Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz...

Symantec Targeted Attack Protection 1

Stopping Tomorrow’s Targeted Attacks Today

[email protected]


66%Breaches went undetected for

30 days or more

243

Days before detected

4Months to remediate

Organizations are NOT Stopping Targeted Attacks

42%

Increase in Targeted Attacks Last Year

Not Just Big Companies


Greatest growth in 2012 is at companies with <250 employees

Employees2,501+

50% 2,501+ 50% 1 to 2,500

50%

1,501 to 2,500

1,001 to 1,500501 to 1,000251 to 500

1 to 250

18%in 2011

9%

2%3%5%

31%

Symantec Stops Targeted Attacks TODAY


Endpoint Gateway Data Center

Global Intelligence

Symantec IS Security Intelligence


7 BillionFile, URL & IP Classifications

2.5 TrillionRows of Security Telemetry

1 Billion+Devices Protected

550Threat Researchers

240 Million+Contributing Users & Sensors

14Operations & Response Centers



Global Intelligence

Proactive Endpoint Protection:Symantec Endpoint Protection


Intrusion Prevention

Symantec’s patented Network Intrusion Prevention System

blocks attackers from connecting over the

network to your PCs and injecting their attacks.

Advanced Scanning

Symantec’s next-generation scanning

technology blocks suspicious files – even

those with no fingerprint – before

they can run and steal your data.

InsightReputation

Our Insight System leverages the wisdom of

Symantec’s 100s of millions of users to

compute safety ratings for every single software file on the planet, and uses

this to block targeted attacks.

SONARBehavior Blocking

Monitors softwareas it runs on your

endpoints and automatically blocks

software with suspicious behaviors even if that

software has never been seen before.

Symantec Maximum RepairThe reality is that threats occasionally get through…

Our aggressive SMR technology roots out such entrenched infections and

kills them in seconds.

New: Network Threat Protection for Mac


STOP threats BEFORE they can implant

on the system, and keep data in

Protect against drive-by downloads

Prevent social engineering attacks

Post infection detection

Prevent social media attacks

Protect against unpatched vulnerabilities



Global Intelligence

Symantec Web

Gateway

Proactive Gateway Protection


Symantec Messaging Gateway

Symantec Email

Security.cloud

Email Targeted Attack Trends

• Most targeted attacks are sent via email• Burying Zero-Day Attacks inside of an

attachment is a popular method• Example: RSA Breach• Secure Email Gateways will not block• Other examples including malicious and/or

shortened URLs


New: Gateway:Disarm for Symantec Messaging Gateway

• Disarm removes all active content and reconstructs a clean version

• Clean attachment is delivered in real-time• User is never exposed to the attack


98%of Zero Day Exploits in 2013

Blocked Works with

Attachments

Innovation Made by Symantec Research Labs

Gateway: Proactive ProtectionEmail Security.cloud


Skeptic Real Time Link Following

Detect Malware At Final Destination

Targeted Attacks, Spear Phishing, Phishing, Spam

Evasion TacticsUnderstands short URLs, freewebs,

delays, multi hops, multi destination

Anticipate evolution of

malwarePredictive heuristics

Identify anomaliesDelivery behavior, message attributes, social engineering tricks, attachment

method

Gateway: Proactive ProtectionWeb Gateway

• Leverages anonymous telemetry data from hundreds of machines to construct a massive nexus of files, machines and domains

• Tracks nearly every binary in the world– Billions of files, adding millions every week

– Uses age, prevalence, source and other attributes to assign a reputation rating to files

• Can accurately identify and block threats even if just a single Symantec user encounters them

14

Bad Safety RatingFile is blocked

Good Safety RatingFile is whitelisted

No Safety Rating YetCan be blocked

Symantec Targeted Attack Protection



Global Intelligence

Data Center: The Real Target


“ …. More often endpoints / user devices simply provide an initial “foothold” into the organization, from which the

intruder stages the rest of their attack.”

97%of stolen data is from

servers

Data Center: Proactive Protection for Physical/VirtualLeast Privilege with Symantec Critical System Protection


17

Harden & Protect

VMware Infrastructure

Protect Domain

Controllers

Address PCI Compliance

Requirements

Stop Zero Day Attacks

Shield Embedded

Systems

Symantec Stops Targeted Attacks



Global Intelligence

NewNetwork Threat

Protection for MacDisarm forMessagingGateway

Thank you!

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz...

Documents

Transcript of Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz...