Die neue Symantecde.security.westcon.com/documents/56742/2017_06_new_Symantec... · Secure Web DLP...
Transcript of Die neue Symantecde.security.westcon.com/documents/56742/2017_06_new_Symantec... · Secure Web DLP...
Die neue Symantec
Dr. Michael Teschner
Juli 2017
2Copyright © 2017 Symantec Corporation
Symantec | At a Glance
175M endpoints under protection
6 SOCs threat response centers
3000+r&d engineers
385,000 business customers worldwide
$4.6B annual revenue 2123 patents
Consumer & Enterprise Business
3Copyright © 2017 Symantec Corporation
Market Transformations
Infrastructure
Mobile Cloud
Business
ExtendedWorkforce
DigitalProcesses
BigData
APTs
Sophisticated Fraud
Threat Landscape
Audits
Regulatory Frameworks
Regulatories
DLPSecure Web Gateway
RiskInsight
Secure Mail Gateway
Web Application Firewall
Advanced Threat Protection
MalwareAnalysis
Cyber SecurityServices
IT SystemManagement
Endpoint Protection
EDR
Endpoint Cloud
VIPIdentity
LocalIntelligence
File
UR
L
Wh
itel
ist
Bla
cklis
t
Cer
tifi
cate
Mac
hin
e Le
arn
ing
SIEM Integration
Data CenterSecurity
EncryptionContent Analysis
Performance Optimization
Cloud Secure Web
GatewayCloud DLP CASB
Managed PKI
Email Security
Data Center
Security
Cloud Sandbox
WebsiteSecurity
Encryption
Compliance Management
EncryptedTraffic
ManagementSecurity Analytics
SOC Workbench
Third Party Ecosystem
ON
P
RE
MIS
ES
CLO
UD Cloud Data
Protection
Symantec Integrated Cyber Defense Platform
Aquisitions 2017 • Watchful – Data Classification• Fireglass* – Threat Isolation• Skycure* – Mobile Threat Detection
5Copyright © 2017 Symantec Corporation
The Symantec Solution Portfolio
o Protection of four main Attack vectorso User and their devices
o Information at every location
o Web / Cloud
o Mail & Messaging
o Data Center – Security & Complianceo Physical, Virtual and Cloud Workloads
o Incident Response & Forensico Cyber Security Services
o Security Analytics
o IoT & Industry 4.0
Integrated Cyber Defense Platform
File
UR
L
Wh
ite
list
Bla
cklis
t
Ce
rtific
ate
Ma
ch
ine
Le
arn
ing
Symantec Global Intelligence Network
6Copyright © 2017 Symantec Corporation
Symantec – Integrated Cyber Defense Platform
Workloads (Cloud, on-prem)
Network Cloud Apps MailEndpoint /
MobileDevices &
SensorsICS Networking
SWGSSL VASA
CloudSOC SMGEmail.cloud
SEPSkycure*
CSPCCSDCS
Anomalydetection
CSP embeddedPKI
VIP – DLP – ATP – ICE – ICT – GIN – Fireglass*
ITOT
Products
Control Points
7Copyright © 2017 Symantec Corporation
Symantec – Integrated Cyber Defense Platform
Workloads (Cloud, on-prem)
Network Cloud Apps MailEndpoint /
MobileDevices &
SensorsICS Networking
SWGSSL VASA
CloudSOC SMGEmail.cloud
SEPSkycure*
CSPCCSDCS
Anomalydetection
CSP embeddedPKI
VIP – DLP – ATP – ICE – ICT – GIN – Fireglass*
ITOT
Products
Control Points
Blue Coat
Symantec
Security & Compliance for Web & CloudTodays Situation – IT responsible perspective
ConsumerInternet
Cloud Shadow IT
Web Applications
Sanctioned Cloud Apps
Mobile
perimeter
Security & Compliance for Web & CloudSymantec Control Points
ConsumerInternet
Cloud Shadow IT
Web Applications
Sanctioned Cloud Apps
Mobile
perimeter
Proxy
Web Security ServiceCloud SOC
Security & Compliance for Web & CloudSolution areas
ConsumerInternet
Cloud Shadow IT
Web Applications
Sanctioned Cloud Apps
Mobile
perimeter
Proxy
Web Security ServiceCloud SOC
Web Access ManagementThreat Protection1
Web ApplicationFirewall2
Encrypted TrafficManagement3
Shadow IT Analysis & Management4
Management ofSanctioned Apps
5
• 21,000+ Cloud apps
• 60 attributes of risk and business readiness
• Drive Shadow IT control policy on Proxy/SWG
Web Threat
Cloud Risk
Web AppProtect
Cache
WebContent
GEOLocation
Web Risk
MalnetCloud App
Control Web and Cloud AccessAccess Governance and Policy Enforcement
InternetProxy
Web Threat Protection
Cloud Access Security (CASB)
Global Intelligence
Network
• OWASP Top 10 application protections
• Dynamic intelligence to maximize cache
Web AppFirewall &
Reverse Proxy
• 12 Security categories to block 90% of all threats
• Malnet stop zero day exploits
• URL Threat Risk – increases security without over-block
W W W.W E B S I T E . C O M
AcceptableUse
• 84 Total categories
• Across 55 languages
• Dynamic, real time rating
PRIVATE
Secure WEB Gateway – On Premise to Cloud Spectrum
Physical
Virtual Appliances
Virtual
IaaS
PUBLIC
Services
SaaS
Single Administrative Console Unified Policy Enforcement Perfect for Hybrid Environments
Fireglass - Threat Isolation with Symantec Security Gateways
• Agentless• Delivered on-premises or in the cloud• Any device, OS and browser
User
User gestures
TransparentClientlessRendering
100% safevisual stream
Web
Documents
Threat Isolation Platform
Secure Disposable Container
Render Execute Download
Intelligence Services
Proxy Policies Set to Isolate Risky Traffic
Content & MalwareAnalysis
Users
1 Allow trusted sites
2 Block known bad sites
3 Analyze risky with CA/MA
4 Isolate uncategorized/risky sites where access is needed
Categorized Trusted Sites
Allow
1
Categorized Bad Sites
Block2
Uncategorized/RiskyWebsites
Isolate4
Risky SitesAnalyze
3? ?
?
Secure Gateway WAF (Web Application Firewall)Combines Reverse Proxy with Innovative Approach to Application Protection
Users
FirewallGrowing Base of
Web Applications
Granular Management capabilites
• Multi-Tenancy: maximal management flexibility
• Effective date: testing new rules without impacting production
Application Level Security & ATP Protection• OWASP TOP 10 Protections• File extraction, onboard advanced
file inspection, ICAP to sandbox
Eliminate White List Programming to Scale and Operate• “Content Nature Detection”
simulates server response• Lower false positives,
increased zero-day protection
Proxy
Reverse Proxy
WAF
Encrypted Traffic Management
Preserving the highest level
of Crypto
Enhance the ROI of the security infrastructure
Data privacy and compliance while enabling security
Automated visibility and control of
encrypted traffic
A Design Point in the EnterpriseNot a feature of another product
Enhance Existing Security ToolsDecrypt Once Feed Many
SSL Visibility Appliance
Sandbox / Anti-Malware
GLOBAL INTELLIGENCE NETWORK
NGFW / IDS / IPSSecurity Analytics
HSM/EKCM
DLP
Policy Data
for Host Categorization
• Purpose Built
• Design Point for ETM
• No Rip/Replace
• Add value to tools
• Add value to customer
• Add value to partners
Symantec CloudSOC
Proxy
Cloud Proxy
Events
OutsidePerimeter
Risk Assessment
Intrusion Detection
Proxy/Firewall
Incident Response
Investigations
DLP
Malware Detection
EnterprisePerimeter
Cloud API
StreamIQ™
ContentIQ™
ThreatScore™
Machine Learning, Semantic Analysis,Graph Theory, Natural language processing Export to HP/Arcsight,
IBM/QRadar or CSV
Comprehensive Cloud Security & Compliance
Visibility of Shadow IT
Protection Against Malicious Attacks
Granular Control of Sensitive Data
Copyright © 2016 Symantec Corporation
19
ContentIQ™StreamIQ™ ThreatScore
• Identify & Remediate Risky Exposures
• automatically classify sensitive content
• Define granular content-based and context-based policies:
– users, device, location, file properties, access properties, content, activity, threat score
• Enforce access controls to govern use of cloud apps
• Leverage User Behavior Analytics to identify malicious behavior
• trigger policies alerting admins or quarantining activity
• Detect and Prevent Malware in the Cloud
• Track advanced data exfiltration attacks with Sequence Detectors
• Identify Shadow IT and analyze risky activity
• Make smart app choices
• Uncover opportunities for cost optimization
• Continuously monitor app usage and track compliance
CloudSOC Components
Visibility & control for popular sanctioned cloud app accounts
Extended visibility & control for security conscious organizations
Available for 75+ cloud apps via inline gatewayAvailable for popular cloud apps via API: O365, Google, Box, Dropbox, Salesforce, ServiceNow, DocuSign, AWS, Jive, GitHub
API-based Security
Fast & easy to implement
Visibility/control in sanctioned cloud accounts
ContentIQ for O365, Google, Box, Dropbox, Salesforce
Inline gateway-based Security
Real-time policy enforcement
Visibility/control for sanctioned & unsanctioned cloud accounts
ContentIQ for 60+ apps
Visibility & control for Shadow IT
Discovery/visibility for 21,000+ cloud apps with intelligence on 60+ risk attributes
Shadow IT Analysis
Business Readiness Ratings
Control w/ ProxySG integration
Visibility from logs (SWG, NGFW, SEP M)
Detect InvestigateProtectAudit
Symantec CloudSOC – Control Point in the cloud
Copyright © 2017 Symantec Corporation
21
Endpoint Security
Data LossPrevention
WebSecurity
Encryption
UserAuthentication
ATP
Symantec Security Analytics - Security Camera and DVR for Your Network
Enriched Traffic Recording Delivers Unparalleled Evidence
Security Analytics –System of Record
24/7 lossless full packet recording
Intelligent/enriched system of record
Days, weeks or months of traffic
Appliance, software, or VM
“At a minimum, organizations should
capture 30 days’ of packet data. 60 days’ worth is
even better.”
FileReputation
URL Reputation andContent Categorization
Other Indicatorsof Compromise
Intelligence Services Tap the vast threat data from Symantec Global Intelligence Network to inspects all web, mail and file protocols for malicious activity and files
Real-time Threat Analysis & Threat Reputation to Full Packet Capture
SymantecMalware Analysis
Suspicious files are delivered to Malware Analysis sandbox for inspection
Global Intelligence
Network
PE ScannerjSUNPACK
Geolocation
More…
Malware Analysis
Reputation Services from Multiple Sources
Open Integration – Solid Partnerships
SECURITY ANALYTICS SUPPORTS BEST-OF-BREED INTEGRATIONSWork Smarter & Faster – Make Better Decision
PacketShaper – Full Traffic Visibility & Application-Level QoS Control
• All ports and protocols
• L7 app awareness, identify SSL traffic
• Real-time classification, thousands of apps, millions of URLs, 85 categories
Backup11% OS & Mobile
Updates7%
Office 36510%
SalesForce/Oracle
7%
YouTube11%Facebook
10%
Drop Box6%
News & Sports
5%
Internet Email
3%
Video & Music
Download13%
Skype, WeChat, etc.6%
Other11%
• Flexible QoS by class, app, user or flow
• TCP Rate Control for voice, video and real-time apps over Internet/Cloud
• Protect user experience, fair access
Cloud, ERP/CRM
RT: VoIP, Video
Social, YouTube, FB
Local, VDI, WiFi
Guarantee
Protect
Constrain
Distribute
• Real-time dashboard and reporting on flow status and metrics
• Selective capture (PCAP) and flow detail record (FDR)
ENFORCE Policy, IMPROVE Experience, ALIGN Resources
Manage Bandwidth Monitor StatusUnderstand Traffic
26Copyright © 2017 Symantec Corporation
Symantec – Integrated Cyber Defense Platform
Workloads (Cloud, on-prem)
Network Cloud Apps MailEndpoint /
MobileDevices &
SensorsICS Networking
SWGSSL VASA
CloudSOC SMGEmail.cloud
SEPSkycure*
CSPCCSDCS
Anomalydetection
CSP embeddedPKI
VIP – DLP – ATP – ICE – ICT – GIN – Fireglass*
ITOT
Products
Control Points Symantec
27Copyright © 2017 Symantec Corporation
Superior ProtectionProtection against threats, using essential and next-gen technologies.
Fed by the largest global threat intelligence network in the world.
High PerformanceA single management console and high performance, lightweight
agent to protect the business without slowing down end users.
Orchestrated Response Easily integrate into existing security infrastructure to maintain a
high level of protection and speed response.
Symantec Endpoint Protection 14Protection Against Advanced Threats Without Compromising Productivity
Performance
Protection
Response
28Copyright © 2017 Symantec Corporation
Superior Protection Against the Next Generation of ThreatsStop Targeted Attacks and Zero-Day Threats with Layered Protection
ANTIVIRUS
NETWORK FIREWALL & INTRUSION
PREVENTION
APPLICATION AND DEVICE
CONTROL
BEHAVIOR MONITORING
MEMORY EXPLOIT
MITIGATION
REPUTATION ANALYSIS
ADVANCED MACHINE LEARNING
EMULATOR
NETWORK FIREWALL & INTRUSION
PREVENTION
Pre-execution detection of new and evolving threats
INCURSION INFESTATION and EXFILTRATIONINFECTION
Patented real-time cloud lookup for scanning of suspicious files
Blocks
malware
before it
spreads to
your machine
and controls
traffic
Scans and eradicates malware that arrives on a system
Blocks
malware
before it
spreads to
your machine
and controls
traffic
Determines safety of files and websites using the wisdom of the community
Monitors and blocks files that exhibit suspicious behaviors
Blocks zero-
day exploits
against
vulnerabilities
in popular
software
Control file, registry, and device access and behavior; whitelisting, blacklisting, etc..
Virtual machine detects malware hidden using custom packers
29Copyright © 2017 Symantec Corporation
Respond to Advanced AttacksQuickly Prevent the Spread of Infection to Minimize Damage
Orchestrate a response from Symantec EDR Console; EDR capabilities are built into the SEP agent
Aggressive
remediation of
hard-to-
remove
infections
Use APIs to orchestrate a response from Secure Web Gateway
Part of
Application
Control -
harden
endpoint
security with
whitelisting &
blacklisting
Quarantine, detect unauthorized change, conduct damage assessment and ensures compliance
INNOCULATION
POWER ERASER HOST INTEGRITYSYSTEM
LOCKDOWNEDR CONSOLE
(ATP:ENDPOINT)
SECURE WEB GATEWAY
INTEGRATION
30Copyright © 2017 Symantec Corporation
EMET
SEP 14
Anti-malware
Next-Gen Endpoint
EndpointDetection & Response
Exploit Prevention
SEP 14: Reducing Total Cost of Ownership and Endpoint Complexity
A single agent combines multiple technologies
31Copyright © 2017 Symantec Corporation
Skycure - Mobile Threat Detection
THREAT INTELLIGENCECrowd-sourced
3rd party threat aggregation
Skycure research
CLOUD SERVER
Risk/compliance visibility
Advanced security
Automation & integration
PUBLIC APP
Simple deployment & maintenance
Ensured privacy
Minimal footprint
Consistentacross Managed & Unmanagedscenarios
EMM
EMM
32Copyright © 2017 Symantec Corporation
SEP 14, Norton
Enhancedw/ Skycure
Secure SaaS
Safe Web
Contextual Authentication
WSS
Smart VPN
Safe Hotspot
Secure Endpoint
Secure Mobile Cloud Experience
• Secure all endpoints
• Select Safe Hotspots
• Connect to the Cloud usinga Smart VPN
• Authenticate users and devices contextually
• Browse safely using WSS
• Connect to Corporate Apps securely using CASB
Skycure
Powered bySkycure
Skycure
Vision: Mobile Threat Defense for the Cloud Generation
Mobile Security Drives Unique Differentiation for Symantec’s Portfolio
CASB
33Copyright © 2017 Symantec Corporation
Symantec Email Security Solutions
MESSAGINGGATEWAY
ON-PREMISES APPLIANCE MULTI-TENANT CLOUD
Protect against spear phishing, ransomware, and BEC attacks
Quickly respond to targeted & advanced email attacks
Keep your emails secure and confidential
34Copyright © 2017 Symantec Corporation
Messaging Gateway Solution Overview
TARGETED ATTACK PROTECTION
MULTI-LAYER SPAM & MALWARE
FILTERINGRICH THREAT INTELLIGENCE
Strong protection against spear phishing , ransomware & BEC attacks
Provide detailed threat analysis & risk scoring to accelerate remediation
Block unwanted email & prevent delivery of email containing malicious links & attachments
POLICY-BASED DATA PROTECTION
& ENCRYPTION
Prevent leakage of sensitive company information
35Copyright © 2017 Symantec Corporation
How the solution works
Symantec Messaging Gateway
Advanced Threat Protection (Content & Malware Analysis)
36Copyright © 2017 Symantec Corporation
Overview of the Symantec Email Security SolutionMulti-Tenant, Cloud-Based Solution
Solution Overview
• Blocks targeted attacks, spear phishing, viruses & malware, spam, and bulk mail
• Controls sensitive data and helps meet compliance & privacy requirements
• Detects new and stealthy targeted & advanced attacks
• Provides deep visibility into targeted attacks and accelerates remediation
Inbound/Outbound
Third-party
Advanced Threat Protection
Anti-Spam
Anti-Malware
Data Protection
Image ControlFirewallUsers On-premise
Email Server
Cloud Email Server
Users
37Copyright © 2017 Symantec Corporation
Cloud-Based Protection with Intelligent Layered Security
Targeted Attack Protection
Multi-layered Spam & Malware Filtering
Symantec Global Intelligence
Flexible Policy-based Data
Protection and Encryption
38Copyright © 2017 Symantec Corporation
Outbound MailIncoming Mail
Delivered Mail
SMTP-layer spam and detection
Signature-based spam and threat scanning
Skeptic advanced heuristics
Real-Time Link Following
Cloud-Based Sandboxing
Click-Time Protection
PROTECTS AGAINST
• Malware
• Advanced threats
• Spear phishing
• Business email compromise
• Spam
• Bulk mail
Effectively stops new and emerging threats with multi-layered technologies and intelligence from one of the world’s largest GINs
Blocks stealthy threats with cloud-based sandboxing and deep, comprehensive visibility into targeted and advanced threats
Intelligent Layered SecurityMulti-Layered Defense Effectively Prevents Threats
39Copyright © 2017 Symantec Corporation
Secure Infrastruture with Critical System Protection (CSP)
ASSESS
Asset discovery and automate assessments, aggregate risk scores, prioritize remediation. Demonstrate regulatory & best practice compliance.
ORCHESTRATE
Automate orchestration of policies and settings across security products in response to the changing threat environment and enable business agility.
Combines threat and vulnerability intelligence with workload context to optimize security response.
PROTECT
Enable application-level security, allow workloads with varied trust levels to co-mingle securely, and adapt security settings to changes in threat and IT environment.
Minimize the performance and operational cost to my data center, while enhancing security responsiveness
40Copyright © 2017 Symantec Corporation
MANAGING DATA CENTER SECURITY - ANY FORM, ANYWHERE
ON-PREMISES PHYSICAL
ON-PREMISES VIRTUAL / PRIVATE CLOUD
PUBLIC CLOUD
Cloud-based management
console
SYSTEM HARDENING
DISCOVERY / ASSESSMENT
VULNERABILITY MANAGEMENT
THREAT PROTECTION
DATA LOSS PROTECTION
KEY MANAGEMENT
41Copyright © 2017 Symantec Corporation
The Mechanics of IT Risk & Compliance
MandatesSet of internal or external
requirements
StandardsThreats to the Info Sec assets of
the business that should be mitigated
PoliciesInternal objectives for securing
the Info Sec assets of the business
Controls Framework
Group of objectives and statements put in place and continuously assessed to:
- Mitigate risks
- Comply with mandates
- Meet policies
ChecksTechnical configurations or settings that can be assessed against standards
QuestionsAssessments to see if people understood and are following policies
3rd Party DataData from Info Sec systems across the enterprise showing controls efficacy
42Copyright © 2017 Symantec Corporation
Symantec CCS Delivers Continuous Assessments
42
CENTRAL MANAGEMENT & REPORTING
STANDARDS MANAGERSECURITY ASSESSMENT OF TECHNICAL CONTROLS
ASSESSMENT MANAGER
POLICY MANAGERVENDOR RISK
MANAGERRISK MANAGER
• Automate Security & Compliance Assessments
• Align IT Operations and Security• Continuous Assessments for Cyber
Security
VULNERABILITY MANAGERSCANNING OF IT ASSETS (NETWORK, APPLICATIONS, CLOUD, DEVICES)
Symantec Control Compliance Suite
• Discover rogue networks and assets • Automate assessment of security
configurations• Identify configuration drift and
misconfigured assets
43Copyright © 2017 Symantec Corporation
CCS-VM: Broad and deep capabilities
o Enterprise Vulnerability Managemento Large-scale, distributed assessment and remediation
o Centralized management, reporting and analytics
o Network Security Scanningo Internal network, web, database and virtual scanner
o Differentiator: Standalone or delivered as Symantec Network scan engine
o Cloud-Based Perimeter Scanningo External, cloud-based vulnerability assessments of
network and perimeter and public-facing web applications
o Web Application Scanningo Web application scanning for comprehensive assessments
of custom web applications
Network Security
Scanning
Enterprise Vulnerability
Management
Web Application
Scanning
Cloud-Based
Perimeter Scanning
Symantec CCS-VMVulnerability Management Solution
also available as stand alone solution
44Copyright © 2017 Symantec Corporation
Symantec – Integrated Cyber Defense Platform
Workloads (Cloud, on-prem)
Network Cloud Apps MailEndpoint /
MobileDevices &
SensorsICS Networking
SWGSSL VASA
CloudSOC SMGEmail.cloud
SEPSkycure*
CSPCCSDCS
Anomalydetection
CSP embeddedPKI
VIP – DLP – ATP – ICE – ICT – GIN – Fireglass*
ITOT
Products
Control PointsSymantec
45Copyright © 2017 Symantec Corporation
Symantec Embedded Security: Critical System Protection (SES:CSP)
45
A signatureless, policy-driven, host-based security agent – Define what is allowed/acceptable and permit that only
Built upon existing Symantec host protection technology –CSP/DCS Client Edition
In-built app whitelisting, granular app control, network protection, exploit protection, system control and intrusion detection capabilities
Ideally suited for Retail (ATM and PoS), Industrial Control Systems, Automotive, and Healthcare
46Copyright © 2017 Symantec Corporation
Symantec Anomaly Detection for ICS & Automotive
• Software solution typically deployed on off-the-shelf hardware at a SPAN port in each subnet
• Passively listens to network traffic
• Learns the baseline of activity for all assets across multiple dimensions• Network level traffic –Some examples are: message volume, message lengths, active nodes, transport protocols
• Communication channels – Some examples are: expected IP and MAC addresses, active ports, transition patterns
• Deep packet inspection – Some examples are: application layer protocols, function codes, payload value ranges, session ID’s.
• Once the system baseline is established, anomalous activity is flagged for investigation
46
47Copyright © 2017 Symantec Corporation
Symantec – Integrated Cyber Defense Platform
Workloads (Cloud, on-prem)
Network Cloud Apps MailEndpoint /
MobileDevices &
SensorsICS Networking
SWGSSL VASA
CloudSOC SMGEmail.cloud
SEPSkycure*
CSPCCSDCS
Anomalydetection
CSP embeddedPKI
VIP – DLP – ATP – ICE – ICT – GIN – Fireglass*
ITOT
Products
Control Points
48Copyright © 2017 Symantec Corporation
Content Analysis (CAS)
Symantec ATP Stack - security inspection
Hash Reputation
Dual AV
Predictive File Analysis
Passes acceptable files to user
Signatures evaluated for known bad
Analyzes code for malicious character
• Custom User WL/BL
• File Reputation
Broker to Sandbox
ICAP
API
File Extraction & Orchestration
Multiple Engines Identify & Prevent Entry of
Basic & Advanced Malware
Improve Detection, Reduce Sandbox Capacity Requirements
.JAR .EXEPROXY
Content Inspection & Orchestration
Drastically Reduced Incident Response Queue (Customer Results)
Web Threats
URL Category & Risk Score
Behavioral AnalysisSandbox
63MWeb requests
18KFiles
“detonated” (emulation)
12MFiles scanned
IncidentResponse
3Alerts
needing response
White ListHash Reputation
Dual AVMalware Signature
File AnalysisMalicious Character
Content Analysis - Dramatically Reduce Costs
50% Reduced Sandbox Cost
• Reduce sandbox capacity 75%• Dramatically fewer samples to process• Centralized architecture “pools” sandbox• Lower capital acquisition costs
90% Savings on Incident Response Costs
• 90%+ reduction in alerts• More efficient use of staff time
?
?
?
??
?
Content Analysis
?
??
51Copyright © 2017 Symantec Corporation
Symantec DLP: Data at rest and in motion
Locate where your sensitive information resides across your cloud, mobile, network, endpoint and storage systems
DiscoverUnderstand how your sensitive information is being used, including what data is being handled and by whom
MonitorStop sensitive information from being leaked or stolen by enforcing data loss policies and educating employees
Protect
Email – Endpoint – Network – Storage – Cloud
52Copyright © 2017 Symantec Corporation
Catch More Regulated Data & Intellectual PropertyWith the Most Advanced Detection Technologies
Described Content Matching
Exact Data Matching
Vector Machine Learning
Form Recognition
Indexed Document Matching
Described Data, Non-indexabledata, Lexicons, Data Identifiers
Structured Data, Credit card, Government IDs, Pricing
Unstructured Text, Designs, Source Code, Financials, Derivative match
Form Documents, Tax returns, insurance claim forms, Derivative match
Unstructured Data, Designs, Source Code, Financials, Derivative match
53Copyright © 2017 Symantec Corporation
Information Centric Tagging (ICT)
Enables employees to identify sensitive data as they create it and apply classification levels
Classify data upon creation
Expands DLP with User Driven Classification
54Copyright © 2017 Symantec Corporation
CONTENTBASED
CLASSIFICATION
DLP STORAGE
DLP ENDPOINT
DLP NETWORK
DLP CLOUD
1010110110101
USERBASED
CLASSIFICATION
EMAIL TAGGING
OFFICE/PDF DOC TAGGING
MOBILETAGGING
DLP TAGGING
Combining state of the art DLP technology with user-driven classification to identify and protect sensitive data
User Classification augment DLP
55Copyright © 2017 Symantec Corporation
Symantec Information Centric Encryption
• Encryption keeps your data safe from unwanted access wherever it resides.
• Encryption Follows Data
Public WiFi Home Office
Every Location
Mobile BYOD
Every Device
USBRegional
Office
On-Premise
Encryption
Documents
56Copyright © 2017 Symantec Corporation
What is included in ICE?
ICE Encryption Service
ICE Endpoint Utility
ICE Identity and Key service
ICE Management
Portal
• Automatically encrypts confidential data via Symantec CASB / DLP
• Decrypts files on PCs & Mac• Manages permissions on PCs & Mac• Downloaded from website (or pre-install by admin)• Embedded into VIP for mobile access (iOS)
• Identity service allows users to register & authenticate before decryption keys are made available
• Can be used with corporate credentials• Integrates with MFA solutions (e.g. VIP)
• Monitor data and user activity• Revoke files or identities if needed• Manage settings and configurations
1
2
3
4
57Copyright © 2017 Symantec Corporation
How it all works
VIP
DLP
ICEAUTHENTICATION
DATA CLASSIFICATION
ENCRYPTION
Vendors
Clients
Partners
Co-workers
• DLP decides what data to
protect and drives
encryption
• Multi-Factor Authentication (MFA) for decryption
• ICE Console for centrally revocable files Access
GrantedAccess Denied
RevokeFile
57
Centralized Management Console
CloudSO
C
CASB
58Copyright © 2017 Symantec Corporation
Symantec Identity Access Management (VIP)Identity and Access Control for the Entire User Base
Identity &Access Control
SSO
Access Manager
Internal Users(Employees)
External Users (Partners/Contractors)
Corporate Network Cloud Apps
PKI
Customers
RemoteWorkers• Two-Factor
Authentication (2FA)
• Single Sign On (SSO)
• For Enterprises, Consumers, & Cloud Apps
Symantec GTM
Dr. Michael Teschner
Juli 2017
Cross Selling & Up Selling existing Proxy Customers
1. Leverage Refresh Establish value, extend value - solidify refresh
Cross Sell (see #3)
2. Land a Cloud Footprint
Be prepared for ALL CLOUD, Shadow IT Analysis
Defend zScaler
3. Extend the Sale SecOps: SSLV, CAS, MAA, CASB
Network: SSLV, PacketShaper
Compliance/Risk: Shadow IT, DLP, CASB Audit
Use Proxy (CAS) to reduce Cost for SandboxingImprove detection, reduce sandbox capacity requirements
Pre-filter sandbox with content analysis
PROXYSG
CONTENTANALYSIS
61
• 4xbetter Detection with CAS• 4759 Files Tested• Convictions from 4 AV Vendors
50% Reduced Sandbox Cost
• Reduce sandbox capacity 75%• Dramatically fewer samples to process• Centralized architecture “pools” sandbox• Lower capital acquisition costs
90% Savings on Incident Response Costs
• 90%+ reduction in alerts• More efficient use of staff time
Microsoft Office 365
• Fifteen+ Microsoft applications in the cloud
• Largest cloud app in the world
• Massive impacts to Enterprise Security & IT Ops
Move Office Applications to the Cloud
Will MSFT detect all breaches and support incident investigation needs? 1
How can I secure data in case of breach or prevent accidental misuse? 2
Can I depend on MSFT to prevent advanced threats? How does O365 fit with my best ATP tools?
3
Are O365 DLP controls adequate to meet your GRC & data residency requirements?4
Can MSFT deliver acceptable performance?5
Do I manage disparate data security, threat protection and GRC tools for each sanctioned cloud application?
6
How do those tools fit with my existing Internet security infrastructure?7
Symantec Solutions for Office 365
DLP CloudDLP Enforce
External Mail
Strong Authentication with Single Sign On
Email Threat Protection and Encryption
Protect Confidential Data
Admins and Users
SAM VIP
Cloud SOC
Security & Compliance
Email security.cloud
Paket Shaper
Proxy
WSS
Access Management
Quality of Services
Symantec for Office 365 – and more …Making the Cloud safe for business
DataProtection & Compliance
Threat Protection
User Protection & Authentication
Sanctioned & Popular Cloud
MailProtection
Performance
EU General Data Protection Regulation (GDPR)
Copyright © 2017 Symantec Corporation
65
28 Interpretations of the Data Protection Directive
One Data Protection RegulationHarmonized across all EU member states
TODAY: 2018:
Right to be forgotten Parental Consent Data Protection Officer
Extra-territoriality of GDPR
Fines and penalties
Joint Liability of Controllers and Processors
Mandatory Breach Notification
Technology Considerations for the GDPR
66
Know your Personal data
Process Data Lawfully
Embed privacy
Protect Personal Data
PROTECT PERSONAL INFORMATION THROUGH ITS LIFECYCLE
Copyright © 2017 Symantec Corporation
What broad areas do I need to focus on for GDPR?
How do I manage and report on my information risk management practices?
What personal data is out there and where is it?
Who can access personal data and who has accessed it?
Can we control where data resides?
Can we control what personal data is accessible and who can access it?
Can we encrypt / obfuscate personal data?
Can we detect unauthorised access or breaches of personal data?
Can we quickly and thoroughly notify in the event of a breach?
How Symantec can assist with the GDPR ?
Copyright © 2017 Symantec Corporation
Risk ManagementCCSEPM
Information Centric Security
DLP / CASBVIP
Encryption CDP
Breach ResponseMSS / ATP
Incident ResponseSecurity Analytics
Copyright © 2017 Symantec Corporation
68
Source: RightScale 2017 State of the Cloud Report
AWS and Microsoft Azure – Top Enterprise Public Cloud Vendors
85% of
enterprises using multiple clouds
0%
20%
40%
60%
80%
100%
2015 2016 2017 2018 2019 2020
Public Cloud
Private Cloud
Traditional DC
USD $40B spent on public cloud infrastructure by 2020
Source: IDC Worldwide Quarterly Cloud IT Infrastructure Tracker, 2016 Q3
Worldwide Cloud IT Infrastructure Market Forecastby Deployment Type 2015-2020 (share based on Value)
Data Center Spend Shifting Towards Public Cloud14.2% long term CAGRfor off-premises cloud IT infrastructure spend
Copyright © 2017 Symantec Corporation
69
Auditing & Monitoring
Identity & Access Mgmt.
Data Security
Workload Protection
Hypervisor Security
Network & Data Center Security
Physical Security
IaaS PaaS SaaS
Cloud Services: “Shared Responsibility Model”
Copyright © 2017 Symantec Corporation
Customer‘s responsibilityCSP‘s (cloud service provider) responsibility
Auditing & Monitoring
Identity & Access Mgmt.
Data Security
Workload Protection
Hypervisor Security
Network & Data Center Security
Physical Security
IaaS PaaS SaaS
Cloud Services: “Shared Responsibility Model”
Copyright © 2017 Symantec Corporation
Customer‘s responsibilityCSP‘s (cloud service provider) responsibility
Cloud SOC
Symantec Solutions for Public Cloud
Auditing & Monitoring
Identity & Access Mgmt.
Data Security
Workload Protection
Hypervisor Security
Network & Data Center Security
Physical Security
Symantec Solutions for Amazon Web Services
Copyright © 2017 Symantec Corporation
Customer Responsibilities
Workload Protection Control Compliance Suite
Cloud SOC / CASB Protection Engine Cloud
SWG / WAFVIP
We generally differentiate between Industry and Consumer IoT, however, there are interdependencies between both sides (threat vectors, data correlation, etc.)
„Industrial IoT“ versus „Consumer IoT“
Symantec IoT & Industry 4.0 solutions
Copyright © 2017 Symantec Corporation74
IoT Platform(Big Data, device management, etc.)
AnalyticsCloud/Data Center
Devices and Sensors Hardware(Chipset, Firmware, RF, Physical Sensors)
Operating Systems
Embedded Software Guarantee only trusted software is launched
Harden the Operating System against malware and zero-day exploits
Proof the authenticity of the devices and protect the communication
Help to analyze what is happening, identify tendencies, take actions
Manage IoT Devices
CAN BusNetwork Detect anomalies and misbehavior in
industrial networks or CAN Buses
ICS Network
Managed PKI
Embedded CriticalSystems Protection
Anomaly Detection
Code Signing Service
Symantec CyberDefense Platform
(for more information visit: symantec.com/iot)
Backend Services(Oracle, SAP, ERP, etc.)
Traditional Cyber Security Controls
Thank you!
Copyright © 2017 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.