Symantec Event Template - VOXvox.veritas.com/legacyfs/online/veritasdata/LONDON VIS Tom...

#SymVisionEmea

#SymVisionEmea

Managed Security Services – Advanced Threat Protection (MSS-ATP) 2

Integrating MSS, SEP and NGFW to catch targeted APTs

Tom Davison – Information Security Practice Manager, UK&I

Antonio Forzieri – EMEA Solution Lead, Cyber Security

SYMANTEC VISION SYMPOSIUM 2014

“NATIONAL CYBER STRATEGIES & DATA PROTECTION LEGISLATION ARE GAINING SPEED”

Information security to cyber security

“DETECTION , PRIORITISATION & RESPONSE IS CHALLENGING”

“CYBER IS MOVING UP THE BUSINESS RISK REGISTER”

“WE EXIST IN A HYPER CONNECTED AND COMPLEX WORLD”

Managed Security Services – Advanced Threat Protection (MSS-ATP)

SYMANTEC VISION SYMPOSIUM 2014 4

+91%

Increase in targeted attack campaigns

2012

2013

Targeted attacks just getting worse!


Source: Symantec Internet Security Threat Report 2014 Volume 19


Realization

Customer Needs Shift

Breach is Inevitable

Data & Process & People

Stopping Incoming Attacks

Finding Incidents

Containing & Remediating

Problems

Restoring Operations

Prepare Protect Detect Respond Recover

Protection Only Protection + Detection

& Response

5

Rapid detection & response – a significant challenge!



Solving the challenges: Advanced Threat Protection Focused on solving customer problems

6

Tell me about them faster & better than anyone else, across all ports and protocols,

whether blocked or detected

Tell me what it means to me: details on why it is malicious, what it did, how it got

in, what I can do about it, what it means in a global context

Don’t show me 100s of 1000s of events in a big list - Prioritize your detections so I can

maximize my time

Help me Protect, Detect and Respond

Incident Responder & Security Operations

Protection only


SYMANTEC VISION SYMPOSIUM 2014 Managed Security Services (MSS-ATP) 7

Security evolving in response


Traditional UTM or ISA Next Gen FW STAP

Determine who can talk to who, but they can’t hear what’s being said.

• Port & protocol based

• IP-based detection

• Some IPS capabilities

Limited to catching what’s known

• Signature-based IPS & AV

• URL filtering

• Application control

Analyzes files to detect unknown & zero-day malware

• Virtual Execution

• Sandboxing

• File hash lookups

8 Managed Security Services – Advanced Threat Protection (MSS-ATP)

Evolution of network security technologies


Symantec offers great proactive protection today

Endpoint Protection

Web Security Email Security


Insight

• File reputation • World’s largest

with intelligence on over 8 billion

SONAR SkepticTM Disarm

• Behavioral analysis

• Analyzes over 1400 behaviors

• Advanced spear phishing heuristics

• 100% unknown virus SLA

• Spear phishing attachment sanitization

• 95% + effectiveness

IPS

• Prevents exploits • Blocks command

and control communication

Symantec Global Intelligence Network

Real Time Link Following

• Real time blocking

• Follows URL to true destination with Skeptic malware analysis

Intelligence Sharing


Manual correlation & remediation

Network Security technology detects suspected Malware

• Determines whether malware is known and if endpoint has blocked it

• Verifies whether endpoints are compromised

• Determines if / where infection has spread

Initiates endpoint actions (clean, block, quarantine, gather forensics, …)

Launches corrective actions

Network Security Group

Endpoint Protection Manager

Endpoint Security Group

TODAY

NetSec VX

10

Evolution in network and endpoint still doesn’t answer all Q’s


SYMANTEC VISION SYMPOSIUM 2014 Managed Security Services – Advanced Threat Protection (MSS-ATP) 11

Introducing… Managed Security Services – Advanced Threat Protection


Network Security

Endpoint Security

Security Intelligence

Threat Experts

Automated Triage Workflows

Rapid Response | Operational Efficiency | Attack Visibility

Integration

12

Managed Security Services – Advanced Threat Protection (ATP)



Customer Premise

Symantec SOC

Log Collection Platform

Security Analysts

Customer Portal

DeepSight Global Threat Intelligence

Data Warehouse

13

Symantec MSS IS big data security analytics



2B+ events logged daily Over 100,000 security

alerts generated annually

200,000 daily code

submissions

7 Billion • File, URL & IP Classifications

• Capturing previously unseen threats & attack methods

1 Billion+ • Devices Protected • More visibility across devices creates better context and deeper insight

2.5 Trillion • Rows of Security Telemetry

• Putting “big data” analytics to work for every end user

Monitors Threats

in 157+ countries

14 Data Centers

World Wide 550 Threat

Researchers

14

Symantec IS security intelligence



GameOver Zeus Cryptolocker

Recent news: Symantec fighting advanced cyber threats



Symantec Endpoint Protection

Network-based Adv. Threat Detection

MSS Advanced Threat Protection

16

Efficient detection and response should be be integrated…



• Wildfire

• Threat Emulation

• Advanced Malware Protection (AMP)

17

Advanced Threat Protection Alliance



Network

Adv. Threat

Detection

Symantec Endpoint

Protection

18

Symantec Managed

Security Services

Virt Exec

Symantec Global

Intelligence Network

Effective Detection of Advanced Threats

Only Critical Threats Prioitised

Efficiency Savings for Customers

Outcome: Protected

INCIDENT

GIN & Insight file reputational database adds global threat intelligence and context to detected threats

What does MSS-ATP actually do?



• Targeted attacks use custom malware that can evade traditional defense technologies

• These custom malware files have never been seen before, and only appear in the targeted attack

• Insight can effectively detect these unknown or custom malware files without risk of false positives

Bad Reputation Good Reputation Never before seen

File A File B File C

19

Insight detects targeted attacks Leverages file reputation to detect unknown files



Sources

Potential Threat List

Malicious File Downloaded






















Malware Download, Endpoint Protected

SEP Correlation File Reputation & MSS

Network

FILE A

FILE B

















































20

Increased efficiency of threat investigations


SYMANTEC VISION SYMPOSIUM 2014 Managed Security Services – Advanced Threat Protection (MSS-ATP) 21

Demo… Managed Security Services – Advanced Threat Protection


Network

Adv. Threat

Detection

Symantec Endpoint

Protection

Symantec Managed

Security Services

Virt Exec

Symantec Global

Intelligence Network

• File Reputation

• Origin Intelligence

• Threat behaviour (VX) • Threat info (multi-source)

Outcome: Not Protected

• Mitigation guidance

INCIDENT

• Fingerprint

Billions of files (20 million new each week)

150 million endpoints

240,000 sensors across 200 countries

Adversary & Threat Intelligence

RESPONSE

• Malware clean

• Network containment

• Search for file hash • Search for IOCs

• Increased security policy based on specific IP/app/user

• Quarantine endpoint OUTCOME

Outcome: Protected

Release 2 (Early CY2015)

22

Managed Security Services - Response



Unified security next steps Leveraging our intelligence

23

Managed Security Services ATP

Correlates endpoint data with events from 3rd-party network security vendors, to discover

suspicious activity

Symantec Gateway Security: Threat Defense

Provides a prioritized list of suspicious activity

discovered at the gateway

Symantec SEP & Email Security.cloud: ATP

Provides analysis of targeted attack activity

observed in email

Symantec Incident Response

Expert help to deal with a cyber incident


Network Security

Endpoint Security

Security Intelligence

Threat Experts

Automated Triage Workflows

Rapid Response | Operational Efficiency | Attack Visibility

Integration

24

Managed Security Services – Advanced Threat Protection (ATP)



• MSS Client? Reach out to your MSS Service Manager

• Symantec SEP customer? Reach out to your local rep

• go.symantec.com/mss

• Follow us on twitter @SymantecMSS

25

How to get more information

MSS – Advanced Threat Protection

Symantec Global Intelligence Network

Endpoint Protection

Partner Network Security Gateways


Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

#SymVisionEmea


Tom Davison Antonio Forzieri

[email protected] [email protected]

Symantec Event Template - VOXvox.veritas.com/legacyfs/online/veritasdata/LONDON VIS Tom...

Documents

Transcript of Symantec Event Template - VOXvox.veritas.com/legacyfs/online/veritasdata/LONDON VIS Tom...