layered security why it works webcast

8/13/2019 Layered Security Why It Works Webcast

http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 1/28

Layered Security:Why It Works

Sponsored by Symantec

© 2013 The SANS™ Institute – www.sans.org



Today’s Speakers

Jerry Shenk, SANS Analyst

Kat Pelak, Senior Product Marketing Mgr.,Symantec

© 2013 The SANS™ Institute – www.sans.org 2



Layered Security —Introduction




No Silver Bullet

Anti-virus: – On the mail server – At the workstation

Firewall: – Ingress filtering (inbound) –

Egress filtering (outbound)Traffic monitoring:

“The latest thing”




Defense In Depth

Risk analysis is the starting point:

– What data is important?

– Where does it reside?

–How could it be exploited?




Layered Security

Roots in military science: – Deep defense or “defense in depth”

Goals: – Slow an attacker –

Cause enemy casualties




Layered Security Defined

“Layered security” is a defensive strategy that

uses multiple technologies to block access to

confidential data long enough to discourage

attacks and allow for detection, followed by

defensive action.




Key Security Layers




Network Controls

Firewalls – Ingress restrictions

– Egress restrictions

Intrusion Detection System – IDS/IPS

Data Loss Prevention – DLP




Antivirus

– Commonly used as a single layer

– Attackers work to avoid detection

– Polymorphic code: Changing the executable

– Heuristics: Looking for hostile behavior




Reputation

File checksum: – Mathematical “fingerprint” – Known good – Known bad – Unknown

IP address or domain: – Countries – Addresses with detected hostile traffic




Behavioral Analysis

Prevention is best but detection is a must .

Baselining normal behavior with the help of: – Firewalls – Routers – Flow collectors – Network taps


http://127.0.0.1:8081/cacti/graph.php?action=view&local_graph_id=6&rra_id=all



Analyzing Unusual Activity

High-bandwidth trafficStealthy traffic

Web trafficDNS traffic


http://127.0.0.1:8081/cacti/graph.php?action=view&local_graph_id=6&rra_id=all



Detection and Remediation

Log monitoring:www.sans.edu/research/security-laboratory/article/sixtoplogcategories IDS/IPSBehavioral analysisEnd usersThird parties


http://www.sans.edu/research/security-laboratory/article/sixtoplogcategories







The Human Layer

Perhaps the most critical point of aconcentrated defense!

Employee training: – If it’s too good to be true…

– Catch somebody doing right




Conclusion

– Attackers attack various layers! – Security must be multi-layered.

– There is no silver bullet. – Attackers look for easy targets. – Don’t assume you will stop everything.

– Slow attackers down and detect them. – Determine key assets and identify weaknesses.




Symantec Targeted Attack Protection 18

Stopping Tomorrow’s Targeted Attacks Today

Kat PelakSr. Regional Product Marketing Manager AMS




66%

Breaches went undetected for30 days or more

243

Days before detected

4

Months to remediate

Organizations are NOT Stopping Targeted Attacks

42%Increase in Targeted

Attacks Last Year



Symantec IS Security Intelligence


7 BillionFile, URL & IP Classifications

2.5 TrillionRows of Security Telemetry

1 Billion+Devices Protected

550Threat Researchers

240 Million+Contributing Users & Sensors

14Operations & Response Centers



Symantec Stops Targeted Attacks


Endpoint Gateway Data Center

Global Intelligence

NewNetwork Threat

Protection for MacDisarm forMessagingGateway



Proactive Endpoint Protection:Symantec Endpoint Protection


IntrusionPrevention

Symantec’s patentedNetwork IntrusionPrevention System

blocks attackers from

connecting over thenetwork to your PCs andinjecting their attacks.

AdvancedScanning

Symantec’s next -generation scanningtechnology blocks

suspicious files – even

those with nofingerprint – beforethey can run and steal

your data.

InsightReputation

Our Insight Systemleverages the wisdom of

Symantec’s 100s ofmillions of users to

compute safety ratings forevery single software fileon the planet, and usesthis to block targeted

attacks.

SONARBehavior Blocking

Monitors softwareas it runs on your

endpoints andautomatically blocks

software with suspiciousbehaviors even if thatsoftware has never been

seen before.

SymantecMaximum RepairThe reality is that threats

occasionally get through…Our aggressive SMR

technology roots out such

entrenched infections andkills them in seconds.



Email Targeted Attack Trends

• Most targeted attacks are sent via email

• Burying Zero-Day Attacks inside of anattachment is a popular method

• Example: RSA Breach

• Secure Email Gateways will not block

• Other examples including malicious and/orshortened URLs




Gateway: Proactive ProtectionEmail Security.cloud


Skeptic Real Time Link Following

Detect Malware AtFinal Destination

Targeted Attacks, Spear Phishing,Phishing, Spam

Evasion Tactics

Understands short URLs, freewebs,delays, multi hops, multi destination

Anticipateevolution of

malwarePredictive heuristics

Identify anomaliesDelivery behavior, message attributes,social engineering tricks, attachment

method



Thank you!

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


[email protected]

Twitter: KatherynePelak

mailto:[email protected]

mailto:[email protected]



Q & A

Please use GoToWebinar’s Questions tool to submit

questions to our panel.

Send to “Organizers”

and tell us if it’s for

a specific panelist.




Acknowledgements

Thanks to our sponsor:

To our special guest:Kat Pelak

And to our attendees:Thank you for joining us today


layered security why it works webcast

Documents