Symantec Event Template - VOXvox.veritas.com/legacyfs/online/veritasdata/LONDON VIS Tom...
Transcript of Symantec Event Template - VOXvox.veritas.com/legacyfs/online/veritasdata/LONDON VIS Tom...
#SymVisionEmea
#SymVisionEmea
Managed Security Services – Advanced Threat Protection (MSS-ATP) 2
Integrating MSS, SEP and NGFW to catch targeted APTs
Tom Davison – Information Security Practice Manager, UK&I
Antonio Forzieri – EMEA Solution Lead, Cyber Security
SYMANTEC VISION SYMPOSIUM 2014
“NATIONAL CYBER STRATEGIES & DATA PROTECTION LEGISLATION ARE GAINING SPEED”
Information security to cyber security
“DETECTION , PRIORITISATION & RESPONSE IS CHALLENGING”
“CYBER IS MOVING UP THE BUSINESS RISK REGISTER”
“WE EXIST IN A HYPER CONNECTED AND COMPLEX WORLD”
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014 4
+91%
Increase in targeted attack campaigns
2012
2013
Targeted attacks just getting worse!
Managed Security Services – Advanced Threat Protection (MSS-ATP)
Source: Symantec Internet Security Threat Report 2014 Volume 19
SYMANTEC VISION SYMPOSIUM 2014
Realization
Customer Needs Shift
Breach is Inevitable
Data & Process & People
Stopping Incoming Attacks
Finding Incidents
Containing & Remediating
Problems
Restoring Operations
Prepare Protect Detect Respond Recover
Protection Only Protection + Detection
& Response
5
Rapid detection & response – a significant challenge!
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
Solving the challenges: Advanced Threat Protection Focused on solving customer problems
6
Tell me about them faster & better than anyone else, across all ports and protocols,
whether blocked or detected
Tell me what it means to me: details on why it is malicious, what it did, how it got
in, what I can do about it, what it means in a global context
Don’t show me 100s of 1000s of events in a big list - Prioritize your detections so I can
maximize my time
Help me Protect, Detect and Respond
Incident Responder & Security Operations
Protection only
Managed Security Services – Advanced Threat Protection (MSS-ATP) 6
SYMANTEC VISION SYMPOSIUM 2014 Managed Security Services (MSS-ATP) 7
Security evolving in response
SYMANTEC VISION SYMPOSIUM 2014
Traditional UTM or ISA Next Gen FW STAP
Determine who can talk to who, but they can’t hear what’s being said.
• Port & protocol based
• IP-based detection
• Some IPS capabilities
Limited to catching what’s known
• Signature-based IPS & AV
• URL filtering
• Application control
Analyzes files to detect unknown & zero-day malware
• Virtual Execution
• Sandboxing
• File hash lookups
8 Managed Security Services – Advanced Threat Protection (MSS-ATP)
Evolution of network security technologies
SYMANTEC VISION SYMPOSIUM 2014
Symantec offers great proactive protection today
Endpoint Protection
Web Security Email Security
Managed Security Services – Advanced Threat Protection (MSS-ATP) 9
Insight
• File reputation • World’s largest
with intelligence on over 8 billion
SONAR SkepticTM Disarm
• Behavioral analysis
• Analyzes over 1400 behaviors
• Advanced spear phishing heuristics
• 100% unknown virus SLA
• Spear phishing attachment sanitization
• 95% + effectiveness
IPS
• Prevents exploits • Blocks command
and control communication
Symantec Global Intelligence Network
Real Time Link Following
• Real time blocking
• Follows URL to true destination with Skeptic malware analysis
Intelligence Sharing
SYMANTEC VISION SYMPOSIUM 2014
Manual correlation & remediation
Network Security technology detects suspected Malware
• Determines whether malware is known and if endpoint has blocked it
• Verifies whether endpoints are compromised
• Determines if / where infection has spread
Initiates endpoint actions (clean, block, quarantine, gather forensics, …)
Launches corrective actions
Network Security Group
Endpoint Protection Manager
Endpoint Security Group
TODAY
NetSec VX
10
Evolution in network and endpoint still doesn’t answer all Q’s
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014 Managed Security Services – Advanced Threat Protection (MSS-ATP) 11
Introducing… Managed Security Services – Advanced Threat Protection
SYMANTEC VISION SYMPOSIUM 2014
Network Security
Endpoint Security
Security Intelligence
Threat Experts
Automated Triage Workflows
Rapid Response | Operational Efficiency | Attack Visibility
Integration
12
Managed Security Services – Advanced Threat Protection (ATP)
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
Customer Premise
Symantec SOC
Log Collection Platform
Security Analysts
Customer Portal
DeepSight Global Threat Intelligence
Data Warehouse
13
Symantec MSS IS big data security analytics
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
2B+ events logged daily Over 100,000 security
alerts generated annually
200,000 daily code
submissions
7 Billion • File, URL & IP Classifications
• Capturing previously unseen threats & attack methods
1 Billion+ • Devices Protected • More visibility across devices creates better context and deeper insight
2.5 Trillion • Rows of Security Telemetry
• Putting “big data” analytics to work for every end user
Monitors Threats
in 157+ countries
14 Data Centers
World Wide 550 Threat
Researchers
14
Symantec IS security intelligence
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
GameOver Zeus Cryptolocker
Recent news: Symantec fighting advanced cyber threats
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
Symantec Endpoint Protection
Network-based Adv. Threat Detection
MSS Advanced Threat Protection
16
Efficient detection and response should be be integrated…
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
• Wildfire
• Threat Emulation
• Advanced Malware Protection (AMP)
17
Advanced Threat Protection Alliance
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
Network
Adv. Threat
Detection
Symantec Endpoint
Protection
18
Symantec Managed
Security Services
Virt Exec
Symantec Global
Intelligence Network
Effective Detection of Advanced Threats
Only Critical Threats Prioitised
Efficiency Savings for Customers
Outcome: Protected
INCIDENT
GIN & Insight file reputational database adds global threat intelligence and context to detected threats
What does MSS-ATP actually do?
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
• Targeted attacks use custom malware that can evade traditional defense technologies
• These custom malware files have never been seen before, and only appear in the targeted attack
• Insight can effectively detect these unknown or custom malware files without risk of false positives
Bad Reputation Good Reputation Never before seen
File A File B File C
19
Insight detects targeted attacks Leverages file reputation to detect unknown files
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
Sources
Potential Threat List
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malware Download, Endpoint Protected
SEP Correlation File Reputation & MSS
Network
FILE A
FILE B
Potential Threat List
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Potential Threat List
Malicious File Downloaded
Malicious File Downloaded
Malicious File Downloaded
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
Malware Download, Endpoint Protected
20
Increased efficiency of threat investigations
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014 Managed Security Services – Advanced Threat Protection (MSS-ATP) 21
Demo… Managed Security Services – Advanced Threat Protection
SYMANTEC VISION SYMPOSIUM 2014
Network
Adv. Threat
Detection
Symantec Endpoint
Protection
Symantec Managed
Security Services
Virt Exec
Symantec Global
Intelligence Network
• File Reputation
• Origin Intelligence
• Threat behaviour (VX) • Threat info (multi-source)
Outcome: Not Protected
• Mitigation guidance
INCIDENT
• Fingerprint
Billions of files (20 million new each week)
150 million endpoints
240,000 sensors across 200 countries
Adversary & Threat Intelligence
RESPONSE
• Malware clean
• Network containment
• Search for file hash • Search for IOCs
• Increased security policy based on specific IP/app/user
• Quarantine endpoint OUTCOME
Outcome: Protected
Release 2 (Early CY2015)
22
Managed Security Services - Response
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
Unified security next steps Leveraging our intelligence
23
Managed Security Services ATP
Correlates endpoint data with events from 3rd-party network security vendors, to discover
suspicious activity
Symantec Gateway Security: Threat Defense
Provides a prioritized list of suspicious activity
discovered at the gateway
Symantec SEP & Email Security.cloud: ATP
Provides analysis of targeted attack activity
observed in email
Symantec Incident Response
Expert help to deal with a cyber incident
SYMANTEC VISION SYMPOSIUM 2014
Network Security
Endpoint Security
Security Intelligence
Threat Experts
Automated Triage Workflows
Rapid Response | Operational Efficiency | Attack Visibility
Integration
24
Managed Security Services – Advanced Threat Protection (ATP)
Managed Security Services – Advanced Threat Protection (MSS-ATP)
SYMANTEC VISION SYMPOSIUM 2014
• MSS Client? Reach out to your MSS Service Manager
• Symantec SEP customer? Reach out to your local rep
• go.symantec.com/mss
• Follow us on twitter @SymantecMSS
25
How to get more information
MSS – Advanced Threat Protection
Symantec Global Intelligence Network
Endpoint Protection
Partner Network Security Gateways
Managed Security Services – Advanced Threat Protection (MSS-ATP)
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
#SymVisionEmea
Managed Security Services – Advanced Threat Protection (MSS-ATP) 26
Tom Davison Antonio Forzieri