Post on 23-Jun-2020
transcript
Symantec Enterprise Security: Strategy and Roadmap
Galin Grozev
Senior Technology Consultant – Symantec Bulgaria
Enterprise Threat Landscape
2
Attackers Moving Faster Digital extortion
on the rise Malware gets
smarter
Zero-Day Threats Many Sectors Under Attack
5 of 6 large companies
attacked
317M new malware created
1M new threats
daily
60% of attacks
targeted SMEs
113% increase in
ransomware
45X more devices
held hostage
28% of malware was Virtual
Machine Aware
24 all-time
high
Top 5 unpatched for
295 days
24
Healthcare + 37%
Retail +11%
Education
+10% Government
+8% Financial
+6%
Source: Symantec Internet Security Threat Report 2015
Key Trends Reshaping the Enterprise Security Market
RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT
DISAPPEARING PERIMETER Decreasi gly rele a t ith fuzzy peri eter
RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud
SERVICES Security as a Service; box fatigue
CYBERSECURITY Governments and regulators playing ever larger role
3 Copyright © 2015 Symantec Corporation
Symantec Enterprise Security | STRONG FRANCHISES
4
#1 share; AAA rating
nine quarters in a row
Endpoint Security
#1 share; 100% uptime with
<0.0003% FPs 5 years in a row
Email Security
#1 DLP share;
100% of Fortune 100
Data Protection
#1 share
6B certificate lookups/day
Trust Services
13B validations every day
100% uptime last 5 years
Authentication & Authorization
Managed Security Services
12 Yrs Gartner MQ leader
30B logs analyzed/day
Copyright © 2015 Symantec Corporation
Symantec Enterprise Security | UNIQUE VISIBILITY
5
57M attack sensors in
157 countries
175M endpoints
182M web attacks
blocked last year
3.7T rows of telemetry
100 Billion more/month
9 threat response centers
500+ rapid security response team
30% of world’s enterprise
email traffic scanned/day
1.8 Billion web requests
Copyright © 2015 Symantec Corporation
Symantec Enterprise Security | PRODUCT STRATEGY
6
Threat Protection
ENDPOINTS DATA CENTER GATEWAYS
• Advanced Threat Protection Across All Control Points • Built-In Forensics and Remediation Within Each Control Point • Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud • Cloud-based Management for Endpoints, Datacenter, and Gateways
Unified Security Analytics Platform
Log and Telemetry Collection
Unified Incident Management and Customer Hub
Inline Integrations for Closed-loop Actionable Intelligence
Regional and Industry Benchmarking
Integrated Threat and Behavioral Analysis
Information Protection
DATA IDENTITIES
• Integrated Data and Identity Protection • Cloud Security Broker for Cloud and Mobile Apps • User and Behavioral Analytics • Cloud-based Encryption and Key Management
Users
Data
Apps
Cloud
Endpoints
Gateways
Data Center
Cyber Security Services
Monitoring, Incident Response, Simulation, Adversary Threat Intelligence
Copyright © 2015 Symantec Corporation
Copyright © 2015 Symantec Corporation 7
Cyber Security Services
Unified Security Analytics Platform
Information Protection
DATA IDENTITIES
Threat Protection
DATA CENTER GATEWAYS ENDPOINTS
THREAT PROTECTION
Threat Protection Requirements | FULL THREAT LIFE-CYCLE
8
Source: Gartner
PREDICT Proactive risk
analysis
Predict attacks
Baseline systems Prevent issues
Divert attackers
Harden and isolate systems
Contain issues
Confirm and prioritize risk
Detect issues Remediate/ Make change
Design/ Model change
RESPOND
PREVENT
DETECT Investigate/
Forensics
Advanced Threat
Protection
Symantec Threat Protection | STRATEGY
• Advanced Threat Protection Across Control Points
• Built-in Forensics and Remediation Within Each Control Point
• Integrated Protection of Server Workloads across On-Premise, Virtual, and Cloud
• Cloud-based Management for Endpoints, Datacenter, and Gateways
9
Advanced Threat
Protection
Network/ Gateways
Data Center
Endpoints
Copyright © 2015 Symantec Corporation
SYMANTEC ADVANCED THREAT PROTECTION
New advanced threat detection and response capabilities
unifying security across the network, endpoint, and email
helping organizations achieve better protection and drive
down security operations costs
• Better Detection of advanced and targeted attacks with
Cynic
• Faster Response by reducing alerts and prioritizing the
most significant threats with Synapse
• Lower OpEx with agentless integration and correlation
across network, endpoint, and email
ATP: Email ATP: Network
New cloud based
sandbox analysis
Combines execution
with global threat
intelligence and
behavioral analysis
Symantec Cy ic™ “y a tec “y apse™
New correlation across
network, endpoint, &
email,
Agentless integration
Provides prioritization
for incident responders
ATP: Endpoint
NEW TECHNOLOGY
Symantec Threat Protection | SUMMARY OF KEY CAPABILITIES
11
Next Gen Forensics and Remediation
• Granular flight recorder
• Fine-grained remediation policies
• Known and unknown exploit detection
• Common management console with centralized activity logs
• Closed-loop remediation
• No new agent (easy upgrade)
Advanced Threat Protection
• Single platform
• Cloud-based payload detonation
• Cross-control point correlation and incident prioritization
• Closed-loop remediation
• Unified incident management
Cloud-based management with single extendable agent technology, self-service BYOD provisioning, and native encryption & key management
Server Workload Protection
• Integrated protection across on premise, virtualized, and cloud-based workloads
• Consistent application of lockdown, app control, and lockdown policies
• Common Management/orchestration as workloads move to and from cloud
• Support for VMWare (NSX/ESX) and Amazon, Azure, and OpenStack
Copyright © 2015 Symantec Corporation
Copyright © 2015 Symantec Corporation 12
Cyber Security Services
Unified Security Analytics Platform
Information Protection
DATA IDENTITIES
Threat Protection
DATA CENTER GATEWAYS ENDPOINTS
INFORMATION PROTECTION
Information Protection Requirements | CLOUD AND MOBILE FOCUS
13
With the advent of mobile and BYOD devices, more users are accessing and consuming information when outside the firewalls
US
ER
S A
RE
MO
VIN
G
DATA AND APPS ARE MOVING
With more data in cloud and more mobile users, information protection across cloud and mobile, combined with behavioral analytics, is a critical imperative
Historically data was created and consumed on premise; most users would create and consume this data from inside firewalls
With more applications and workloads migrating to public clouds, more and more data is created and consumed on cloud
Copyright © 2015 Symantec Corporation
Symantec Information Protection | STRATEGY
• Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud
• Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud
• Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats
14
Data Access
Identities
Cloud Security Broker
Copyright © 2015 Symantec Corporation
Symantec Information Protection | SUMMARY OF KEY CAPABILITIES
15
Cloud Security Broker
• Data and identity protection between
mobile and cloud, with no perimeter
• Highly contextual protection by
connecting user, device, location, and
data loss prevention policies
• Cloud-based SSO with biometric
authorization
• Scan and remediation of data already
in cloud apps
User and Behavioral Analytics
• Integrated analytics to track
and profile behaviors and data flow
• Prioritized incident management
• Pre-built threat models and big-data
analytics to quickly flag and detect
incidents
• Industry and global intel correlation to
detect coordinated attacks
Copyright © 2015 Symantec Corporation
Copyright © 2015 Symantec Corporation 16
Cyber Security Services
Unified Security Analytics Platform
Information Protection
DATA IDENTITIES
Threat Protection
DATA CENTER GATEWAYS ENDPOINTS
CYBER SECURITY PROTECTION
Symantec Cyber Security Services | STRATEGY
Expanded services
• Incident Response and Forensics services
• Security Simulation Services for security preparedness and overall health checks
Scale up of existing and new services with core tech
• Big Data-based streaming & batch analytics
• High speed ingestion of large and ever growing log data
Expanded global footprint
• Expansion of number of SOCs globally to address demand as well as regulatory requirements
17
SECURITY SERVICE NEED SYMANTEC OFFERING
EX
IST
ING
N
EW
Adversary Threat Intelligence Service
Security Monitoring Service
Incident Response and Forensics Service
Security Simulation Service
Track & Analyze Key Events & Trends
Monitor Threats & Campaigns
Respond to Breaches Quickly & Effectively
Assess Security Readiness Under Different Scenarios
Copyright © 2015 Symantec Corporation
Symantec Cyber Security Services | SUMMARY OF KEY CAPABILITIES
18
Threat Intelligence Services
• Global Intelligence Network
• Early warning Portal
• Adversary threat intelligence
• Integrated IoCs from internal and
external feeds
IR and Simulation Services
• Global team with extensive experience
in forensics investigation
• Emergency/Retained/Managed options
• Integrated with SOCs to provide end to
end service
• Realistic live fire training missions
delivered as a SaaS solution
Security Monitoring Services
• Key technology IP for log collection,
analytics, and incident investigation
• Tailored to customer maturity/industry
• High-touch 24x7 service model
• Integration with next gen security
infrastructure to detect advanced threats
Global team of 500+ threat and intel experts with unique knowledge of attack actors;
Supported by Cloud-based Big Data analytics infrastructure
Copyright © 2015 Symantec Corporation
Copyright © 2015 Symantec Corporation 19
Cyber Security Services
Unified Security Analytics Platform
Information Protection
DATA IDENTITIES
Threat Protection
DATA CENTER GATEWAYS ENDPOINTS
UNIFIED SECURITY ANALYTICS
Security Platforms Market | FOCUS SHIFTING TO ANALYTICS
20
ATTACKS
ARE INCREASINGLY
SOPHISTICATED
• Micro-targeted
• New techniques and zero
day attacks
• Stealthy to remain
undetected
EXISTING
TECHNOLOGY
CAN’T KEEP UP
• Reactive methods
• Insufficient data to find
subtle trends and patterns
• Isolated approaches
without broader context
ANALYST
FATIGUE IS
RAMPANT
• Too many alerts and
false positives
• Slow and manual
detection, forensics,
and remediation
RISE OF SECURITY BIG DATA ANALYTICS
Big data, analytics, and machine
learning techniques needed to
address these challenges
Copyright © 2015 Symantec Corporation
External Resources
Copyright © 2014 Symantec Corporation 21
2015 Internet Security Threat Report
http://www.symantec.com/security_response/publications/threatreport.jsp
Advanced Threat Protection
http://www.symantec.com/advanced-threat-protection/
Data Loss Prevention
http://www.symantec.com/data-loss-prevention/
Encryption
http://www.symantec.com/encryption/
Data Center Security
http://www.symantec.com/data-center-security/
Thank you!
Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Galin Grozev
galin_grozev@symantec.com +359 878 441131
22