ISB13 Web security deployment options - which is really...
Transcript of ISB13 Web security deployment options - which is really...
1
ISB13 Web security deployment options - which is really best for you?
Duncan Mills, Piero DePaoli, Stuart Jones
Web Security Deployment Options
SYMANTEC VISION 2012 Web Security Deployment Options 2
The threat landscape 1
Why Symantec web security 2
Generic differences to consider when choosing a platform 3
Why there are functionality differences across platforms 4
Driving priorities to obtain feature parity where possible 5
SYMANTEC VISION 2012
Threat landscape continues to worsen
Web Security Deployment Options 3
Malware Attacks Rising
Targeted Attacks Expand
Mobile Threats
Expose All
Data Breaches
Rising
SYMANTEC VISION 2012
Web malware continues to rise
• Attack tool kits continue to flourish
• Increase efficacy of known vulnerabilities
Web Security Deployment Options 4
SYMANTEC VISION 2012
Most harmful websites by categories
Web Security Deployment Options 6
• Sites with poor security become easy targets for malware authors
• Some businesses understand customers will not visit sites that infect them
SYMANTEC VISION 2012
Social engineering is effective in social media
Web Security Deployment Options 7
• Users willing to help infect themselves
SYMANTEC VISION 2012
Symantec is #1 Leader in Security Software
Based on 2011 Gartner Estimate of Worldwide, Revenue Market Share
Market Share Analysis: : Security Software, Worldwide, 2011, April 12, 2012, Ruggero Contu, Matthew Cheung, Gartner
Web Security Deployment Options 8
SYMANTEC VISION 2012
Symantec Global Intelligence Network Turning intelligence into protection
Global Intelligence
Network
Strongest Web Protection
4
• Insight protects against new, mutated, & targeted malware
• Insight is powered by 210M users, 3.1B files
• Botnet and infected client protection
• Block connections to Malicious IPs & URLs
Advanced Malware Detection
2
• Malware intelligence from > 130M systems
• Heuristics examine file attributes and vulnerability exploit attempts
• Blocks new and unknown threats
Power of the Cloud
1
• Real-time analysis of spam and malware traffic in the cloud with Skeptic
• Drives enhanced heuristic and signatures
• Drives global intelligence across products
• > 99.85% effectiveness
• < 1 in a million false positives
• 400 million IPs - known spam and safe senders
• Stop marketing email
• Machine learning & URL intelligence prevent phishing
Strongest Email Security
3
9 9 Web Security Deployment Options
SYMANTEC VISION 2012
Symantec Global Intelligence Network Turning intelligence into protection
Web Security Deployment Options 10
Source: IDC, Worldwide and U.S. Security Service Threat Intelligence 2011-2014 Forecast: Out of the Basement and into the Clouds.
SYMANTEC VISION 2012
Many of the differences between cloud-based and on-premises web security platforms are generic and not vendor specific
Web Security Deployment Options 11
SYMANTEC VISION 2012
Map your business requirements to your web security deployment platform
Web Security Deployment Options 12
Areas of consideration when choosing a web security deployment platform
Flexibility and total cost of ownership
Current and future IT
environment
Security and regulatory
requirements
Key functionality
SYMANTEC VISION 2012
Map your business requirements to your web security deployment platform
Flexibility and total cost of ownership
Web Security Deployment Options 13
Organisation Requirement Hardware appliance
Virtual appliance
Cloud SaaS
Capital or operational expenditure Capex Both Opex
Predictable per-user costs
Easily scales to accommodate additional load
Fast implementation
Easy to maintain
Free up staff to focus on core business activities
Minimal additional cost of HA and DR
SYMANTEC VISION 2012
Map your business requirements to your web security deployment platform
IT environment
Web Security Deployment Options 14
Organisation Requirement Hardware appliance
Virtual appliance
Cloud SaaS
Reduce organisation’s data centre costs
Distributed network with lots of branch offices
Protect and enforce web AUP on roaming users
Increase ROI of existing virtual infrastructure N/A N/A
SYMANTEC VISION 2012
Map your business requirements to your web security deployment platform
Security and regulatory
Web Security Deployment Options 15
Organisation Requirement Hardware appliance
Virtual appliance
Cloud SaaS
Quickly address all privacy concerns
All data must be stored in a specified country
Guarantee the security posture of the platform
Enforce DLP policy before data leaves the network
Service level agreements N/A N/A
Provider has local legal jurisdiction N/A N/A
SYMANTEC VISION 2012
Products evolve to meet customer requirements
Web Security Deployment Options 16
SYMANTEC VISION 2012
Messaging Gateway Hardware or virtual
Broad messaging & web portfolio
Internet
SMTP, HTTP
Mail Security for Groupware
PGP Universal Gateway Email
17 Web Security Deployment Options
Content Encryption
Email AntiSpam .cloud Email AntiVirus .cloud Email Image Control .cloud Email Content Control .cloud Email Boundary Encryption .cloud Policy Based Encryption .cloud Web Security .cloud Instant Messaging Security .cloud
SMTP
Web Gateway Hardware or virtual
HTTP / HTTPS and all other ports and protocols
Data Loss Prevention
SYMANTEC VISION 2012
Map your business requirements to your web security deployment platform
Functionality
Web Security Deployment Options 18
Symantec Web Gateway .cloud web security
Application control Common management platform for email and web
Flexible deployment options Client to support roaming users
Monitors the network for infections
Scan and enforce policy on HTTPS
Data loss prevention
SYMANTEC VISION 2012
Client Web
Symantec Web Gateway Appliance or VM
Botnet Detection
Infected Client Detection
Application Control
Malware Content Scanning
URL Content Filtering
Domain and IP Reputation
Insight File Reputation
Symantec DLP Network Prevent for Web
Web Gateway is more than URL filtering
19
HTTP
HTTPS
Web Security Deployment Options
SYMANTEC VISION 2012
Web Gateway can be deployed standalone or to complement existing URL filters
20 Web Security Deployment Options
Inline
(Monitoring or Blocking)
Port Span/Tap
(Monitoring or Blocking)
SYMANTEC VISION 2012
Cloud-based web security presents some unique challenges that Symantec manages for our customers
A summer of sports in the UK – does it matter to me?
Web Security Deployment Options 21
• 2012 Olympics
• 2012 Paralympics
• The Open 2012
• Wimbledon
SYMANTEC VISION 2012
Summer of sports – managing demand for online coverage
Web Security Deployment Options 22
Olympics
27 Jul – 12 Aug
Wimbledon
25 Jun – 8 Jul
Euro 2012
8 Jun – 1 Jul
Actions taken:
• Architecture hardened
• Additional capacity now on-line
• E-Level discussions with peering and technology partners
• Cross functional team in place to manage potential incidents
• “every sport from every location...” – BBC Olympic Vision
• Predicted 2,500 hrs of online viewing
• 1,000 hrs of online exclusive footage (footage that will not be broadcast anywhere but online)
• UK Government advising of possible internet caps & general disruption
SYMANTEC VISION 2012
Development themes drive feature parity between .cloud and on-premises products
Web Security Deployment Options 23
•Attack toolkits continue to exploit existing vulnerabilities
•Web is a major attack vector – 4595 blocked per day in 2011
•Compromised PCs – 3m bot zombies monitored in 2011 Protection
•Web is a major vector for data loss
•Only 10% of organizations address outbound threats from well-meaning or malicious insiders
Control
•Visibility and control of the operating environment, configuration and reporting
•Compatibility with hardware/software components, network protocols, external product integrations, etc
Management & Platform
SYMANTEC VISION 2012
Recent enhancements were driven by customer requirements and feature parity
Web Security Deployment Options 24
SYMANTEC VISION 2012
Recent enhancements address customer requirements and drive feature parity
Web Security Deployment Options 25
Protection
Symantec Web Gateway Web Security .cloud
Insight file reputation Future
SSL decryption Future
SYMANTEC VISION 2012
Symantec Insight
• Leverages anonymous telemetry data from 210M+ machines to construct a massive nexus of files, machines and domains
• Tracks nearly every binary in the world
– 3.1 billion files, adding 37 million every week
– Uses age, prevalence, source and other attributes to assign a reputation rating to files
• Can accurately identify and block threats even if just a single Symantec user encounters them
26
Proactive Protection from New, Targeted Threats
Bad Safety Rating
File is blocked
Good Safety Rating
File is whitelisted
No Safety Rating Yet Can be blocked
Web Security Deployment Options
SYMANTEC VISION 2012
Recent enhancements address customer requirements and drive feature parity
Web Security Deployment Options 27
Control
Symantec Web Gateway Web Security .cloud
Enterprise DLP integration Future native DLP
Rulespace web categorisation Available already
Added uncategorised site feedback
Application control enhancements N/A
SYMANTEC VISION 2012
Web Gateway and data loss prevention
• Challenge:
– Customers want to enforce DLP policies over Web traffic
– Web traffic can be SSL encrypted
– Customers want a robust solution from a single vendor
• Solution:
– Connect SWG + DLP Network Prevent for
Web
– Utilize SWG to decrypt SSL traffic and
pass content to DLP
– SWG blocks/modifies content based upon
DLP policies
28 Web Security Deployment Options
SYMANTEC VISION 2012
Application control and file leakage
• Inspects all internet bound traffic for popular web applications
– Signature Based
– Not reliant on ports
• Supports over 100 Applications and Protocols
– IM, P2P, DB Apps, Remote Access, VoIP, etc…
– File transfer protocols, email protocols, network protocols, etc.
• Monitor / Control Application Usage
• Focus on Public IM Safety
– Antivirus scan on files transferred
– Can Allow Chat / Prevent Downloads
• File Leakage
– Control File Uploads/Downloads
– Monitor File Names
29 Web Security Deployment Options
SYMANTEC VISION 2012
Recent enhancements address customer requirements and drive feature parity
Web Security Deployment Options 30
Management and platform
Symantec Web Gateway Web Security .cloud
Virtual appliance deployment N/A
Proxy deployment and caching N/A
N/A Regional geo location for Smartconnect
N/A Efficiency improvements to Client Site Proxy
SYMANTEC VISION 2012
Web Gateway virtual edition for easy deployment
• Easy to trial
• Costs less
– no additional hardware required
• Personalised deployment
– mix of virtual and physical to suit your IT infrastructure
• Quickly respond to increase in Web traffic
– dynamic capacity allocation
Web Security Deployment Options 31
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Physical
Virtual
Deployment Types (Feb 2012)
SYMANTEC VISION 2012
Future priorities driven by customer requirements and feature parity
Disclaimer
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.
32 Web Security Deployment Options
SYMANTEC VISION 2012
Development themes drive feature parity between .cloud and on-premises products
Web Security Deployment Options 33
Protection
Control
Management & Platform
Symantec Web Gateway Web Security .cloud
Available already HTTPS decryption
Available already Data loss prevention
N/A Additional capacity
SYMANTEC VISION 2012
Web Security.cloud – data loss prevention
• New DLP Add-on
– Pre-canned policies, leveraging Symantec DLP definitions
– Key resources shared between web and email offerings
– Create policies in test-mode prior to going live - TBC
– Reporting on matched content with surrounding content
– Enhanced granular policy configuration
Web Security Deployment Options
34
SYMANTEC VISION 2012
Things to consider when choosing the right deployment platform for web security
Web Security Deployment Options 35
TCO
Flexibility
•Opex or capex and budget constraints
•Resources to maintain and manage on-premises products
•Amount of change is happening within your organisation
Environment
• Investment in virtualisation
•Numbers of Internet connections and branch offices
•Roaming users support
Security
Regulatory
•Regulatory compliance
• Importance of SLAs
Functionality
•Choice of form factor – map to your requirements
•Assess individual products to determine which meets your needs
SYMANTEC VISION 2012
Other sessions of interest
36
• ISB09 (114, tomorrow 9:00)
– SONAR, Insight, Skeptic and GIN - The Symantec secret sauce
• ISB14 (This room, next session)
– Are You Getting the Most From Symantec Protection Suite?
• ISB11 (114, tomorrow 11:45)
– Demo: integrating Symantec products to get the ultimate protection
• ISB07 (114, tomorrow 13:45)
– The roadmap for Symantec infrastructure protection products
Web Security Deployment Options
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Web Security Deployment Options 37