Symantec Cyber Security Solutions | MSS and Advanced Threat Protection

Cyber Security Solutions

Created by:Vince Hill, Sr. Principal Systems Engineer, Symantec

http://www.nasdaqomx.com/

Cyber Security Services Offerings

2

Security Intelligence

Advanced Threat Protection

Managed Security Services (MSS)

Incident Response

Security Simulation

Security Need Cyber Security Group Offering

Track & Analyze Key Events & Trends

Security intelligence collection, analysis and sharing through customer portals, data feeds, multi-level briefs and security intelligence services

Protect Against Threats & Campaigns

Comprehensive 24x7 security monitoring and log management to provide enterprise with 360 view of exposures, incidents and threats.

Protect Against Targeted Attacks

Advanced Threat Protection solution that enables intelligent response to advanced threats across the enterprise

Respond Quickly & Effectively

Advanced Incident Response & Forensics support that provide immediate access to critical capabilities, knowledge and skill sets

Demonstrate Value & Security Spend

Security Simulation Platform that delivers expertise, skill set development and cyber readiness through customized Live Fire Exercises

2 Symantec Cyber Security Services

3 Symantec Managed Security Services

Managed Security Services Monitoring & Analysis

Why Symantec

12+ years experience delivering MSS services

MSS Gartner Magic Quadrant Leader for 11 years

Scalable - Analyzing over 21 billion logs daily providing

global threat intelligence. Escalate over 280 severe

security incidents daily.

Security Professionals – MSS SOC Analysts are 100%

GCIA Certified (GIAC Certified Intrusion Analysts)

300 SOC Ops, 200 Intel, 500 Threat Response

Global Presence and Delivery - 5 SOCs worldwide

Industry Leading SLAs - 10 Minute Notification

Stability - Financial Stability and Global Perspective from

the world’s largest provider of security solutions

Serving over 1000 Major Corporations

60% of the Global 10 and 44% of the Global 100


IDP MANAGEMENT SERVICES MONITORING SERVICES

Defining Terms

5

Fault Management: • Monitor devices for fault, performance

and availability monitoring • Restore service availability • Identify and eliminate root cause of faults

and outages

Change Management: • Routine and Emergency changes to

business critical security devices. • Performance based SLA for changes • Secure in-band & out-of-band

management • Configuration backup (for quick rebuilds)

Release/Lifecycle Management: • Routine Product Updates • Emergency Patches

Incident Analysis: • Analyze security data to detect and respond to

signs of malicious activity • Perform data aggregation, normalization, data

mining and correlation • Validate, and Assess impact of Incident to

Enterprise.

Incident Escalation: • Escalate actionable incidents • Industry leading escalation SLA • Flexible escalation procedures to fit with

Enterprise requirements

Rapid Response to Outbreaks: • Update processes, technology and expertise

to emerging threats and trends. • Provide early warning to client of emerging

threats.

Symantec Managed Security Services

Driving Actionable Results

Symantec MSS

• Network

• Server

• Endpoint

• Data

• Compliance

Restriction

• Organization

• Asset Value

• Vulnerability

Data

•Threats

• Vulnerabilities

• Malcode

• IP/URL

Reputation


Information Protection Preemptive Security Alerts Threat Triggered Actions

Global Scope and Scale Worldwide Coverage 24x7 Event Logging

Rapid Detection

Attack Activity • 64.7 Million sensors

• 190+ countries

Malware Intelligence • 180M+ client, server,

gateways monitored

• Global coverage

Vulnerabilities • 70,000 vulnerabilities

• 15,000 vendors

• 105,000 technologies

Fraud • 5M decoy accounts

• 8B+ email messages/day

• 1B+ web requests/day

Austin, TX Mountain View, CA

Culver City, CA

San Francisco, CA

Taipei, Taiwan

Tokyo, Japan

Dublin, Ireland Calgary, Alberta

Chengdu, China

Chennai, India

Pune, India

7

Sydney,

Australia

Herndon, VA

Reading, UK

7

Global Intelligence Network Identifies more threats, takes action faster & prevents impact


Coverage

• Industry leading device coverage

• Covering the Edge-to-Endpoint

Diversity

• Heterogeneous support

• All major security and non-security vendors supported

Capabilities

• Converge multi vendor functionality in a 1+1=3 methodology

Signature-Based NIDS Monitoring

NIDS

Monitoring

with Global

Intelligence

Firewall Log

Association

Firewall Analysis:

Scan Detection

Firewall Analysis: Anomaly Detection Firewall Analysis: Backdoor Detection

Host IDS/IPS Alerts

Firewall Analysis:

Botnet C&C Detection

Firewall Analysis:

IP Watchlist Detection

Web Proxy

Analysis

Web

Application

Firewall Alerts

OS and Application

Logs Analysis

Endpoint Protection Alerts

8

The Keys to Successful Security Monitoring: 360°Edge to Endpoint Visibility


9

The Keys to Successful Security Monitoring: Business Context


• Organizational Hierarchy

• Vulnerability Data

• Asset Data

• Regular Customer Engagement

10

Collection & Analysis Architecture


Customer Premise

Symantec SOC Log

Collection Agent

Security Analysts

Customer Portal

DeepSight Global Threat Intelligence

Data Warehouse

Correlation

Advanced Threat Detection & Active Response


Cyber Security Services Overview of Advanced Threat Protection

TODAY Manual correlation and remediation

In 2015 Automated correlation and remediation

Automatically analyzes endpoints to: • determine whether malware is known & SEP has blocked; • verify whether endpoints are compromised; • Understand if / where infection has spread • Identifies the malware and blocks IP address

Initiates endpoint actions (clean, block, quarantine, gather forensics, …)

Network Security detects suspected Malware and alerts Symantec Advanced Threat Protection

Network Security detects suspected Malware

Determines whether malware is known and the Endpoint has blocked it; verifies whether endpoints are compromised; understands if / where infection has spread

Initiates endpoint actions (clean, block, quarantine, gather forensics, …)

Launches corrective actions

Symantec Endpoint Protection Manager Symantec Advanced Threat Protection

Network Security Group Symantec Endpoint Protection Manager

Endpoint Security Group

12 12 Symantec Managed Security Services

Advanced Threat Protection Alliance

13

Network Security

NGFW + Wildfire

Web MPS

Network IPS + AMP

Threat Emulation/Cloud

Endpoint Security

Version 12.1 (RU4 or above preferred)


Managed Security Services: Advanced Threat Protection

14

Network Security

Endpoint Security

Security Intelligence

Threat Experts

Automated Triage Workflows

Rapid Response | Operational Efficiency | Attack Visibility

Integration


Symantec Key Differentiators

• Global Insight

– Feeds all analysis

– Integration with SEP

– Rapid response to emerging threats

• End to End Visibility

– Pinpoint incident alerts

– Detect more activity

– Fewer false positives

– Resilient monitoring strategy

• Organizational Awareness

– Gets the right alerts to the right people

– Supports compliance reporting initiatives

– Named Customer Service Manager

• Scalable Service

– Analyze > 21+ billion logs and alerts daily

– Global Corporations including 44% of the Global 100

– Gartner MQ for 11 years

• Security DNA

– 100% GIAC Certification for Analysts

– MSS Delivery Team >300 experts

– 500+ security experts in STAR team

– 12+ years delivering MSS services

• Global Presence and Delivery

– 5 SOCs worldwide

• Industry-Leading SLA

– 10 minute notification of severe security incidents


Symantec Cyber Security Solutions | MSS and Advanced Threat Protection

Technology

Transcript of Symantec Cyber Security Solutions | MSS and Advanced Threat Protection