secure & manage the world’s information · 1818 the sep advantage… symantec endpoint...
TRANSCRIPT
1
22
Secure & Manage The World’s Information
Infrastructure
Information
Governance
Policy Risk ManagementCompliance
ManagementData
ProtectionSecurity
Storage
ManagementAvailability
Classification eDiscoveryData Loss Prevention Archiving / Retention
CloudEndpoints Data Center
Incident Management
Copyright © 2009 Symantec Corporation. All rights reserved.
3
3
Twyford
Munich
Alexandria
Sydney
Redwood City
Santa Monica
Calgary
San Francisco
Dublin
Pune
Taipei
Tokyo
Information Protection NetworkPreemptive Security Alerts Threat Triggered Actions
Global Scope and Scale Largest Security Footprint Worldwide Instant Detection
24x7x365 Collection & Correlation
Attack Activity• 240,000 sensors
• 200+ countries
Malware Intelligence
• 130M* client, server,
gateways monitored
• Global coverage
Vulnerabilities• 32,000+ vulnerabilities
• 11,000 vendors
• 72,000 technologies
Spam/Phishing• 2.5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Symantec Global Intelligence Network (GIN)
identifies more threats - takes action faster - prevents impact
Springfield
4
Internet Security Threat Report
• A World-Wide Vender Neutral Comprehensive and Empirical Analysis Internet Security Threat Activities and Trends Identified by Symantec
Based upon “Real” Data Collected by Global Intelligence Network
Only Available Report Offering Complete View of the Current Internet
Security Threat Landscape
• Identifies and Analyzes Attacker Methods, Techniques and
Preferences
• Details Latest Trends, Activities and Information Internet Attacks
Vulnerabilities Discovered and Exploited
Malicious Code / Malware
Additional Security Threats - Spyware, Phishing, and Spam
Underground Economy Activity
• This Report Is Not: A Survey of Opinions
Product Driven Marketing
Scientific Certainty
An Analysis of Vendor Capabilities
http://www.symantec.com/enterprise/threatreport
Copyright © 2010 Symantec Corporation. All rights reserved.
5
Internet Security Threat Report
http://www.symantec.com/enterprise/threatreport
Copyright © 2010 Symantec Corporation. All rights reserved.
6Copyright © 2010 Symantec Corporation. All rights reserved.
Fortune
• Threats persist with a goal of notoriety
• Threats are visible and indiscriminate
• Threats are fleeting with a goal of profit
• Threats are SILENT and laser targeted to steal data
Old Motivation New Motivation
Fame
PeopleComputers
• Attackers are increasingly targeting end users by compromising high-traffic, trusted websites
• Attackers are moving their operations to regions with emerging Internet infrastructures and, in some instances, developing and maintaining their own service provisioning
Copyright Symantec 2010
Threat Landscape History
7
Threat Landscape Evolution
Time
# o
f A
pp
lic
ati
on
s
Attackers have shifted…
Away from mass-distribution of few threats;
To micro distribution of millions of distinct threats.
How? Their servers generate a new malware
strain every few moments
Every set of victims gets attacked by a new strain!
How big is the problem?
We’re creating as many as 10-25K
signatures for new threats daily!
Further, our sensor data shows us that we’ve
passed an inflection point…
A week-long internal study showed that more malicious
programs were released than legitimate software.
65% of all new apps installed during the 1-week study were
malicious, and found on <5% users’ PCs.
And attackers could make things far worse…
We could easily see millions/tens of millions of unique threats
per year.
What chance will a security vendor have of discovering
malware targeted at just 2-3 users?
Copyright Symantec 2010Copyright © 2010 Symantec Corporation. All rights reserved.
8
90% of breaches in 2009 involved organized crime targeting corporate/sensitive/protected/ information
81% of attacked organizations were non-compliant in PCI & assoc.
67% of breaches were due to insider negligence
Copyright © 2010 Symantec Corporation. All rights reserved.
Anatomy of a Breach; the bottom line.
9
An average of 300 million attempted malicious code attacks worldwide BLOCKED each month in 2009.
Over 60% of Symantec’s malicious code signatures created in 2008 alone.
Over 90% of threats in 2009 targeted confidential
information
Prelude To A Breach
How do we Protect the Infrastructure?
Copyright © 2010 Symantec Corporation. All rights reserved.
10Copyright © 2010 Symantec Corporation. All rights reserved.
How do we better Protect the Information?
11
Lock down systems
Keep the bad things out
Protect only infrastructure
Decisions are fixed and static
Disparate and disconnected
S E C U R I T Y 1 . 0
Balance Risk and Opportunity
Keep the Good Things in
Protect Information and Interactions
Make Decisions Based on Reputation
Standardize and Automate Processes
S E C U R I T Y 2 . 0
From Inhibitor to Mission/Business Enabler
Vision: Transforming Security
Copyright © 2010 Symantec Corporation. All rights reserved.
12
• How does security enable the organization to complete its stated mission objectives?
• How important are the following when making security-related decisions?
– Achieving/maintaining regulatory compliance
– Protecting operational reputation
– Protecting against financial loss
– Protecting intellectual process / confidential information
– Protecting the accuracy and integrity of data and systems
– Threat management agility
– Time to deployment & enablement
Mission Drivers for Security
Strategy: Transforming Security
Copyright © 2010 Symantec Corporation. All rights reserved.
13
Security Advisory & Residency Services
Global Security Intelligence, Support, and Response
Security 2010+ Taxonomy
Strategy: Transforming Security
Copyright © 2010 Symantec Corporation. All rights reserved.
Endpoint Security & Management
Governance
Information Protection
Infrastructure Management
•Security Information Manager
•Control Compliance Suite
•Managed Security Services
•DeepSight Threat Management
•Security Program Assessment
•Information Assurance Analysis
•Penetration Testing
•Altiris Asset Management Solution
•Data Loss Prevention
•Cyber Threat Analysis Program (CTAP)
•Enterprise Vault
•Symantec Mail Security
•Symantec Workflow
•Backup Exec System Recovery
•Message Labs (SaaS)
•Web & Mail Protect
•Archiving
•Symantec Mobile Security
•Symantec Endpoint Protection
•Symantec Network Access Control
•Symantec Web Gateway
•Symantec Critical System Protection
•Altiris Client Management Suite
•Symantec Endpoint Encryption
•Endpoint Virtualization
Develop and Enforce IT
Policies
> Control Compliance Suite
> Data Loss Prevention SuiteProtect the Information
Protect the Infrastructure
Manage Systems
> Symantec Protection Suite
> Altiris Total Management Suite
Governance
Infrastructure Management
Information Protection
Symantec
SecurityStrategy
SymantecProtection Suite
1Protect the Infrastructure
15
Symantec Protection Suite
Protect the Infrastructure
Secure
Endpoints
Protect
Email and
Web
Defend
Critical
Internal
Servers
Backup
and
Recover
Data
1616
AntiVirus alone is not enough…
Copyright © 2010 Symantec Corporation. All rights reserved.
Antivirus
Antispyware
Standard Antivirus
PC deployment
Symantec
AntiVirus
1717
AntiVirus vs. SEP11…
Copyright © 2010 Symantec Corporation. All rights reserved.
Antivirus
Antispyware
Standard Antivirus
PC deployment
Comprehensive
Endpoint Protection
deployment
Antivirus
Antispyware
Intrusion
Prevention
Firewall
Device and Application
Control
Symantec
AntiVirus
Symantec Endpoint
Protection 11.0
1818
The SEP Advantage…
SymantecEndpoint
Protection 11.0
Closest Endpoint
Competitor
Symantec AntiVirus
10.x
◔ ◔
○◔
○◔○○
●●
●●
●●●●●
●
75 M
B+
25
MB
24
MBSEP 11.0 Client
1919
Recent HydraQ Defenses via SEP
• Symantec released updated THREAT AV signatures associated with attack:
– Trojan.Pidief.G July 2, 2009
– Trojan Horse.H July 13, 2009
– Bloodhound.Exploit.266 August 2, 2009
– Trojan Horse.H1 July 13, 2009
– Trojan.Hydraq January 11, 2010
– Trojan.Hydraq!gen1 January14, 2010
• Symantec released updated VULNERABILITY IPS signatures associated with this attack:
Blocks IE zero-day exploit:HTTP MSIE Memory Corruption Code Exec (23599) January 16, 2010
Blocks Adobe Acrobat, Reader and Flash vulnerability: HTTP Acrobat PDF Suspicious File Download 4 July 17, 2009
1
9
2020
AntiVirus vs. SEP11 vs. SEP/SNAC11
Copyright © 2010 Symantec Corporation. All rights reserved.
Antivirus
Antispyware
Standard Antivirus
PC deployment
Complete Endpoint
Security Solution
Antivirus
Antispyware
Intrusion
Prevention
Comprehensive
Endpoint Protection
deployment
Firewall
Device and Application
Control
Antivirus
Antispyware
Intrusion
Prevention
Firewall
Device and Application
Control
Network Access
Control
Symantec
AntiVirus
Symantec Endpoint
Protection 11.0
Symantec Endpoint Protection 11.0
Symantec Network Access Control 11.0
2121
Enforce Security, Configuration &
Compliance…
• Checks adherence to endpoint security policies…
…continuously!
Antivirus installed and current?
Firewall installed and running?
Required patches and service packs?
Required configuration?
• Is NOT network dependent
• Remediates configuration problems
• Regulates guest access
Symantec Network Access Control
“An endpoint management anomaly is by definition an
endpoint security vulnerability.”
SNAC mitigates and remediates those anomalies.
2222
Symantec Protection Suite
22
Symantec Protection Suite Enterprise Edition
Endpoint Security
• Symantec Endpoint Protection
• Symantec Network Access Control Self Enforcement
• Symantec Mobile Security
Messaging & Web Security
• Symantec Brightmail Gateway
• Symantec Web Gateway
• Symantec Mail Security for Microsoft Exchange
• Symantec Mail Security for Domino
• Symantec Premium AntiSpam
Backup and Recovery
• Symantec Backup Exec System Recovery
22
One
$ Price
All these
Solutions
2323
True High Caliber Server Protection…
NetworkProtection(Host IPS)
ExploitPrevention
(Host IPS)
SystemControls(Host IPS)
Auditing &Alerting
(Host IDS)
Symantec Critical
Systems Protection 5.2
• Restrict apps & O/S
behaviors
• Protect systems from
buffer overflow
• Intrusion prevention for
day-zero attacks
• Monitor logs and
security events
• Consolidate & forward
logs for archives and
reporting
• Smart event response
for quick action
• Close back doors
(block ports)
• Limit network
connectivity by
application
• Restrict traffic flow
inbound and outbound
• Lock down
configuration & settings
• Enforce security policy
• De-escalate user
privileges
• Prevent removable
media use
Symantec Critical Systems Protection
simplify - streamline - protect
2424
True High Caliber Server Protection…
PlatformClient
Edition
Server Edition
Prevention Detection
Microsoft Windows®
Windows XP
Windows 2000
Windows 2000, 2003 and 2008,
includes 32-bit & 64-bit support
Windows NT
Windows 2000, 2003 and 2008,
includes 32-bit & 64-bit support
Windows NT
Solaris™ n/a Solaris 8, 9, 10**includes x86, x86 VM, 64-bit & Zones
Solaris 8, 9, 10* *includes x86, x86 VM, 64-bit & Zones
Linux™SuSE Linux Professional
SuSE Linux Enterprise Server 8, 9,10
RedHat Enterprise Linux 3**, 4**, 5
includes 32-bit & 64-bit support
SuSE Linux Enterprise Server 8, 9,10
RedHat Enterprise Linux 3**, 4**, 5
includes 32-bit & 64-bit support
AIX™ n/a *2010 mapped AIX 5L (5.1, 5.2, and 5.3)
HP-UX™ n/a *2010 mapped
HP-UX 11i v1 (11.11)**, v2 (11.23)**
and v3 (11.31)**
HP Tru64 Unix V5.1B
Symantec Critical Systems Protection
2525
Enterprise Security Visibility…
Symantec Security Information Manager
Collection• Broad and
customizable
• High volume processing
• Meaningful normalization
• Assured reliability
Storage• Flexible capacity
• Archive segmentations
• Quick queries and searches
• Retention Policy Automation
• Integrity verification
Correlation• Easy rule based
analysis
• Hierarchical incident associations
• Global Intelligence Network integration
• Asset groupings
• Over 400 out of box queries
Presentation• Customizable
consoles
• Web based portals
• Raw event data viewer
• Standardized query templates
2626
Enterprise Security Visibility & Mgmt…
Symantec Security Information Manager [ SSIM ]
1) Allows the CIC/members to “build & maintain their own GIN.”
2) Leverages Symantec GIN & Workflow…
…for Proactive Threat Visibility, Agility, and Reactivity.
Enterprise
Network
Mail and Groupware
Endpoint
OS
Database
Firewalls
Syslog
Vulnerability Scanners
Other sources…
IDS/IPS
• SEP
• SNAC
• SCSP
• SEE
• Altiris
• Cisco
• ArcSight
• Microsoft
• McAfee
• CheckPoint
• ~200 more…
27
Symantec
SecurityStrategy
ControlComplianceSuite
2Develop and EnforceIT Policies
28
Control Compliance Suite
Develop and Enforce IT Policies
Define
Risk and
Develop
IT Policies
Assess
Infrastructure
and Processes
Report, Monitor andDemonstrate
Due Care
RemediateProblems
2929
Control Compliance Suite
Assess Infrastructure and Processes
Assess Report
Assess Risk andRemediateProblems
Remediate
Monitor andDemonstrateDue Care
Define
Determine Riskand Develop Policies
TECHNICAL
CONTROLS
DASHBOARDS
AUDIT
REPORTSRISK ASSESSMENTS
RISK WEIGHTED
REMEDIATION
PROCEDURAL
CONTROLS
POLICIES and CONTROLS
* Gideon Technologies acquisition to grow SCAP Compliance Suite
30
Symantec
SecurityStrategy
Data LossPrevention Suite
3Protect theInformation
31
Protect the Information
Data Loss Prevention Suite
Discover
Where Sensitive
Information
Resides
Monitor
How Data
is Being Used
Protect
Sensitive
Information
From Loss
3232
Data Loss Prevention
Removable
Media
Content
Control
Data
Discovery
Security
Web
Security
Instant
Message
Security
E-Discovery /
Classification
Archive /
BackupData
Governance
DLP
PlatformMonitoring & Prevention
Discovery & Protection
Direct integrations:
-Symantec Enterprise Vault
-Symantec Backup Exec
Recovery
-Symantec Network Access
Control
Process automations:
Automated eDiscovery
Automated Lost Hardware
Risk Mitigation
3333
Symantec Endpoint Encryption
Full Disk and/or Partition Encryption:
-Encrypts boot disk
-Encrypts up to 20+ partitions on system boot disk
-FIPS 140-2 validated AES cryptography
-256-bit key (default) or 128-bit key for disk encryption
-Self-service recovery for lost or forgotten passwords -
Authenti-Check™ challenge/response questions and
answers
-Pre-boot hardened authentication
-Single Sign-on integration
Removable Media Encryption:
-Transparent end user operation
-Comprehensive encryption support
Policy based encryption for removable media
FIPS certified AES 256 bit or 128 bit, CC EAL4 pending
Encrypt plain text data on devices
-Best-in-class storage media support
Flash drives, Hard drives, SD cards, CF cards, CDs/DVDs, iPods, etc.
-Portability
Access utility – Install by policy, read / write encrypted data
Self-extracting archives
34
Symantec
SecurityStrategy
Altiris TotalManagementSuite
4Manage the Enterprise
35
Manage the Enterprise
Altiris Total Management Suite
Increase
IT Effectiveness
Control
Hardware and
Software Expenses
Improve
Availability and
Service Levels
3636
Integration Capabilities via Altiris LCM
Copyright © 2010 Symantec Corporation. All rights reserved.
SYSTEMS MANAGEMENT
• *Client Management Suite
• *Server Management Suite
• Service & Asset Management Suite
• Endpoint Virtualization
• Veritas Configuration Manager
INFORMATION PROTECTION ENDPOINT SECURITY
• Symantec Data Loss Prevention
• Symantec Endpoint Encryption
• Backup Exec System Recovery
• Backup Exec Infrastructure Manager
• Symantec Endpoint Protection
• Symantec Network Access Control
• Symantec Critical Systems Protection
Unified Deployment and Management via Altiris
Integration of the Industry Leading Solutions;
period.
3737
IT Tool Collaboration &
Process Automation via Symantec Workflow
3838
Virtualization Capabilities via Altiris
• On-demand application streaming
• User-based provisioning
• Simplified packaging and scripting
• Direct MSI conversion
• Dynamic License Management
• Single click application upgrades
• Industry standard distributed architecture
• License tracking and management
Virtual Distribution
Symantec Workspace Streaming
• Single sign-on
• Application auto launch
• Roaming with state persistence
• Kiosk for workstation sharing
• Location awareness
• Proximity printing
• Consistent local / remote access
Virtual Workspace
Symantec Workspace Corporate and Symantec Workspace Remote
• Eliminate application conflicts
• Accelerate application rollouts
• Low overhead
• Virtualized apps interact normally
• User/system/management agents interact normally with virtualized apps
• Keeps base OS image clean
• Rapidly resolve application problems
• Integration with multiple Symantec products
Virtual Execution
Symantec Workspace Virtualization
Symantec Virtualization Solutions
39
> Symantec Protection Suite
Manage the
Enterprise
> Control Compliance Suite
> Data Loss Prevention Suite
> Altiris Total Management Suite
Protect the
Information
Develop and Enforce
IT Policies
Protect the
Infrastructure
Copyright © 2010 Symantec Corporation. All rights reserved.
40
#1 #2 #3 #4
prevalence hygiene provenance reputation
How many other
people in the
world have this
file?
User behavior
can drive
infection rates
Publishers and
distributors
Malware histories
help prioritize
publishers
DeepClean
Collectively, this becomes the system for building and
maintaining the world’s most precise and most comprehensive
whitelist and file provide reputation infrastructure
Copyright Symantec 2010
Reputation-Based Protection
Endpoint Security Roadmap
Copyright © 2010 Symantec Corporation. All rights reserved.
41
Start with a mature endpoint stack…
Antivirus
Antispyware
Intrusion
Prevention
Firewall
Device and Application
Control
Network Access
Control
EN
CR
YP
TI
ON
DL
P
AL
TI
RI
S/
LC
M
42
Symantec Advisory Services
Secure Application Services
Application Development Lifecycle
Review
Application Penetration Tests
Application Design Assessment
Application Code Review
Application Security Principles Course
Security Focused Advisory / Consulting Services
Compliance Services
Regulatory & Standards Assessments
PCI Services– PCI Security Audit Service
– PCI Security Scanning Service
– PCI Compliance Readiness Review
– PCI Payment Application Best
Practices Assessment
ISO 17799 Gap Assessment
Federal/Gov’t Standards Compliance
Assessments
Secure Infrastructure Services
Network Architecture Assessment &
Design Review
Network Penetration Assessment
Network Vulnerability Assessment
Wireless Security Assessment
Security Operations Services
Secure Lifecycle Development
Risk/Blueprint Assessment
SOC Design and Staffing
Security Awareness Program
Cyber Threat Analysis Program (CTAP)
Breach & Outbreak Response Action
Team (‘BORAT’)
Our Experts making a Difference for Your Organization
Copyright © 2010 Symantec Corporation. All rights reserved.
-
E-Mail Security BoundariesContent-Aware DLP PC Lifecycle Config Mgmt
Network Access Control Endpoint Protection Platforms Security Info & Event Mgmt
Magic Quadrant Strategic Leadership
44
Thank You!
45