symantec enterprise security: strategy and...

Symantec Enterprise Security: Strategy and Roadmap

Galin Grozev

Senior Technology Consultant – Symantec Bulgaria

Enterprise Threat Landscape

2

Attackers Moving Faster Digital extortion

on the rise Malware gets

smarter

Zero-Day Threats Many Sectors Under Attack

5 of 6 large companies

attacked

317M new malware created

1M new threats

daily

60% of attacks

targeted SMEs

113% increase in

ransomware

45X more devices

held hostage

28% of malware was Virtual

Machine Aware

24 all-time

high

Top 5 unpatched for

295 days

24

Healthcare + 37%

Retail +11%

Education

+10% Government

+8% Financial

+6%

Source: Symantec Internet Security Threat Report 2015

Key Trends Reshaping the Enterprise Security Market

RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT

DISAPPEARING PERIMETER Decreasi gly rele a t ith fuzzy peri eter

RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud

SERVICES Security as a Service; box fatigue

CYBERSECURITY Governments and regulators playing ever larger role

3 Copyright © 2015 Symantec Corporation

Symantec Enterprise Security | STRONG FRANCHISES

4

#1 share; AAA rating

nine quarters in a row

Endpoint Security

#1 share; 100% uptime with

<0.0003% FPs 5 years in a row

Email Security

#1 DLP share;

100% of Fortune 100

Data Protection

#1 share

6B certificate lookups/day

Trust Services

13B validations every day

100% uptime last 5 years

Authentication & Authorization

Managed Security Services

12 Yrs Gartner MQ leader

30B logs analyzed/day

Copyright © 2015 Symantec Corporation

Symantec Enterprise Security | UNIQUE VISIBILITY

5

57M attack sensors in

157 countries

175M endpoints

182M web attacks

blocked last year

3.7T rows of telemetry

100 Billion more/month

9 threat response centers

500+ rapid security response team

30% of world’s enterprise

email traffic scanned/day

1.8 Billion web requests


Symantec Enterprise Security | PRODUCT STRATEGY

6

Threat Protection

ENDPOINTS DATA CENTER GATEWAYS

• Advanced Threat Protection Across All Control Points • Built-In Forensics and Remediation Within Each Control Point • Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud • Cloud-based Management for Endpoints, Datacenter, and Gateways

Unified Security Analytics Platform

Log and Telemetry Collection

Unified Incident Management and Customer Hub

Inline Integrations for Closed-loop Actionable Intelligence

Regional and Industry Benchmarking

Integrated Threat and Behavioral Analysis

Information Protection

DATA IDENTITIES

• Integrated Data and Identity Protection • Cloud Security Broker for Cloud and Mobile Apps • User and Behavioral Analytics • Cloud-based Encryption and Key Management

Users

Data

Apps

Cloud

Endpoints

Gateways

Data Center

Cyber Security Services

Monitoring, Incident Response, Simulation, Adversary Threat Intelligence


Copyright © 2015 Symantec Corporation 7




DATA IDENTITIES

Threat Protection

DATA CENTER GATEWAYS ENDPOINTS

THREAT PROTECTION

Threat Protection Requirements | FULL THREAT LIFE-CYCLE

8

Source: Gartner

PREDICT Proactive risk

analysis

Predict attacks

Baseline systems Prevent issues

Divert attackers

Harden and isolate systems

Contain issues

Confirm and prioritize risk

Detect issues Remediate/ Make change

Design/ Model change

RESPOND

PREVENT

DETECT Investigate/

Forensics

Advanced Threat

Protection

Symantec Threat Protection | STRATEGY

• Advanced Threat Protection Across Control Points

• Built-in Forensics and Remediation Within Each Control Point

• Integrated Protection of Server Workloads across On-Premise, Virtual, and Cloud

• Cloud-based Management for Endpoints, Datacenter, and Gateways

9

Advanced Threat

Protection

Network/ Gateways

Data Center

Endpoints


SYMANTEC ADVANCED THREAT PROTECTION

New advanced threat detection and response capabilities

unifying security across the network, endpoint, and email

helping organizations achieve better protection and drive

down security operations costs

• Better Detection of advanced and targeted attacks with

Cynic

• Faster Response by reducing alerts and prioritizing the

most significant threats with Synapse

• Lower OpEx with agentless integration and correlation

across network, endpoint, and email

ATP: Email ATP: Network

New cloud based

sandbox analysis

Combines execution

with global threat

intelligence and

behavioral analysis

Symantec Cy ic™ “y a tec “y apse™

New correlation across

network, endpoint, &

email,

Agentless integration

Provides prioritization

for incident responders

ATP: Endpoint

NEW TECHNOLOGY

Symantec Threat Protection | SUMMARY OF KEY CAPABILITIES

11

Next Gen Forensics and Remediation

• Granular flight recorder

• Fine-grained remediation policies

• Known and unknown exploit detection

• Common management console with centralized activity logs

• Closed-loop remediation

• No new agent (easy upgrade)

Advanced Threat Protection

• Single platform

• Cloud-based payload detonation

• Cross-control point correlation and incident prioritization

• Closed-loop remediation

• Unified incident management

Cloud-based management with single extendable agent technology, self-service BYOD provisioning, and native encryption & key management

Server Workload Protection

• Integrated protection across on premise, virtualized, and cloud-based workloads

• Consistent application of lockdown, app control, and lockdown policies

• Common Management/orchestration as workloads move to and from cloud

• Support for VMWare (NSX/ESX) and Amazon, Azure, and OpenStack






DATA IDENTITIES

Threat Protection


INFORMATION PROTECTION

Information Protection Requirements | CLOUD AND MOBILE FOCUS

13

With the advent of mobile and BYOD devices, more users are accessing and consuming information when outside the firewalls

US

ER

S A

RE

MO

VIN

G

DATA AND APPS ARE MOVING

With more data in cloud and more mobile users, information protection across cloud and mobile, combined with behavioral analytics, is a critical imperative

Historically data was created and consumed on premise; most users would create and consume this data from inside firewalls

With more applications and workloads migrating to public clouds, more and more data is created and consumed on cloud


Symantec Information Protection | STRATEGY

• Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud

• Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud

• Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats

14

Data Access

Identities

Cloud Security Broker


Symantec Information Protection | SUMMARY OF KEY CAPABILITIES

15

Cloud Security Broker

• Data and identity protection between

mobile and cloud, with no perimeter

• Highly contextual protection by

connecting user, device, location, and

data loss prevention policies

• Cloud-based SSO with biometric

authorization

• Scan and remediation of data already

in cloud apps

User and Behavioral Analytics

• Integrated analytics to track

and profile behaviors and data flow

• Prioritized incident management

• Pre-built threat models and big-data

analytics to quickly flag and detect

incidents

• Industry and global intel correlation to

detect coordinated attacks






DATA IDENTITIES

Threat Protection


CYBER SECURITY PROTECTION

Symantec Cyber Security Services | STRATEGY

Expanded services

• Incident Response and Forensics services

• Security Simulation Services for security preparedness and overall health checks

Scale up of existing and new services with core tech

• Big Data-based streaming & batch analytics

• High speed ingestion of large and ever growing log data

Expanded global footprint

• Expansion of number of SOCs globally to address demand as well as regulatory requirements

17

SECURITY SERVICE NEED SYMANTEC OFFERING

EX

IST

ING

N

EW

Adversary Threat Intelligence Service

Security Monitoring Service

Incident Response and Forensics Service

Security Simulation Service

Track & Analyze Key Events & Trends

Monitor Threats & Campaigns

Respond to Breaches Quickly & Effectively

Assess Security Readiness Under Different Scenarios


Symantec Cyber Security Services | SUMMARY OF KEY CAPABILITIES

18

Threat Intelligence Services

• Global Intelligence Network

• Early warning Portal

• Adversary threat intelligence

• Integrated IoCs from internal and

external feeds

IR and Simulation Services

• Global team with extensive experience

in forensics investigation

• Emergency/Retained/Managed options

• Integrated with SOCs to provide end to

end service

• Realistic live fire training missions

delivered as a SaaS solution

Security Monitoring Services

• Key technology IP for log collection,

analytics, and incident investigation

• Tailored to customer maturity/industry

• High-touch 24x7 service model

• Integration with next gen security

infrastructure to detect advanced threats

Global team of 500+ threat and intel experts with unique knowledge of attack actors;

Supported by Cloud-based Big Data analytics infrastructure






DATA IDENTITIES

Threat Protection


UNIFIED SECURITY ANALYTICS

Security Platforms Market | FOCUS SHIFTING TO ANALYTICS

20

ATTACKS

ARE INCREASINGLY

SOPHISTICATED

• Micro-targeted

• New techniques and zero

day attacks

• Stealthy to remain

undetected

EXISTING

TECHNOLOGY

CAN’T KEEP UP

• Reactive methods

• Insufficient data to find

subtle trends and patterns

• Isolated approaches

without broader context

ANALYST

FATIGUE IS

RAMPANT

• Too many alerts and

false positives

• Slow and manual

detection, forensics,

and remediation

RISE OF SECURITY BIG DATA ANALYTICS

Big data, analytics, and machine

learning techniques needed to

address these challenges


External Resources


2015 Internet Security Threat Report

http://www.symantec.com/security_response/publications/threatreport.jsp

Advanced Threat Protection

http://www.symantec.com/advanced-threat-protection/

Data Loss Prevention

http://www.symantec.com/data-loss-prevention/

Encryption

http://www.symantec.com/encryption/

Data Center Security

http://www.symantec.com/data-center-security/

Thank you!

Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Galin Grozev

[email protected] +359 878 441131

22

symantec enterprise security: strategy and...

Documents