid Compromising Trusted Relationships with Users and Partners
– Implement Best Practices
– Deploy Complete Website Security
• Scan websites for malware
• Assess websites for vulnerability
• Defend against attacks e.g. DDoS
• Secure against malware infection and man-in-the-middle attacks
• Assure users that you have a secure website with trust marks and green browser address bar
Resources
• Symantec Website Security Website:
– https://www.symantec.com/website-security/
• Symantec Website Security Threat Report
– https://websitesecurity.symantec.com/campaigns/16963-campaign/current/landing/assets/wstr-pt1-us.pdf
Copyright 2016 Symantec Corporation17
Thank you!
Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Lee-Lin Thye
18
