![Page 1: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/1.jpg)
AdvancedCyberIllnessTreatmant
Davor PeratSenior Technology Consultant
![Page 2: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/2.jpg)
Agenda
2
1
2
3
4
5
6
7
AdvancedThreatProtec0onPreventadvancedpersistentthreats
AdvancedThreatProtec0onIden0fysuspiciousfiles
AdvancedThreatProtec0onSearchforIndicatorsofCompromise
AdvancedThreatProtec0onBlock,isolateandremovetheadvancedpersistentthreats
AdvancedThreatProtec0onMinimizeenvironmentalchanges
SymantecProductIntegra0onandSupport
Addi0onalResourcesandSummary
![Page 3: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/3.jpg)
3
Let’sgetstarted!
![Page 4: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/4.jpg)
WhatareAdvancedThreats?
Targeted
Targetsspecificorganiza0onsand/orna0onsforbusinessor
poli0calmo0ves
Stealthy
Usespreviouslyunknownzero-day
aJacks,rootkits,andevasivetechnologies
Persistent
Sophis0catedcommandandcontrolsystemsthatcon0nuouslymonitorandextractdatafromthespecifictarget
4Copyright©2014SymantecCorpora0on
![Page 5: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/5.jpg)
HowTheyWork:AdvancedThreats
5Copyright©2014SymantecCorpora0on
![Page 6: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/6.jpg)
Whatthelikelihoodisofbeingatarget
18%
31% 30% 34%
32% 19%31% 25%
50% 50% 39% 41%
2011 2012 2013 2014
1-250 251-2500 2501+Sizeoforganisa0on:
6Copyright©2014SymantecCorpora0on
![Page 7: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/7.jpg)
Whattheresultsareofbeingatarget
66% Breaches
undetected for 30 days
or more
243 Is the average number of days before detection
4 Months is the
average time to remedy once detection has
occurred
Technically
7Copyright©2014SymantecCorpora0on
![Page 8: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/8.jpg)
Whattheresultsareofbeingatarget(conJnued)
Commercially
Resource Opex Capex
Legal Fees Time
Money
Theft Intellectual Property
Money Customer Data Employee Data
Reputation Brand Reputation
can be affected if a breach is reported in
the press
8Copyright©2014SymantecCorpora0on
![Page 9: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/9.jpg)
EvenwiththebestprevenJontechnologies,canyoustopadvancedpersistentthreats?
9
PREVENT
StoppingIncomingAJacks
WhileprevenJonissJllveryimportant….
…youneedtopreparetobebreached.
PREPARE
UnderstandingWhereImportantDataIs&WhoCanAccessIt
DETECT
FindingIncursions
RESPOND
Containing&Remedia0ngProblems
RECOVER
RestoringOpera0ons
Copyright©2014SymantecCorpora0on
![Page 10: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/10.jpg)
Ifyouarebreached,howfastcanyoudetect,respondandrecover?
10
PREPARE
UnderstandingWhereImportantDataIs&WhoCanAccessIt
PREVENT
StoppingIncomingAJacks
DETECT
FindingIncursions
RESPOND
Containing&Remedia0ngProblems
RECOVER
RestoringOpera0ons
Copyright©2014SymantecCorpora0on
![Page 11: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/11.jpg)
Copyright©2014SymantecCorpora0on11
IdenJfysuspiciousfilesATPSolu0on:
![Page 12: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/12.jpg)
SymantecAdvancedThreatProtecJon:Modules
• Endpointvisibility(thefootholdinmosttargetedaJacks)
• Endpointcontext,suspiciousevents,&remedia0on
• RequiresSEP–nonewagent–anddeployedasavirtualorphysicalappliance
• Networkvisibilityintoalldevices&allprotocols
• Automatedsandboxing,webexploits,command&control
• DeployedoffaTAPorinlineasvirtualorphysicalappliance
• Emailvisibility(s0llthenumberoneincursionvector)
• Emailtrends,targetedaJackiden0fica0on,sandboxing
• Cloud-basedeasyaddontoEmailSecurity.cloud
12Copyright©2014SymantecCorpora0on
![Page 13: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/13.jpg)
SymantecAdvancedThreatProtecJon:Cynic
13
ATP:ENDPOINT
ATP:NETWORK
ATP:EMAIL
Virtualsandbox
Cynic
Detec0onengines Physicalsandbox
Copyright©2014SymantecCorpora0on
![Page 14: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/14.jpg)
Cynic-FileTypes• Windowsbinaries:EXE,DLL,SYS(drivers),OCX(Ac0veXcontrols),SCR(ScreenSavers)
• Officedocs:Word,Excel,PowerPoint
• Javaapplets
• Compressedfiles(rar,zip,7z)
• AdobeAcrobat
14
![Page 15: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/15.jpg)
SkepJc:pseudoequaJonforheurisJcanalysis
Copyright©2014SymantecCorpora0on15
+ Ques'onablesource+ SuspectA3achment+ Suspiciouscodeina3achment(+ Evidenceofobfusca'on)(+Unexpectedencryp'on)______
Heuris'callydetectedmalcode
*Notallsuspiciouselementsrequiredforconvic0on
![Page 16: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/16.jpg)
SONAR• Dynamicanalysis
• Doesnotmakedetec0onsonapplica0ontype,butonhowaprocessbehaves.
• Ifitbehavesmaliciously,regardlessofitstype,itwilltriggeradetec0on
16Copyright©2014SymantecCorpora0on
![Page 17: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/17.jpg)
VirtualExecuJon• VMexecu0onwithmimickedenduserbehavior
• RangeofOSandapps• VMexecu0onrangeofOSandapplica0ons
• VMcommunica0onanalysis
VirtualMachines
OSAPPS
OSAPPS
OSAPPS
OSAPPS
Apps
VirtualMachines
OSAPPS
OSAPPS
OSAPPS
OSAPPS
VirtualMachines
OSAPPS
OSAPPS
OSAPPS
OSAPPS
17Copyright©2014SymantecCorpora0on
![Page 18: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/18.jpg)
PhysicalExecuJon
• Physicalhardware• Baremetalexecu0on
– NoVirtualiza0on
18Copyright©2014SymantecCorpora0on
![Page 19: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/19.jpg)
Copyright©2014SymantecCorpora0on19
SearchforIndicatorsofCompromise
ATPSolu0on:
![Page 20: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/20.jpg)
Copyright©2014SymantecCorpora0on20
ConsoleHome
![Page 21: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/21.jpg)
21Copyright©2014SymantecCorpora0on
OverviewInforma0on
![Page 22: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/22.jpg)
22Copyright©2014SymantecCorpora0on
Clickablelinksforfurtherinves0ga0on
![Page 23: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/23.jpg)
23
![Page 24: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/24.jpg)
24
Furtherac0ons
![Page 25: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/25.jpg)
EnJtyPointPages
25
FileEnJtypageRelatedIncidentsRelatedEventsSeenonEndpointsFilesdownloadedOriginsFilesnamedassociatedwithHashCynicResults
DomainEnJtyPageRelatedIncidentsFilesdownloadedEndpointsthatcommunicatedIP’sAssociatedwithDomain
EndpointEnJtyPageRelatedIncidentsRelatedEventsMaliciousFilesMaliciousConnec0ons
![Page 26: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/26.jpg)
26Copyright©2014SymantecCorpora0on
IncidentManager
![Page 27: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/27.jpg)
27
![Page 28: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/28.jpg)
28Copyright©2014SymantecCorpora0on
IncidentTracking
![Page 29: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/29.jpg)
29Copyright©2014SymantecCorpora0on
Searches
![Page 30: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/30.jpg)
TypesofSearches
• Inline(Datastore)– Searcheslocaldatastoreforar0facts– Secondstoreturnresults– Ar0factsaregeneratedfromendpointandnetworksensorevents– Examples(file,hash,domainname,hostname,username,IP)– PEFiletypes(exe,dll,com,scr,msi,drv,sys,ocx,cpl)
• EndpointInterroga0on– Searchesendpointforar0facts– Resultscanbedelayedbasedonfactors– Examples(file,hash,registry)– Allfiletypes(PE,NonPE)
.
30Copyright©2014SymantecCorpora0on
![Page 31: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/31.jpg)
Searches
Filesusing– Filename– FileHash(SHA256,MD5)
Endpointsusing– Hostname– IPAddress(v4)– Logonuser
Externaldomainsusing– Domainname– DomainURL– DomainIPaddress
• Wecheckiftheprovidedvalueispresentanywhereintheabovefieldsi.e.filename,MD5,sha2,hostnameetc.i.e.containsmatch.
31Copyright©2014SymantecCorpora0on
![Page 32: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/32.jpg)
SymantecAdvancedThreatProtecJon:Synapse
32
ATP:ENDPOINT
ATP:NETWORK
ATP:EMAIL
Correla0onandPriori0za0on Remedia0onRepor0ngand
Inves0ga0on
Synapse
Copyright©2014SymantecCorpora0on
![Page 33: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/33.jpg)
Copyright©2014SymantecCorpora0on33
Block,isolateandremovetheadvancedpersistentthreats
ATPSolu0on:
![Page 34: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/34.jpg)
Firstlineofdefense:ATP:Email
Anythingwithoutaverdictwillbe
scannedbyCynicforacustomer
configureddura0on(≤20mins)
Maliciousmailisquaran0nedand
loggedassoonasadetec0onmethod
flagsit
Copyright©2014SymantecCorpora0on34
ConnecJonleveldetecJon Signatures
SkepJcHeurisJcsandLinkFollowing
Cynic
![Page 35: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/35.jpg)
ATP:Network&Endpoint
SEPM
Sweep,Hunt,Collect,Fix
Sweep,Hunt,Collect,Fix
35Copyright©2014SymantecCorpora0on
ATPAppliance
Cynic
![Page 36: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/36.jpg)
ATP:Network&Endpoint
SEPM
Sweep,Hunt,Collect,Fix
Sweep,Hunt,Collect,Fix
36Copyright©2014SymantecCorpora0on
ATPAppliance
Cynic
QUARANTINE
![Page 37: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/37.jpg)
ATP:Network&Endpoint
SEPM
Sweep,Hunt,Collect,Fix
Sweep,Hunt,Collect,Fix
37Copyright©2014SymantecCorpora0on
ATPAppliance
Cynic
QUARANTINE
Blacklist
![Page 38: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/38.jpg)
Domainwww.google.com.gov.ca
URL
gov.ca/dmvhJp://stanford.edu/newshJp://gość.pl/a
IP/IPSubnet
fe80::250:56ff:fe99:390310.10.10.10/2410.10.10.10/255.255.255.0
SHA256Hash
e3b0c44298fc1c149asf4c8996s92427ae41e4649b934ca495991b7852b854MD5hash
fe58cec593d7cdf2e0e9d13dfe1020b838
Blacklist/WhitelistValidEntries
Copyright©2014SymantecCorpora0on
![Page 39: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/39.jpg)
Copyright©2014SymantecCorpora0on39
Minimizeenvironmentalchanges
ATPSolu0on:
![Page 40: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/40.jpg)
WAN
LAN
EmailSecurity.cloud
![Page 41: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/41.jpg)
WAN
LANInsight
ATP:Endpoint+Manager
EmailSecurity.cloud
![Page 42: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/42.jpg)
WAN
LANInsight
Logs&Remedia0on
ATP:Endpoint+Manager
EmailSecurity.cloud
![Page 43: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/43.jpg)
WAN
LANInsight
Logs&Remedia0on
Networktraffic
ATP:Endpoint+ManagerATP:Network
EmailSecurity.cloud
![Page 44: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/44.jpg)
WAN
LANInsight
Logs&Remedia0on
Networktraffic
Synapse
ATP:Endpoint+ManagerATP:Network
EmailSecurity.cloud
![Page 45: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/45.jpg)
WAN
LANInsight
Logs&Remedia0on
Networktraffic
SynapseCynic
ATP:Endpoint+ManagerATP:Network
EmailSecurity.cloud
![Page 46: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/46.jpg)
WAN
LANInsight
Logs&Remedia0on
Networktraffic
SynapseCynic
ATP:Endpoint+ManagerATP:Network
ATP:EmailEmailSecurity.cloud
![Page 47: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/47.jpg)
WAN
LANInsight
Logs&Remedia0on
Networktraffic
SynapseCynic
ATP:Endpoint+ManagerATP:Network
ATP:EmailEmailSecurity.cloud
ATP:Emailcorrela0on
![Page 48: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/48.jpg)
SymantecAdvancedThreatProtecJon
48
ATP:ENDPOINT
ATP:NETWORK
ATP:EMAIL
Correla0onandPriori0za0on
Virtualsandbox
Remedia0on
Cynic
Repor0ngandInves0ga0on
Detec0onengines Physicalsandbox
Synapse
Copyright©2014SymantecCorpora0on
![Page 49: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/49.jpg)
49
SymantecServicesHelpingyouwithallofyourproductneeds
![Page 50: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/50.jpg)
Copyright©2015SymantecCorpora0on
SupportServices
ConsulJngServices
EducaJonServices
Premier(ValueBased
Services)RemoteProductSpecialist(RPS)
BusinessCriJcalServices
HelpmeDESIGNit,INSTALLit,ENHANCEit
HelpmeLEARNaboutit&USEit
HelpmeUNLOCKVALUE&
OPTIMIZEitHelpmeFIXit
50
SymantecTechnicalServicesSupportsYou
![Page 51: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/51.jpg)
EducaJonServices
Abroadrangeoftrainingsolu0onstohelpyougetthemostoutof
Symantecproducts.
Copyright©2015SymantecCorpora0on
• Achieveexpectedvalueforyourproducts.• LearnhowSymantecproductscansolveyourbusiness
problemstodayandtomorrow.• Gainbestprac0ceinsighttokeepyourinvestments
runningsmoothlylong-term.
• Formoreinforma0onvisittraining.symantec.com
51
SymantecEducaJonServicesOffersEffecJveProductTraining
![Page 52: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/52.jpg)
ServicesforATP–morehelp,moresuccess!Whattosellandwhotocontact
Copyright©2015SymantecCorpora0on
Service Whatitis Availablewhen?
GlobalContacts WebsiteEducaJonCourseOffering
ATPIncidentResponseCourseavailableas
InstructorLedTrainingorviaVirtualAcademy
[email protected];[email protected];[email protected]
Educa0onServiceswebsite
BCSPremier
forATP
Symantec’spremiumSupportServicesoffering,
designedtosimplifysupport,maximizereturn
andprotectITinfrastructure.
AtProductGA
ContactBCSteammembersfromtheinternalSAVOpageorPartnerNet
BCSContactPage
BCSProacJveServicesfor
ATP
Reviewofcustomer’sATPconfigura0onandini0al
repor0ngfromATPconsoleAtProductGA
ContactBCSteammembersfromtheinternalSAVOpageorPartnerNet
BCSContactPage
ConsulJngServicesfor
ATP
On-siteImplementa0onServices,Solu0on
Assessment&Op0miza0on&
ResidencyServices
AtProductGA
[email protected][email protected]
Consul0ngwebsite
![Page 53: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/53.jpg)
AddiJonalResourcesandSummary
53
RESOURCES
IfyouwouldliketoknowmoreaboutAdvancedThreatProtec0onpleasevisit:hJps://www.symantec.com/advanced-threat-protec0on/
SUMMARYDuringthispresenta0onwehavediscussedhowAdvancedThreatProtec0onenablesacustomertopreventadvancedpersistentthreats,iden0fysuspiciousfilesandsearchforIndicatorsofCompromise.WealsolearnedhowATPcanblock,isolateandremovetheadvancedpersistentthreatswhileminimizingenvironmentalchangesbyleveragingacompany’sexis0ngSymantecsecurityinvestment.
![Page 54: Advanced Cyber Illness Treatmant - IT klinika...Advanced Threat Protec0on Block, isolate and remove the advanced persistent threats Advanced Threat Protec0on Minimize environmental](https://reader034.vdocument.in/reader034/viewer/2022050409/5f860521430ca26a6d5d2633/html5/thumbnails/54.jpg)
54