integrated cyber defense at the heart of digital ... ips apm tap network tuning security analytics...

Symantec Proprietary – Limited Use Only

Integrated Cyber Defense at the Heart of Digital Transformation Symantec Security Strategy

Panagiotis Sotiriou Systems Engineer Greece, Cyprus, Romania, Bulgaria & Malta


Current Threat Landscape

Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only


Fiscal Spending Challenges Fiscal Crisis

Existing Technology Footprint Annual Security Improvement

New Regulations

Labor Cost Increases

Subscription Expense Growth

Maintaining a Dual Environment (Legacy and Cloud)

SECURITY OPERATING COSTS

CURRENT SECURITY BUDGET

6-8% ANNUAL BUDGET INCREASE


THE COMING FISCAL CRISIS

Requires Presence at Key Termination Points

The Internet Gets Darker


THE COMING FISCAL CRISIS A DARK INTERNET

Organizations Will Need to Depend on Automatic Security Capabilities The Relevance of Emerging Technologies

ARTIF IC IAL INTELL IG ENCE



DEEP ARTIFICIAL INTELLIGENCE & AUTOMATION

Industry Refocused on the Criticality of Prevention Threat Detection is Not Enough




BEST IN CLASS TERMINATION POINTS & PROTECTION

Changing Usage Models Will Mandate Cloud Generation Architecture The Cloud Generation Dilemma




BEST IN CLASS TERMINATION POINTS & PROTECTION

Changing Usage Models Will Mandate Cloud Generation Architecture The Cloud Generation Dilemma

CLOUD GENERATION ARCHITECTURE & PLATFORMS


Key Termination points

PROXY

EMAIL

CLOUD APPS

ENDPOINT


Delivering Protection in The Cloud Generation

PROXY

EMAIL

CLOUD APPS

ENDPOINT



Endpoint Requirements

Best in Class Protection

Machine Learning/Artificial Intelligence

Single Agent/Efficient Architecture

Cloud Aware/Enabled

Supports all Endpoints

PROXY

EMAIL

CLOUD APPS

ENDPOINT ENDPOINT

SINGLE AGENT


More threats lead to more agents

Poor Malware Protection against Emerging Threats

46% Increase in new

ransomware variants

92% Increase in new

downloader variants

8,500% Increase in

coinminer detections

• Integration challenges

• Compatibility issues

• Too much complexity resulting in security gaps

Technical Issues

• Multiple agent deployments and management

• Increased labor and higher costs

• Each agent needs updating with Operating System updates

• More alerts that need addressing by the SOC staff

Operational Issues

7 Average # of installed endpoint management & security agents

NETWORK FIREWALL & INTRUSION

PREVENTION

BEHAVIOR MONITORING

DEVICE CONTROL & POWER ERASER

REPUTATION ANALYSIS

MEMORY EXPLOIT MITIGATION

ADVANCED MACHINE LEARNING

EMULATOR APPLICATION ISOLATION

DECEPTION EDR APPLICATION CONTROL

Advance Malware Protection Integrated

EDR Deception SEP Hardening

Agent

Anti-malware

ANTIVIRUS

Agent Agent Agent Agent Agent Agent


Multilayered, Single-agent, Endpoint Protection SEP 14.1 and SEP Hardening Deliver Cutting Edge Technologies

NETWORK FIREWALL & INTRUSION

PREVENTION

BEHAVIOR MONITORING

DEVICE CONTROL & POWER ERASER

REPUTATION ANALYSIS

MEMORY EXPLOIT MITIGATION

ADVANCED MACHINE LEARNING

EMULATOR APPLICATION ISOLATION

DECEPTION EDR APPLICATION CONTROL

• Most effective ransomware protection

• Defend against file- less threats including memory based exploits

• Virtual patching for critical vulnerabilities

• Block polymorphic malware

Advance Malware Protection

• Detect stealthy threats

• Investigate and Hunt IoCs

• Rapidly fix endpoints

• Automate IR tasks

Integrated EDR

• Identify hidden adversaries

• Expose attackers’ intent and tactics to enhance security posture

Deception

• Auto-assess application risk

• Protect IT approved apps from exploits

• Isolate suspicious apps to prevent privileged operations

SEP Hardening

Single Agent

• Use world’s largest civilian GIN to block common threats

• Block lateral movement and command & control traffic

• Device-level control and lockdown (USB, system files)

• Remediate malware infections

ANTIVIRUS

Anti-malware


Integrations with Symantec and Partner Products

Control Points

Email Security

Web Gateway

Cloud Security

SIEM

Orchestration & Automation

Ticketing

Global Intelligence Network

Data Loss Prevention

Encryption

SOC Integration

Advanced Threat

Protection

ATP (EDR)

Content Analysis

SEP 14 + EDR

ITMS


Proxy Requirements

ENDPOINT

PROXY

EMAIL

CLOUD APPS

Best in Class

Strong Encrypted Traffic Management

Integrated CASB

Network Browser Isolation

Cloud, On-Premise & Virtual Form Factors



NETWORK TUNING

TAP

ANALYTICS

APM

SANDBOX

IPS

FIREWALL

PROXY

Bypasses Threat Protection Infrastructure Encrypted Traffic Creates Vulnerabilities

Half of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command and control activity, or data exfiltration


Fix SSL/TLS Encryption Vulnerability Secure Decryption of Network Traffic

IPS APM TAP NETWORK TUNING SECURITY ANALYTICS

SANDBOX CONTENT ANALYSIS

PROXY

SSL VISIBILITY

“C & F’s” NGFWs, SWG’s, ADCs

The Security Impact of HTTPS Interception

Symantec / Blue Coat “A”

Testing conducted by:

FIREWALL

• Securely decrypt SSL & TLS to allow complete inspection

• Scale decryption with SSL Visibility Appliance

• Set policies by category to maintain privacy

• Must maintain broad industry cipher support


100% SAFE RENDERING INFORMATION

Isolate the Web to Stop Threats

• Isolate uncategorized/risky sites

• Secure web browsing of privileged users

• Embedded Email URLs (phishing)

Evaluate and pilot a remote browser solution… as one of the most significant ways an enterprise can reduce the ability of web-based attacks on users to cause damage.”

Secure Disposable Container

DOWNLOAD EXECUTE RENDER

10010100101011010011

0010101

101010011010

011110

WEB ISOLATION PROXY

Content Analysis

https://www.gartner.com/document/3463618


SWG Proxy At Core

Flexible On-ramps, With SEP, SD-Connector

Threat Prevention and Information Security

Cloud Controls (CASB)

High-performance Global Backbone

Web Security Service

SWG Proxy Terminate ♦ Decrypt

♦ Inspect Before Delivery ♦ Orchestrate

SDN Connect

IPSec VPN

Firewall

Network Security for the Cloud Generation Advanced Network Security Stack in the Cloud

Accelerated Cloud Backbone

Telco POP Backbone

Automate Policy & Content Acceleration

Elastic Cloud SVC Structure

Content Peering & Connection Scaling

3rd Party Monitoring

QoS and Performance Optimization

Web Isolation

Malware Analysis & Sandbox

DLP Inspection & Enforcement

CASB Cloud Controls

Confidential - Internal Use Only - Do Not Distribute


Email Requirements

Flexible Form Factor

Protects Intra-Company, Outbound & Inbound

Integrated Content Isolation

Best-In-Class Spam and Malware Defense

Machine Learning / Artificial Intelligence

ENDPOINT

PROXY

EMAIL

CLOUD APPS



ISTR23: Email

Last year, 71 percent of all targeted attacks started with spear phishing

The Necurs botnet sent out almost 15 million malicious emails in 2017, 82.5% just in the second half of the year

7,710 organizations are hit by a BEC scam every month


Advanced Email Analytics Accelerates Response to Targeted Attacks

Symantec Threat Researchers

500+ threat researchers

Symantec Global Intelligence Network

emails scanned daily

2B endpoints protected

175M 1B web requests scanned daily

1

3 Advanced Email Security Analytics 60+ Data Points on Clean and Blocked Emails

Security Operations Center Team

Senders & Recipients

Targeted Attack Information

File Hashes

Sandbox Detonation Information

URL Information

2

Email Security.cloud

Artificial Intelligence

Data Scientists

Threat Isolation


Cloud Application Requirements

ENDPOINT

PROXY

EMAIL

CLOUD APPS

Visibility Over Cloud User Behavior

Control Across all Cloud Applications

User and User-Action Based Authentication

Protections Against Malicious Content

Extends Data Protection to the Cloud



ISTR23: Cloud

Cyber criminals are harnessing stolen cloud CPU usage for high-powered mining of crypto currency

68% of organizations have some employees who exhibit high-risk behaviour in their cloud accounts

18% of all PII, 13% of all PCI, and 56% of all PHI shared in the cloud is overexposed


ATP

SWG

Email Security

VIP

VIP

CASB 1.0

CloudSOC would make your ProxySG Powerful with 25,000 app controls

CloudSOC can make your DLP more expansive to all cloud apps

CloudSOC enables to ICE the data to help track and revoke it after it leaves cloud?

CloudSOC can apply Symantec’s high efficacy malware engines can stop malware in cloud?

CloudSOC makes VIP useful for 2nd factor based on risky actions, not just logins

CloudSOC can track roaming users as part of Shadow IT analysis?

CloudSOC can expand the IR capability of MSS to Shadow IT & cloud Apps?

ProxySG/WSS

DLP

Malware prevention

ICE

SEP

MSS

VIP


ENDPOINT

PROXY

EMAIL

CLOUD APPS


Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

29

Symantec’s Leadership in Gartner Magic Quadrants

Endpoint Protection

1/2018

Secure Web Gateways 6/2017

Cloud Access Security Broker (CASB) 11/2017

Managed Security Services (MSS) 1/ 2017

Enterprise Data Loss Prevention

2/2017


ADVANCED THREAT PREVENTION

Delivering Technology Services in The Cloud Generation

Content Analysis

Sandboxing

Endpoint Detection & Response

Full Packet Capture & Metadata


ADVANCED THREAT PROTECTION


ENDPOINT

PROXY

EMAIL

CLOUD APPS

PROTECT IN-STACK CENTRAL PROTECT DETECT, INVESTIGATE,

& RESPOND INTEGRATE &

AUTOMATE

CONTENT ANALYSIS & ADV MALWARE SANDBOX

THREAT ISOLATION

EDR/ATP Endpoint

SECURITY ANALYTICS

ATP EMAIL

CASB CloudSOC

TIPP

SIEM

SOAR

Ticket

API

API

API

API

ICD

x

CONTENT ANALYSIS

WEB ISOLATION

SANDBOX

ANTI-MALWARE

SANDBOX

NEXT GEN AV

HARDENING

DECEPTION

SANDBOX

WEB ISOLATION

ANALYTICS


Delivering Technology Services in The Cloud Generation

INFORMATION PROTECTION

DLP

Multifactor Authentication

Encryption

Information Centric Analytics

Discovery and Compliance


Data Moves to the Cloud Problem


SECURED CORPORATE LAN Roaming

DLP ENDPOINT DLP MANAGEMENT

CONSOLE

UNIFIED MANAGEMENT

34

DISCOVER MONITOR PROTECT

Tagging

ICE

Analytics

DLP CLOUD

Cloud Email

CASB SaaS

1010110 0110101

Cloud Proxy (WSS)

DLP STORAGE

DMZ

SPAN Port or Tap

MTA / Proxy

DLP NETWORK

In the cloud

All control points

Single pane of glass

Mobile & BYOD


ESS

Email (O365, Gmail)

Solution On-premise & Cloud Apps

ICE

Cloud DLP Detection

VIP

TAGGING

DLP Policies

DLP Violations

Endpoint Storage Network

Enterprise Network (“on premises”)

INFO CENTRIC ANALYTICS

DLP ENFORCE MGMT. CONSOLE

DLP DETECTION

TAGGING ICE

Protect against data loss from personal email and encrypted traffic

Protect against malware and data loss through email

Protect data in the cloud and beyond

CASB

SaaS (OneDrive, Box, SFDC…)

WSS

Web (LinkedIn, Facebook, Twitter…)


Solution On-premise & Cloud Apps

Endpoint Storage Network

Enterprise Network (“on premises”)

INFO CENTRIC ANALYTICS

DLP ENFORCE MGMT. CONSOLE

DLP Policies

DLP Violations

ICE FOR EMAIL

Cloud DLP Detection

VIP FOR

CASB

TAGGING

ESS

CASB

WSS

Email (O365, Gmail)

SaaS (OneDrive, Box, SFDC…)

Web (LinkedIn, Facebook, Twitter…)

DLP DETECTION

TAGGING ICE

In the cloud

All control points

Single pane of glass

Mobile & BYOD



ADVANCED THREAT PREVENTION

COMPLIANCE ENFORCEMENT

INFORMATION PROTECTION

ANALYTICS

ENCRYPTED TRAFFIC MANAGEMENT

ICDx



INTEGRATED CYBER DEFENSE EXCHANGE (ICDx)

• Open Interface to Symantec and Third Party Technologies

• Structures and Unifies Telemetry

• Control of Event Information for Regulatory Adherence

• Long-Term Correlation of Event and Telemetry Data

• Provides Automated Actions for Control Points

• Integration Point for External Control Structures • MSP • Artificial Intelligence / Machine Learning • Orchestration

ICDx


INTEGRATED CYBER DEFENSE PLATFORM

THREAT RESEARCH

Massive Global Threat Telemetry

State of The Art Security Analysis

Best-in-Class Global Cyberwarriors

Automated Threat Intel Fed to Platform




THREAT RESEARCH

Provider Ecosystem

3rd Party Integrations

Information Exchange Layer

Managed Security Services Provider

PLATFORM SERVICES


Custom Outcomes




PLATFORM SERVICES

600+ PARTNERS INQUIRIES 94 TECHNOLOGY PARTNERS 178 INTEGRATIONS


Delivering a Simplified Security Model for the Cloud Generation

Symantec Integrated Cyber Defense

Headquarters Data Center

Regional Office

Roaming Users

integrated cyber defense at the heart of digital ... ips apm tap network tuning security analytics...

Documents