1 getting beyond standalone antivirus to advanced threat protection eric schwake sr. product...
TRANSCRIPT
1
Getting Beyond Standalone Antivirus to Advanced Threat Protection
Eric SchwakeSr. Product Marketing Manager@lombar77
2
Targeted Attack Trends1
Organizations Struggling to Keep Up2
A Methodology for Better Protection3
How Symantec Can Help4
Q & A5
Targeted Attacks
3
Targeted Attacks Defined
4
End goal is most commonly to capture and extract high value information, to damage brand, or to
disrupt critical systems
Broad term used to characterize threats targeted to a specific entity or set of
entities
Often crafted and executed to purposely be covert and
evasive, especially to traditional security controls
How Targeted Attacks Happen
5
Send an email to a person of interest
Spear Phishing
Infect a website and lie in wait for them
Watering Hole Attack
Targeted Attack Trends
6
2013
2012
+91%
Increase in targeted attack campaigns
2011 2012 2013
Email per Campaign
Recipient/Campaign
Campaigns
Duration of Campaign
78
122
29
61
111
23
165
408
779
4 days 3 days 8.3 days
Top 10 Industries Targetedin Spear-Phishing Attacks, 2013Source: Symantec
Public Administration (Gov.)
Services – Professional
Services – Non-Traditional
Manufacturing
Finance, Insurance & Real Estate
Transportation, Gas, Communications, Electric
Wholesale
Retail
Mining
Construction
16%15
141313
65
211
Spear Phishing Attacks by Size of Targeted Organization, 2011 - 2013Source: Symantec
50% 50%39%
18%31% 30%
100%
02011 2012 2013
1,501 to 2,500
1,001 to 1,500
501 to 1,000
251 to 500
1 to 250
2,501+Employees
50% 50%61%
Organizations are Struggling to Keep Up
7
8
Reliance on Silver Bullet Technologies
• A single point product won’t identify all threats
• Most frequent Silver Bullet monitoring technologies: – IDP / IPS
– Anomaly detection (on the rise)
• Individual technologies lack a comprehensive vantage point to detect today’s threats.
32%Average % of incidents detected by IDP / IPS technologies
9
Incomplete Enterprise Coverage
• Companies fail to effectively assess (and update) the scope of their Enterprise
• Enterprise technology trends further challenge scope– Mobile
– Cloud
– BYOD
10
Underestimate SIEM Complexity
• Companies frequently underestimate effort and cost to implement– Technical architecture frequently
under scoped
– Time to implement can take year+
• Struggle to sustain capability– Turnover of “the SIEM expert”
– Focus / Expertise Required 35%Too many false positive responses
72%Collect 1TB of security data or more on a monthly basis
11
Lack of Sufficient Staff / ExpertiseIncreasing Sophistication ≠ More Resources
“We’re at 100% employment in IT security”
– Chief Security Officer
Health Care Organization
83%of enterprise organizations say it’s extremely difficult or somewhat difficult to recruit/hire security professionals
12
Can’t Keep up with Evolving Threats
• Detection program must be evolve as threats evolves– Analyst training / awareness
– SIEM tuning
– Detection methods
– Response tactics
• Varied tactics to keep up with threats: – Open source
– Working groups (ISACs)
– Commercial
28%Sophisticated security events have become too hard to detect for us
35%Do not use external threat intelligence for security analytics
A Methodology for Better Protection
13
The Attack Waterfall
14
Protection Detection Response
256 Billion Attacks
350,000Security Events
The ‘Maybe’s
3,000Incidents
Readiness100+
Security Ops staff
15
Identif
y
Protect
Detect
Respon
d
Recove
r100+
Security Staff
256B attacks
350K events
3000 incidents
Identify or Readiness
16
Threat Intelligence
Asset Management
Policy
Practice
17
Identif
y
Protect
Detect
Respon
d
Recove
r100+
Security Staff
256B attacks
350K events
3000 incidents
Proactive Protection Technologies
18
All Control Points
More than AV
Test URLs in Email
19
Identif
y
Protect
Detect
Respon
d
Recove
r100+
Security Staff
256B attacks
350K events
3000 incidents
Detect
20
Correlate Control Points
Identify Anomalies
Monitor & Test Everything
21
Identify Protect Detect Respond Recover
100+ Security
Staff
256B attacks
350K events
3000 incidents
Respond
22
Automate Correlation
Incident Response
How Symantec Can Help
23
Symantec Advanced Threat Protection
Managed Adversary
Service Insight, SONAR, Thread injection protection
Secure App
Service
Security Simulation
Disarm, Link following, Skeptic
Incident Response
Service
MSS-ATP
Advanced Threat Protection Solution
Cynic
Synapse
Synapse
Protection Detection Response
256 Billion Attacks
350,000Security Events
The ‘Maybe’s
3,000Incidents
Readiness100+
Security Ops staff
24
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
25
Eric [email protected]+1 541 520 6015@lombar77