Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection
|
|
- Rodger Thomas
- 5 years ago
- Views:
Transcription
1 Advanced Threat Defense Certification Testing Report Symantec Advanced Threat Protection ICSA Labs Advanced Threat Defense December 8, 2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA ATD-SYMANTEC
2 ICSA Labs Advanced Threat Defense Report-at-a-Glance Executive Summary Symantec Advanced Threat Protection During 28 consecutive days of testing, ICSA Labs tested the detection capabilities of the Symantec Advanced Threat Protection (ATP) with a mix of over 650 test runs. The mix was primarily composed of new and little-known malicious threats i.e., recently harvested threats not detected by traditional security products. Periodically, ICSA Labs launched innocuous applications and activities to additionally test the Symantec ATP in terms of false positives. Throughout testing ICSA Labs observed product logs to ensure not only that the Symantec ATP indicated the existence of a malicious threat but also that logged threats were distinguishable from other logged traffic and events. The Symantec ATP passed, having met all criteria requirements. As seen in Figure 1 below, the SATP did remarkably well during this test cycle - detecting previously unknown threats while having zero false positives. Figures 2 and 3 below further break down the SATP s detection effectiveness and false positives. Test Length 28 days Malicious Samples 606 Innocuous Apps 61 Test Runs 667 % Detected 91.7% % False Positives 0.0% Fig. 1 High Detection Effectiveness & Few False Positives ICSA Labs Advanced Threat Defense Certified Test Period: Q Certified Since: 12 / 2015 Fig. 2 Detected 556 of 606 New & Little-Known Malicious Samples Fig. 3 Few Alerts on Innocuous Applications ATD-SYMANTEC Page 1 of 9
3 Introduction This is Symantec s first ICSA Labs Advanced Threat Defense Certification testing report for Symantec ATP. ICSA Labs Advanced Threat Defense (ATD) testing is aimed at vendor solutions designed to detect new threats that other traditional security products miss. Thus the focus is on how effectively vendor ATD solutions detect these unknown and little-known threats. The remainder of the report presents a more detailed look at how the Symantec ATP performed during this cycle of ICSA Labs Advanced Threat Defense Certification testing. To better understand what the results mean, this report documents not just the testing results themselves but the threat vectors and sample sources that ICSA Labs employed for this cycle of ATD testing against Symantec ATP. Threat Vectors The current set of threat vectors used in ICSA Labs ATD Certification Testing map directly to many of the top threat vectors that lead to enterprise cybersecurity breaches as reported in the Verizon Data Breach Investigation Report (DBIR). That is, the tested malicious threat vectors are among the most common ones leading to breaches in both the most recent DBIR as well as historically. Figure 4 depicts the most common threat vectors in the DBIR over time while Figure 5 illustrates those threat vectors that were most common in the 2015 DBIR Direct Install Attachment Web Download Web Drive-By Link Download by Malware Network Propagation Remote Injection Removable Media Other Fig. 4 DBIR Threat Vectors All Time Direct Install Link Attachment Web Drive-By Download by Malware Web Download Remote Injection Network Propagation Removable Media Other Fig. 5 DBIR Threat Vectors 2015 ATD-SYMANTEC Page 2 of 9
4 Figures 4 and 5 above indicate that there is much overlap between current and historic threat vectors. ICSA Labs ATD testing includes the threat vector that is by far the most prevalent, Direct Install. In addition, the testing currently includes the threat vectors labeled Web Download, Web Drive-By, and Download by Malware. The malicious threats themselves that are used in testing target weaknesses in end-user Windows desktop machines. While some threats are generically applicable to servers as well, test cases target services and software typically found on desktop machines in enterprises. The threats often involve: a. Local execution or loading of a malicious executable or data file (covering means by which an attacker has access or a user is tricked into doing so), or b. Exploitation of a client-side vulnerability in the OS, web browser, or other commonly installed application subject to malicious data files being loaded without intentional user action, or c. There may also be attacks involving remotely-accessible components of such machines. Note that in most threat detection related test cases, a file of some sort is involved. Throughout this report such a file is referred to as a sample. ATD Solution Tested ICSA Labs tested Symantec Advanced Threat Protection (ATP). Symantec ATP as tested was a singlecomponent advanced threat defense solution and is described by Symantec below. Advanced Threat Protection v (version tested) Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and remediates advanced attacks. It inspects network traffic in real-time, using an array of analysis engines, including Cynic, to detect advanced attacks. This analysis is fused with intelligence from existing Symantec Endpoint Protection clients, Security.cloud, and Symantec s massive global sensor network, to stop threats that evade individual point products, with no additional agents to deploy. And with one click of a button, Symantec Advanced Threat Protection will search for, discover, and remediate any attack artifacts in your organization. All from a single console. For more information about the Symantec Advanced Threat Protection solution, please go to: Test Cycle Information This report reflects the results of one test cycle at ICSA Labs. Test cycle duration ranges from three to five weeks. To be eligible for certification, vendor solutions must be tested for at least 3 consecutive weeks. For vendors, like Symantec, that has registered for ICSA Labs Advanced Threat Defense (ATD) testing, ICSA Labs tests their ATD solutions as many as four times during a twelve-month contract term. Each quarterly test is performed using the latest, new and little-known malicious threats. During each test cycle ICSA Labs subjects ATD solutions to hundreds of test runs comprised of a mix of new threats, little-known threats and innocuous applications sent one after another continuously. Below in Figure 6 is information about the test cycle from which this findings report is based: Start Date Sept 22, 2015 Days of Continuous Testing 28 End Date Oct 23, 2015 Test Runs 667 Fig. 6 Information On This Test Cycle ATD-SYMANTEC Page 3 of 9
5 Prior ATD Reports With this report, Symantec Advanced Threat Protection initially passed all the test cases and attained certification. Thus there are no earlier ICSA Labs Advanced Threat Defense Certification testing reports for Symantec ATP. Source of Samples A number of sample sources feed ICSA Labs ATD testing. One source is the spam ICSA Labs collects. The labs spam honeypots receive approximately 250, ,000 spam messages/day. For ICSA Labs ATD testing, the team harvests attachments in that spam, making use of the ones that are malicious. Another sample source is from malicious URLs. Some of these come from the spam mentioned above. From feeds like this ICSA Labs filters and checks the URLs to see if there is a malicious file on the other end of that URL -- either as a direct file link or a series of steps (e.g. a drive-by attack with a multi-stage download process) leading to it. If so, ICSA Labs collects the sample for potential use in testing. ICSA Labs additionally uses other tools and techniques to create unique malicious files as an attacker or penetration tester might do. In some cases these are trojanized versions of clean executables. In other cases they may be original executables that are malicious. Still another source of samples is the samples themselves. Any dropped files resulting from running another malicious sample are also evaluated and potentially used in testing. Finally and importantly to test for false positives ICSA Labs also launches legitimate executables. Running innocuous applications helps ensure that vendor solutions aren t just identifying everything as malicious. Regarding The Samples From This Test Cycle Samples harvested for use in ATD testing are often unmodified and used as is. That is the case if ICSA Labs determines that the sample is new enough and/or not being detected by traditional security products. In many cases malicious samples require modification before it can avoid detection by traditional security products. Of the 606 malicious samples, Figure 7 shows that there were many more original samples used and far fewer samples that required some kind of modification before use in testing. As there were many more unmodified samples, Figure 8 reveals the source of the 463 malicious samples used in testing that were both unmodified and non-dropped. Fig. 7 Malicious Samples Original vs. Modified Fig. 8 Unmodified/Non-Dropped Sample Sources ATD-SYMANTEC Page 4 of 9
6 Detection Effectiveness To meet the criteria requirements and attain (or retain) certification through ICSA Labs testing, advanced threat defense solutions must be at least 75% effective at detecting new malicious threats. As shown in Figure 9 the Symantec ATP detected 91.7% of the threats it encountered during testing, considerably better than the percentage required for certification. Fig. 9 Symantec Advanced Threat Protection s Detection Effectiveness ICSA Labs harvests and uses many distinct malicious samples in each test cycle unrelated to the others used. Even so, there are also many similar or related malicious samples used in the test set as well. Of the 50 malicious samples not detected by the Symantec ATP, 80% were distinct misses (i.e., the not-detected samples were unrelated to one another). Of the remaining 10 misses, each is related to at least one other malicious threat that was not detected. Represented by pie slices in Figure 10 below, there are three groups each of which includes one or more related malicious threats that all went undetected during testing (labeled Related A through Related C ). Being almost 92% effective, the Symantec ATP didn t miss too many malicious threats during this test cycle; however, it did have a little trouble with similar malicious threats represented by those in the pie slice labeled, Related A and to a lesser extent those in Related B. Fig. 10 Most Undetected Malicious Samples Were Unrelated ATD-SYMANTEC Page 5 of 9
7 Another interesting plot of the SATP s detection effectiveness data appears below in Figure 11. The chart sheds light on whether or not the Symantec ATP did better or worse the newer the malicious sample. The SATP detected 93% of threats one hour old or less, and 86% of threats that were 2 hours old. In fact, regardless of how new or how old the threat, Symantec ATP did a very good job detecting new and little-known malicious threats during this test cycle. Fig. 11 Detection Effectiveness by Age of Threat (Threats < 24 Hours Old) A final effectiveness-related plot to consider for Symantec ATP during this test cycle is Figure 12 below. Plotted below is each of the 28 test cycle days along with how effective SATP was on each of those days. With the exception of the first day during the test cycle, the Symantec ATP was always over 75% effective. And on all but 10 days, the Symantec ATP was at least 90% effective against new and little-known threats. Best of all, for almost 20% of test days during the test cycle (5 days) the Symantec ATP was 100% effective. Fig. 12 Detected & Missed Threats by Day of Test Cycle ATD-SYMANTEC Page 6 of 9
8 Analyst Observations The Symantec ATP is particularly strong when a complete investigation of a compromise is required. When an individual threat is detected, an incident record is created with related Incidents being grouped into a campaign. In SATP parlance, a Campaign includes information about malicious files, URLs accessed and network traffic. The reputation of a URL can be viewed easily using a link to a Norton Safe Web Report. The analysis of potentially malicious files is very deep and includes a list of behaviors (modifying the registry, creating files, etc.) along with their importance (informational, suspicious or malicious). Overall, the Symantec Advanced Threat Protection advanced threat defense solution was very effective at detecting unknown threats. Remarkably, it had no false positives during this test cycle. ICSA Labs was impressed with Symantec s SATP and would recommend it to enterprise organizations in the market for an advanced threat defense solution. ATD-SYMANTEC Page 7 of 9
9 Significance of the Test & Results Readers of certification testing reports often wonder what the testing and results really mean. They ask, In what way is this report significant? The four statements below sum up what this ICSA Labs Advanced Threat Defense Certification Testing report should indicate to the reader: 1. ICSA Labs tested the Symantec ATP using the primary threat vectors leading to enterprise breaches according to Verizon s Data Breach Investigations Report (DBIR). 2. ICSA Labs tests with malicious threats that other security products typically miss. 3. The Symantec ATP demonstrated superb threat detection effectiveness against over 600 new and little-known threats. 4. The Symantec ATP had no false positives during testing. ATD-SYMANTEC Page 8 of 9
10 Authority Report Date: December 8, 2015 This report is issued by the authority of the Managing Director, ICSA Labs. Tests are done under normal operating conditions. ICSA Labs The goal of ICSA Labs is to significantly increase user and enterprise trust in information security products and solutions. For more than 20 years, ICSA Labs, an independent division of Verizon Business, has been providing credible, independent, 3rd party security product testing and certification for many of the world s top security product developers and service providers. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance. is the global leader in cybersecurity. Operating one of the world s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives. ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA World Headquarters 350 Ellis Street Mountain View, CA ATD-SYMANTEC Page 9 of 9
Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector
Advanced Threat Defense Certification Testing Report Trend Micro Deep Discovery Inspector ICSA Labs Advanced Threat Defense July 12, 2016 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationFortinet, Inc. Advanced Threat Protection Solution
Q4 2017 Advanced Threat Defense Certification Testing Report Advanced Threat Protection Solution Tested against these standards ICSA Labs Advanced Threat Defense ICSA Labs Advanced Threat Defense - Email
More informationSymantec Advanced Threat Protection: Endpoint
Symantec Advanced Threat Protection: Endpoint Data Sheet: Advanced Threat Protection The Problem Virtually all of today's advanced persistent threats leverage endpoint systems in order to infiltrate their
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationICSA Labs Network Firewall Certification Testing Report Corporate Criteria Version 4.2. Huawei Technologies. USG Series/Eudemon-N Series
ICSA Labs Huawei Technologies USG Series/Eudemon-N Series 4/20/2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com FWXX HUAWEITECH-2015-0420-01 Table of
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationDefending Against Known & Unknown Threats
Defending Against Known & Unknown Threats Jack Walsh, New Initiatives & Mobility Programs Manager Copyright 2016 ICSA Labs Introducing ICSA Labs About ICSA Labs We re known for Providing independent 3
More informationData Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview creates a protected endpoint and messaging environment that is secure against today s complex data loss, malware, and spam threats controlling
More informationSecuring Office 365 with Symantec
February, 2016 Solution Overview: Enterprise Security Adoption of Microsoft Office 365, Google Apps, and other cloud-based productivity solutions is growing. Microsoft in its Ignite 2015 session claimed
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationThe Symantec Approach to Defeating Advanced Threats
WHITE PAPER: THE SYMANTEC APPROACH TO DEFEATING ADVANCED........... THREATS............................. The Symantec Approach to Defeating Advanced Threats Who should read this paper For security practitioners
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationMRG Effitas 360 Degree Assessment & Certification Q4 2017
MRG Effitas 360 Degree Assessment & Certification Q4 2017 1 Contents Introduction... 3 Executive Summary... 3 Certification... 4 The Purpose of this Report... 5 Tests Employed... 6 Security Applications
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationMRG Effitas 360 Degree Assessment & Certification Q1 2018
MRG Effitas 360 Degree Assessment & Certification Q1 2018 1 Contents Introduction... 3 Executive Summary... 3 Certification... 4 The Purpose of this Report... 5 Tests Employed... 6 Security Applications
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationMeasuring cloud-based anti-malware protection for Office 365 user accounts
Measuring cloud-based anti-malware protection for Office 365 user accounts Ferenc Leitold Veszprog fleitold@veszprog.hu Anthony Arrott CheckVir aarrott@checkvir.com William Kam Trend Micro william_kam@trendmicro.com
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationDefending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks
Defending Against Unkown Automation is the Key Rajesh Kumar Juniper Networks When and not if you will get attacked! ON AVERAGE, ATTACKERS GO UNDETECTED FOR OVER 229 DAYS Root cause of Security Incidents
More information1.0 High Availability (HA) Firewall Module Lab Report. Elitecore Technologies Ltd. Cyberoam CR50i Version build 25.
1.0 High Availability (HA) Firewall Module Lab Report Elitecore Technologies Ltd. Cyberoam CR50i Version 9.5.6 build 25 Introduction The ICSA Labs High Availability (HA) Firewall Certification Criteria
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationMCAFEE INTEGRATED THREAT DEFENSE SOLUTION
IDC Lab Validation Report, Executive Summary MCAFEE INTEGRATED THREAT DEFENSE SOLUTION Essential Capabilities for Analyzing and Protecting Against Advanced Threats By Rob Ayoub, CISSP, IDC Security Products
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationDefend Against the Unknown
Defend Against the Unknown Stay ahead of new threats with McAfee Endpoint Threat Defense solutions Targeted exploits. Ransomware. Explosive growth in zero-day malware. Organizations are locked in an ongoing
More informationSymantec Protection Suite Add-On for Hosted Security
Symantec Protection Suite Add-On for Hosted Email Security Overview Malware and spam pose enormous risk to the health and viability of IT networks. Cyber criminal attacks are focused on stealing money
More information9 Steps to Protect Against Ransomware
9 Steps to Protect Against Ransomware IT Support Analyst Task Overview Security Manager Security Dashboard Self Service log Secur Devices With Vulnerabilities Critical Important/High Moderate/Medium 40
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationMRG Effitas 360 Degree Assessment & Certification Q MRG Effitas 360 Assessment & Certification Programme Q2 2017
MRG Effitas 360 Degree Assessment & Certification Q2 2017 1 Contents Introduction... 3 Executive Summary... 3 Certification... 4 The Purpose of this Report... 5 Tests Employed... 6 Security Applications
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationPrevent and Detect Malware with Symantec Advanced Threat Protection: Network
WHITE PAPER: SYMANTEC ADVANCED THREAT PROTECTION........................................ Prevent and Detect Malware with Symantec Advanced Threat Protection: Network Who should read this paper This white
More informationIsla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide
Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide How the Two Approaches Compare and Interoperate Your organization counts on its security capabilities
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationSymantec Secure One Services Program Brief
Symantec Secure One Services Program Brief Align with the industry leader Differentiate your business Increase support services revenue July 2017 Table of Contents Secure One Services Program Overview
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationMeasuring Cyber Risk Understanding the Right Data Sources. Sponsored By:
Measuring Cyber Risk Understanding the Right Data Sources Sponsored By: Measuring Cyber Risk Understanding the Right Data Sources Visit www.advisenltd.com at the end of this webinar to download: Copy of
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationSOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.
SOLUTION OVERVIEW Enterprise-grade security management solution providing visibility, management and reporting across all OSes. What is an endpoint security management console? ESET Security Management
More informationWHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT
WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT THREE DECADES OF COMPUTER THREATS In 1986, the Brain boot sector virus caused the first widespread realization
More informationADVANCED THREAT HUNTING
ERADICATE CONCEALED THREATS: ADVANCED THREAT HUNTING WITH CARBON BLACK OVERVIEW OVERVIEW In a SANS survey, 56% of incident responders claim they assume their enterprise is already compromised i. By preparing
More informationLive Attack Visualization and Analysis. What does a Malware attack look like?
Live Attack Visualization and Analysis What does a Malware attack look like? Introduction Bromium is a virtualization pioneer whose micro-virtualization technology delivers dependable, secure and manageable
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationOPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications
OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications By Mike Pittenger, Vice President, Security Strategy Black Duck s On-Demand business conducts audits of customers
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationBarracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper
Barracuda Advanced Threat Protection Bringing a New Layer of Security for Email White Paper Evolving Needs for Protection Against Advanced Threats IT security threats are constantly evolving and improving,
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationQualys Indication of Compromise
18 QUALYS SECURITY CONFERENCE 2018 Qualys Indication of Compromise Bringing IOC to the Next Level Chris Carlson VP, Product Management, Qualys, Inc. Adversary TTPs are Changing Early 2010s Zero-day Vulnerabilities
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationYOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next
YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0
More informationAdministration of Symantec Data Loss Prevention 10.5 Study Guide
Administration of Symantec Data 10.5 Study Guide The following tables list the Symantec Certification exam objectives for the Administration of exam and how these objectives align to the course. For more
More informationAt a Glance: Symantec Security.cloud vs Microsoft O365 E3
At a Glance: Symantec Email Security.cloud vs Microsoft O365 E3 Microsoft O365 E3 Security as a Feature Symantec Email Security.cloud Why This Is Important Spam Protection Third-party blacklists subscribed
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationEndpoint Security for the Enterprise. Multilayered Defense for the Cloud Generation FAMILY BROCHURE
Endpoint Security for the Enterprise Multilayered Defense for the Cloud Generation FAMILY BROCHURE Symantec Endpoint Security Portfolio for the Cloud Generation Symantec Endpoint Protection 14 Symantec
More informationINTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.
2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationTrend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central
Trend Micro Apex One as a Service / Apex One Best Practice Guide for Malware Protection 1 Best Practice Guide Apex One as a Service / Apex Central Information in this document is subject to change without
More informationAdvanced Malware Protection: A Buyer s Guide
Advanced Malware Protection: A Buyer s Guide What You Will Learn This document will identify the essential capabilities you need in an advanced malware protection solution, the key questions you should
More informationSymantec Endpoint Protection 14
Symantec Endpoint Protection Cloud Security Made Simple Symantec Endpoint Protection 14 Data Data Sheet: Sheet: Endpoint Endpoint Security Security Overview Last year, we saw 431 million new malware variants,
More informationCLOSING THE GAP IN MALWARE DETECTION DISRUPTING THE DETECTION-BASED DYNAMIC
DISRUPTING THE DETECTION-BASED DYNAMIC EXECUTIVE SUMMARY Panda Advanced Protection Service, is a new approach to disrupt the detection-based dynamics which have dominated the security industry since its
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationComodo Certificate Manager
Comodo Certificate Manager Simple, Automated & Robust SSL Management from the #1 Provider of Digital Certificates 1 Datasheet Table of Contents Introduction 3 CCM Overview 4 Certificate Discovery Certificate
More informationSymantec Security.cloud
Data Sheet: Messaging Security filters unwanted messages and protects mailboxes from targeted attacks. The service has selflearning capabilities and Symantec intelligence to deliver highly effective and
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationTRUE SECURITY-AS-A-SERVICE
TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.
More informationMastering The Endpoint
Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationBUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection
BUILT TO STOP BREACHES Cloud-Delivered Endpoint Protection CROWDSTRIKE FALCON: THE NEW STANDARD IN ENDPOINT PROTECTION ENDPOINT SECURITY BASED ON A SIMPLE, YET POWERFUL APPROACH The CrowdStrike Falcon
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationSymantec Endpoint Protection Integration Component User's Guide. Version 7.0
Symantec Endpoint Protection Integration Component User's Guide Version 7.0 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More information