Symantec Proprietary – Limited Use Only
Integrated Cyber Defense at the Heart of Digital Transformation Symantec Security Strategy
Panagiotis Sotiriou Systems Engineer Greece, Cyprus, Romania, Bulgaria & Malta
Symantec Proprietary – Limited Use Only
Current Threat Landscape
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
Symantec Proprietary – Limited Use Only
Fiscal Spending Challenges Fiscal Crisis
Existing Technology Footprint Annual Security Improvement
New Regulations
Labor Cost Increases
Subscription Expense Growth
Maintaining a Dual Environment (Legacy and Cloud)
SECURITY OPERATING COSTS
CURRENT SECURITY BUDGET
6-8% ANNUAL BUDGET INCREASE
Symantec Proprietary – Limited Use Only
THE COMING FISCAL CRISIS
Requires Presence at Key Termination Points
The Internet Gets Darker
Symantec Proprietary – Limited Use Only
THE COMING FISCAL CRISIS A DARK INTERNET
Organizations Will Need to Depend on Automatic Security Capabilities The Relevance of Emerging Technologies
ARTIF IC IAL INTELL IG ENCE
Symantec Proprietary – Limited Use Only
THE COMING FISCAL CRISIS A DARK INTERNET
DEEP ARTIFICIAL INTELLIGENCE & AUTOMATION
Industry Refocused on the Criticality of Prevention Threat Detection is Not Enough
Symantec Proprietary – Limited Use Only
THE COMING FISCAL CRISIS A DARK INTERNET
DEEP ARTIFICIAL INTELLIGENCE & AUTOMATION
Industry Refocused on the Criticality of Prevention Threat Detection is Not Enough
Symantec Proprietary – Limited Use Only
THE COMING FISCAL CRISIS A DARK INTERNET
DEEP ARTIFICIAL INTELLIGENCE & AUTOMATION
BEST IN CLASS TERMINATION POINTS & PROTECTION
Changing Usage Models Will Mandate Cloud Generation Architecture The Cloud Generation Dilemma
Symantec Proprietary – Limited Use Only
DEEP ARTIFICIAL INTELLIGENCE & AUTOMATION
THE COMING FISCAL CRISIS A DARK INTERNET
BEST IN CLASS TERMINATION POINTS & PROTECTION
Changing Usage Models Will Mandate Cloud Generation Architecture The Cloud Generation Dilemma
CLOUD GENERATION ARCHITECTURE & PLATFORMS
Symantec Proprietary – Limited Use Only
Key Termination points
PROXY
CLOUD APPS
ENDPOINT
Symantec Proprietary – Limited Use Only
Delivering Protection in The Cloud Generation
PROXY
CLOUD APPS
ENDPOINT
Symantec Proprietary – Limited Use Only
Delivering Protection in The Cloud Generation
Endpoint Requirements
Best in Class Protection
Machine Learning/Artificial Intelligence
Single Agent/Efficient Architecture
Cloud Aware/Enabled
Supports all Endpoints
PROXY
CLOUD APPS
ENDPOINT ENDPOINT
SINGLE AGENT
Symantec Proprietary – Limited Use Only
More threats lead to more agents
Poor Malware Protection against Emerging Threats
46% Increase in new
ransomware variants
92% Increase in new
downloader variants
8,500% Increase in
coinminer detections
• Integration challenges
• Compatibility issues
• Too much complexity resulting in security gaps
Technical Issues
• Multiple agent deployments and management
• Increased labor and higher costs
• Each agent needs updating with Operating System updates
• More alerts that need addressing by the SOC staff
Operational Issues
7 Average # of installed endpoint management & security agents
NETWORK FIREWALL & INTRUSION
PREVENTION
BEHAVIOR MONITORING
DEVICE CONTROL & POWER ERASER
REPUTATION ANALYSIS
MEMORY EXPLOIT MITIGATION
ADVANCED MACHINE LEARNING
EMULATOR APPLICATION ISOLATION
DECEPTION EDR APPLICATION CONTROL
Advance Malware Protection Integrated
EDR Deception SEP Hardening
Agent
Anti-malware
ANTIVIRUS
Agent Agent Agent Agent Agent Agent
Symantec Proprietary – Limited Use Only
Multilayered, Single-agent, Endpoint Protection SEP 14.1 and SEP Hardening Deliver Cutting Edge Technologies
NETWORK FIREWALL & INTRUSION
PREVENTION
BEHAVIOR MONITORING
DEVICE CONTROL & POWER ERASER
REPUTATION ANALYSIS
MEMORY EXPLOIT MITIGATION
ADVANCED MACHINE LEARNING
EMULATOR APPLICATION ISOLATION
DECEPTION EDR APPLICATION CONTROL
• Most effective ransomware protection
• Defend against file- less threats including memory based exploits
• Virtual patching for critical vulnerabilities
• Block polymorphic malware
Advance Malware Protection
• Detect stealthy threats
• Investigate and Hunt IoCs
• Rapidly fix endpoints
• Automate IR tasks
Integrated EDR
• Identify hidden adversaries
• Expose attackers’ intent and tactics to enhance security posture
Deception
• Auto-assess application risk
• Protect IT approved apps from exploits
• Isolate suspicious apps to prevent privileged operations
SEP Hardening
Single Agent
• Use world’s largest civilian GIN to block common threats
• Block lateral movement and command & control traffic
• Device-level control and lockdown (USB, system files)
• Remediate malware infections
ANTIVIRUS
Anti-malware
Symantec Proprietary – Limited Use Only
Integrations with Symantec and Partner Products
Control Points
Email Security
Web Gateway
Cloud Security
SIEM
Orchestration & Automation
Ticketing
Global Intelligence Network
Data Loss Prevention
Encryption
SOC Integration
Advanced Threat
Protection
ATP (EDR)
Content Analysis
SEP 14 + EDR
ITMS
Symantec Proprietary – Limited Use Only
Proxy Requirements
ENDPOINT
PROXY
CLOUD APPS
Best in Class
Strong Encrypted Traffic Management
Integrated CASB
Network Browser Isolation
Cloud, On-Premise & Virtual Form Factors
Delivering Protection in The Cloud Generation
Symantec Proprietary – Limited Use Only
NETWORK TUNING
TAP
ANALYTICS
APM
SANDBOX
IPS
FIREWALL
PROXY
Bypasses Threat Protection Infrastructure Encrypted Traffic Creates Vulnerabilities
Half of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command and control activity, or data exfiltration
Symantec Proprietary – Limited Use Only
Fix SSL/TLS Encryption Vulnerability Secure Decryption of Network Traffic
IPS APM TAP NETWORK TUNING SECURITY ANALYTICS
SANDBOX CONTENT ANALYSIS
PROXY
SSL VISIBILITY
“C & F’s” NGFWs, SWG’s, ADCs
The Security Impact of HTTPS Interception
Symantec / Blue Coat “A”
Testing conducted by:
FIREWALL
• Securely decrypt SSL & TLS to allow complete inspection
• Scale decryption with SSL Visibility Appliance
• Set policies by category to maintain privacy
• Must maintain broad industry cipher support
Symantec Proprietary – Limited Use Only
100% SAFE RENDERING INFORMATION
Isolate the Web to Stop Threats
• Isolate uncategorized/risky sites
• Secure web browsing of privileged users
• Embedded Email URLs (phishing)
Evaluate and pilot a remote browser solution… as one of the most significant ways an enterprise can reduce the ability of web-based attacks on users to cause damage.”
Secure Disposable Container
DOWNLOAD EXECUTE RENDER
10010100101011010011
0010101
101010011010
011110
WEB ISOLATION PROXY
Content Analysis
https://www.gartner.com/document/3463618
Symantec Proprietary – Limited Use Only
SWG Proxy At Core
Flexible On-ramps, With SEP, SD-Connector
Threat Prevention and Information Security
Cloud Controls (CASB)
High-performance Global Backbone
Web Security Service
SWG Proxy Terminate ♦ Decrypt
♦ Inspect Before Delivery ♦ Orchestrate
SDN Connect
IPSec VPN
Firewall
Network Security for the Cloud Generation Advanced Network Security Stack in the Cloud
Accelerated Cloud Backbone
Telco POP Backbone
Automate Policy & Content Acceleration
Elastic Cloud SVC Structure
Content Peering & Connection Scaling
3rd Party Monitoring
QoS and Performance Optimization
Web Isolation
Malware Analysis & Sandbox
DLP Inspection & Enforcement
CASB Cloud Controls
Confidential - Internal Use Only - Do Not Distribute
Symantec Proprietary – Limited Use Only
Email Requirements
Flexible Form Factor
Protects Intra-Company, Outbound & Inbound
Integrated Content Isolation
Best-In-Class Spam and Malware Defense
Machine Learning / Artificial Intelligence
ENDPOINT
PROXY
CLOUD APPS
Delivering Protection in The Cloud Generation
Symantec Proprietary – Limited Use Only
ISTR23: Email
Last year, 71 percent of all targeted attacks started with spear phishing
The Necurs botnet sent out almost 15 million malicious emails in 2017, 82.5% just in the second half of the year
7,710 organizations are hit by a BEC scam every month
Symantec Proprietary – Limited Use Only
Advanced Email Analytics Accelerates Response to Targeted Attacks
Symantec Threat Researchers
500+ threat researchers
Symantec Global Intelligence Network
emails scanned daily
2B endpoints protected
175M 1B web requests scanned daily
1
3 Advanced Email Security Analytics 60+ Data Points on Clean and Blocked Emails
Security Operations Center Team
Senders & Recipients
Targeted Attack Information
File Hashes
Sandbox Detonation Information
URL Information
2
Email Security.cloud
Artificial Intelligence
Data Scientists
Threat Isolation
Symantec Proprietary – Limited Use Only
Cloud Application Requirements
ENDPOINT
PROXY
CLOUD APPS
Visibility Over Cloud User Behavior
Control Across all Cloud Applications
User and User-Action Based Authentication
Protections Against Malicious Content
Extends Data Protection to the Cloud
Delivering Protection in The Cloud Generation
Symantec Proprietary – Limited Use Only
ISTR23: Cloud
Cyber criminals are harnessing stolen cloud CPU usage for high-powered mining of crypto currency
68% of organizations have some employees who exhibit high-risk behaviour in their cloud accounts
18% of all PII, 13% of all PCI, and 56% of all PHI shared in the cloud is overexposed
26
Symantec Proprietary – Limited Use Only
ATP
SWG
Email Security
VIP
VIP
CASB 1.0
CloudSOC would make your ProxySG Powerful with 25,000 app controls
CloudSOC can make your DLP more expansive to all cloud apps
CloudSOC enables to ICE the data to help track and revoke it after it leaves cloud?
CloudSOC can apply Symantec’s high efficacy malware engines can stop malware in cloud?
CloudSOC makes VIP useful for 2nd factor based on risky actions, not just logins
CloudSOC can track roaming users as part of Shadow IT analysis?
CloudSOC can expand the IR capability of MSS to Shadow IT & cloud Apps?
ProxySG/WSS
DLP
Malware prevention
ICE
SEP
MSS
VIP
Symantec Proprietary – Limited Use Only
ENDPOINT
PROXY
CLOUD APPS
Delivering Protection in The Cloud Generation
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
29
Symantec’s Leadership in Gartner Magic Quadrants
Endpoint Protection
1/2018
Secure Web Gateways 6/2017
Cloud Access Security Broker (CASB) 11/2017
Managed Security Services (MSS) 1/ 2017
Enterprise Data Loss Prevention
2/2017
Symantec Proprietary – Limited Use Only
ADVANCED THREAT PREVENTION
Delivering Technology Services in The Cloud Generation
Content Analysis
Sandboxing
Endpoint Detection & Response
Full Packet Capture & Metadata
Symantec Proprietary – Limited Use Only
ADVANCED THREAT PROTECTION
Delivering Protection in The Cloud Generation
ENDPOINT
PROXY
CLOUD APPS
PROTECT IN-STACK CENTRAL PROTECT DETECT, INVESTIGATE,
& RESPOND INTEGRATE &
AUTOMATE
CONTENT ANALYSIS & ADV MALWARE SANDBOX
THREAT ISOLATION
EDR/ATP Endpoint
SECURITY ANALYTICS
ATP EMAIL
CASB CloudSOC
TIPP
SIEM
SOAR
Ticket
API
API
API
API
ICD
x
CONTENT ANALYSIS
WEB ISOLATION
SANDBOX
ANTI-MALWARE
SANDBOX
NEXT GEN AV
HARDENING
DECEPTION
SANDBOX
WEB ISOLATION
ANALYTICS
Symantec Proprietary – Limited Use Only
Delivering Technology Services in The Cloud Generation
INFORMATION PROTECTION
DLP
Multifactor Authentication
Encryption
Information Centric Analytics
Discovery and Compliance
Symantec Proprietary – Limited Use Only
Data Moves to the Cloud Problem
Symantec Proprietary – Limited Use Only
SECURED CORPORATE LAN Roaming
DLP ENDPOINT DLP MANAGEMENT
CONSOLE
UNIFIED MANAGEMENT
34
DISCOVER MONITOR PROTECT
Tagging
ICE
Analytics
DLP CLOUD
Cloud Email
CASB SaaS
1010110 0110101
Cloud Proxy (WSS)
DLP STORAGE
DMZ
SPAN Port or Tap
MTA / Proxy
DLP NETWORK
In the cloud
All control points
Single pane of glass
Mobile & BYOD
Symantec Proprietary – Limited Use Only
ESS
Email (O365, Gmail)
Solution On-premise & Cloud Apps
ICE
Cloud DLP Detection
VIP
TAGGING
DLP Policies
DLP Violations
Endpoint Storage Network
Enterprise Network (“on premises”)
INFO CENTRIC ANALYTICS
DLP ENFORCE MGMT. CONSOLE
DLP DETECTION
TAGGING ICE
Protect against data loss from personal email and encrypted traffic
Protect against malware and data loss through email
Protect data in the cloud and beyond
CASB
SaaS (OneDrive, Box, SFDC…)
WSS
Web (LinkedIn, Facebook, Twitter…)
Symantec Proprietary – Limited Use Only
Solution On-premise & Cloud Apps
Endpoint Storage Network
Enterprise Network (“on premises”)
INFO CENTRIC ANALYTICS
DLP ENFORCE MGMT. CONSOLE
DLP Policies
DLP Violations
ICE FOR EMAIL
Cloud DLP Detection
VIP FOR
CASB
TAGGING
ESS
CASB
WSS
Email (O365, Gmail)
SaaS (OneDrive, Box, SFDC…)
Web (LinkedIn, Facebook, Twitter…)
DLP DETECTION
TAGGING ICE
In the cloud
All control points
Single pane of glass
Mobile & BYOD
Symantec Proprietary – Limited Use Only
Delivering Protection in The Cloud Generation
ADVANCED THREAT PREVENTION
COMPLIANCE ENFORCEMENT
INFORMATION PROTECTION
ANALYTICS
ENCRYPTED TRAFFIC MANAGEMENT
ICDx
Symantec Proprietary – Limited Use Only
Delivering Protection in The Cloud Generation
INTEGRATED CYBER DEFENSE EXCHANGE (ICDx)
• Open Interface to Symantec and Third Party Technologies
• Structures and Unifies Telemetry
• Control of Event Information for Regulatory Adherence
• Long-Term Correlation of Event and Telemetry Data
• Provides Automated Actions for Control Points
• Integration Point for External Control Structures • MSP • Artificial Intelligence / Machine Learning • Orchestration
ICDx
Symantec Proprietary – Limited Use Only
INTEGRATED CYBER DEFENSE PLATFORM
THREAT RESEARCH
Massive Global Threat Telemetry
State of The Art Security Analysis
Best-in-Class Global Cyberwarriors
Automated Threat Intel Fed to Platform
Delivering Protection in The Cloud Generation
Symantec Proprietary – Limited Use Only
INTEGRATED CYBER DEFENSE PLATFORM
THREAT RESEARCH
Provider Ecosystem
3rd Party Integrations
Information Exchange Layer
Managed Security Services Provider
PLATFORM SERVICES
Delivering Protection in The Cloud Generation
Custom Outcomes
Symantec Proprietary – Limited Use Only
INTEGRATED CYBER DEFENSE PLATFORM
Delivering Protection in The Cloud Generation
PLATFORM SERVICES
600+ PARTNERS INQUIRIES 94 TECHNOLOGY PARTNERS 178 INTEGRATIONS
Symantec Proprietary – Limited Use Only
Delivering a Simplified Security Model for the Cloud Generation
Symantec Integrated Cyber Defense
Headquarters Data Center
Regional Office
Roaming Users
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
44