Secure & Manage The World s Information

Transcription

1 1

2 Secure & Manage The World s Information Governance Policy Compliance Risk Management Incident Management Classification Data Loss Prevention Information ediscovery Archiving / Retention Infrastructure Management Security Data Protection Storage Management Availability Endpoints Data Center Cloud Copyright 2009 Symantec Corporation. All rights reserved. 2 2

3 Symantec Global Intelligence Network (GIN) identifies more threats - takes action faster - prevents impact Tokyo Calgary Springfield San Francisco Redwood City Santa Monica Dublin Twyford Munich Taipei Alexandria Pune Sydney Global Scope and Scale Largest Security Footprint Worldwide Instant Detection Attack Activity 240,000 sensors 200+ countries Preemptive Security Alerts 24x7x365 Collection & Correlation Malware Intelligence 130M* client, server, gateways monitored Global coverage Vulnerabilities 32,000+ vulnerabilities 11,000 vendors 72,000 technologies Information Protection Network Spam/Phishing 2.5M decoy accounts 8B+ messages/day 1B+ web requests/day Threat Triggered Actions 3 3

4 Internet Security Threat Report A World-Wide Vender Neutral Comprehensive and Empirical Analysis Internet Security Threat Activities and Trends Identified by Symantec Based upon Real Data Collected by Global Intelligence Network Only Available Report Offering Complete View of the Current Internet Security Threat Landscape Identifies and Analyzes Attacker Methods, Techniques and Preferences Details Latest Trends, Activities and Information Internet Attacks Vulnerabilities Discovered and Exploited Malicious Code / Malware Additional Security Threats - Spyware, Phishing, and Spam Underground Economy Activity This Report Is Not: A Survey of Opinions Product Driven Marketing Scientific Certainty An Analysis of Vendor Capabilities Copyright 2010 Symantec Corporation. All rights reserved. 4

5 Internet Security Threat Report Copyright 2010 Symantec Corporation. All rights reserved. 5

6 Threat Landscape History Old Motivation New Motivation Fame Fortune Threats persist with a goal of notoriety Threats are visible and indiscriminate Threats are fleeting with a goal of profit Threats are SILENT and laser targeted to steal data Computers People Attackers are moving their operations to regions with emerging Internet infrastructures and, in some instances, developing and maintaining their own service provisioning Attackers are increasingly targeting end users by compromising high-traffic, trusted websites Copyright 2010 Symantec Corporation. All rights reserved. Copyright Symantec

7 # of Applications Threat Landscape Evolution Attackers have shifted Away from mass-distribution of few threats; To micro distribution of millions of distinct threats. How? Their servers generate a new malware strain every few moments Every set of victims gets attacked by a new strain! How big is the problem? We re creating as many as 10-25K signatures for new threats daily! Further, our sensor data shows us that we ve passed an inflection point A week-long internal study showed that more malicious programs were released than legitimate software. 65% of all new apps installed during the 1-week study were malicious, and found on <5% users PCs. Time And attackers could make things far worse We could easily see millions/tens of millions of unique threats per year. What chance will a security vendor have of discovering malware targeted at just 2-3 users? Copyright 2010 Symantec Corporation. All rights reserved. Copyright Symantec

8 Anatomy of a Breach; the bottom line. 90% of breaches in 2009 involved organized crime targeting corporate/sensitive/protected/ information 81% of attacked organizations were non-compliant in PCI & assoc. 67% of breaches were due to insider negligence Copyright 2010 Symantec Corporation. All rights reserved. 8

9 How do we Protect the Infrastructure? An average of 300 million attempted malicious code attacks worldwide BLOCKED each month in Prelude To A Breach Over 60% of Symantec s malicious code signatures created in 2008 alone. Over 90% of threats in 2009 targeted confidential information Copyright 2010 Symantec Corporation. All rights reserved. 9

10 How do we better Protect the Information? Copyright 2010 Symantec Corporation. All rights reserved. 10

11 Vision: Transforming Security From Inhibitor to Mission/Business Enabler S E C U R I T Y 2. 0 S E C U R I T Y 1. 0 Lock down systems Keep the bad things out Protect only infrastructure Decisions are fixed and static Disparate and disconnected Balance Risk and Opportunity Keep the Good Things in Protect Information and Interactions Make Decisions Based on Reputation Standardize and Automate Processes Copyright 2010 Symantec Corporation. All rights reserved. 11

12 Strategy: Transforming Security How does security enable the organization to complete its stated mission objectives? How important are the following when making securityrelated decisions? Achieving/maintaining regulatory compliance Protecting operational reputation Protecting against financial loss Protecting intellectual process / confidential information Protecting the accuracy and integrity of data and systems Threat management agility Mission Drivers for Security Time to deployment & enablement Copyright 2010 Symantec Corporation. All rights reserved. 12

13 Strategy: Transforming Security Security Taxonomy Global Security Intelligence, Support, and Response Security Advisory & Residency Services Governance Security Information Manager Control Compliance Suite Managed Security Services DeepSight Threat Management Develop and Enforce IT Policies Security Program Assessment Information Assurance Analysis Penetration Testing Altiris Asset Management Solution > Control Compliance Suite Information Protection Data Loss Prevention Cyber Threat Analysis Program (CTAP) Enterprise Vault Protect the Information Symantec Mail Security Symantec Workflow Backup Exec System Recovery Message Labs (SaaS) Web & Mail Protect > Data Loss Prevention Suite Archiving Endpoint Infrastructure Security Management & Symantec Mobile Security Symantec Critical System Protection Symantec Endpoint Protection > Symantec Altiris Client Management Protection Suite Symantec Network Access Control Symantec Endpoint Encryption Symantec Web Gateway Endpoint Virtualization Protect the Infrastructure Manage Systems > Altiris Total Management Suite Copyright 2010 Symantec Corporation. All rights reserved. 13

14 Symantec Security Strategy 1Protect the Infrastructure Symantec Protection Suite

15 Protect the Infrastructure Secure Endpoints Protect and Web Defend Critical Internal Servers Backup and Recover Data Symantec Protection Suite 15

16 AntiVirus alone is not enough Standard Antivirus PC deployment Antispyware Antivirus Symantec AntiVirus Copyright 2010 Symantec Corporation. All rights reserved. 1616

17 AntiVirus vs. SEP11 Comprehensive Endpoint Protection deployment Device and Application Control Standard Antivirus PC deployment Antispyware Antivirus Firewall Intrusion Prevention Antispyware Antivirus Symantec AntiVirus Symantec Endpoint Protection 11.0 Copyright 2010 Symantec Corporation. All rights reserved. 1717

18 24 MB 25 MB 75 MB+ The SEP Advantage Symantec Endpoint Protection 11.0 Symantec AntiVirus 10.x Closest Endpoint Competitor SEP 11.0 Client 1818

19 Recent HydraQ Defenses via SEP Symantec released updated THREAT AV signatures associated with attack: Trojan.Pidief.G July 2, 2009 Trojan Horse.H July 13, 2009 Bloodhound.Exploit.266 August 2, 2009 Trojan Horse.H1 July 13, 2009 Trojan.Hydraq January 11, 2010 Trojan.Hydraq!gen1 January14, 2010 Symantec released updated VULNERABILITY IPS signatures associated with this attack: Blocks IE zero-day exploit: HTTP MSIE Memory Corruption Code Exec (23599) January 16, 2010 Blocks Adobe Acrobat, Reader and Flash vulnerability: HTTP Acrobat PDF Suspicious File Download 4 July 17,

20 AntiVirus vs. SEP11 vs. SEP/SNAC11 Standard Antivirus PC deployment Antispyware Antivirus Comprehensive Endpoint Protection deployment Device and Application Control Firewall Intrusion Prevention Antispyware Antivirus Complete Endpoint Security Solution Network Access Control Device and Application Control Firewall Intrusion Prevention Antispyware Antivirus Symantec AntiVirus Symantec Endpoint Protection 11.0 Symantec Endpoint Protection 11.0 Symantec Network Access Control 11.0 Copyright 2010 Symantec Corporation. All rights reserved. 2020

21 Enforce Security, Configuration & Compliance Symantec Network Access Control Checks adherence to endpoint security policies continuously! Antivirus installed and current? Firewall installed and running? Required patches and service packs? Required configuration? Is NOT network dependent Remediates configuration problems Regulates guest access An endpoint management anomaly is by definition an endpoint security vulnerability. SNAC mitigates and remediates those anomalies. 2121

22 Symantec Protection Suite Symantec Protection Suite Enterprise Edition Endpoint Security Symantec Endpoint Protection Symantec Network Access Control Self Enforcement Symantec Mobile Security Messaging & Web Security Symantec Brightmail Gateway Symantec Web Gateway Symantec Mail Security for Microsoft Exchange Symantec Mail Security for Domino Symantec Premium AntiSpam Backup and Recovery Symantec Backup Exec System Recovery One $ Price All these Solutions

23 True High Caliber Server Protection Close back doors (block ports) Limit network connectivity by application Restrict traffic flow inbound and outbound Symantec Critical Systems Protection Network Protection (Host IPS) Exploit Prevention (Host IPS) Restrict apps & O/S behaviors Protect systems from buffer overflow Intrusion prevention for day-zero attacks Symantec Critical Systems Protection 5.2 Lock down configuration & settings Enforce security policy De-escalate user privileges Prevent removable media use System Controls (Host IPS) Auditing & Alerting (Host IDS) Monitor logs and security events Consolidate & forward logs for archives and reporting Smart event response for quick action simplify - streamline - protect 2323

24 True High Caliber Server Protection Symantec Critical Systems Protection Platform Microsoft Windows Client Edition Windows XP Windows 2000 Prevention Windows 2000, 2003 and 2008, includes 32-bit & 64-bit support Windows NT Server Edition Detection Windows 2000, 2003 and 2008, includes 32-bit & 64-bit support Windows NT Solaris n/a Solaris 8, 9, 10* *includes x86, x86 VM, 64-bit & Zones Solaris 8, 9, 10* *includes x86, x86 VM, 64-bit & Zones Linux SuSE Linux Professional SuSE Linux Enterprise Server 8, 9,10 RedHat Enterprise Linux 3**, 4**, 5 includes 32-bit & 64-bit support SuSE Linux Enterprise Server 8, 9,10 RedHat Enterprise Linux 3**, 4**, 5 includes 32-bit & 64-bit support AIX n/a *2010 mapped AIX 5L (5.1, 5.2, and 5.3) HP-UX n/a *2010 mapped HP-UX 11i v1 (11.11)**, v2 (11.23)** and v3 (11.31)** HP Tru64 Unix V5.1B 2424

25 Enterprise Security Visibility Symantec Security Information Manager Collection Storage Correlation Presentation Broad and customizable High volume processing Meaningful normalization Assured reliability Flexible capacity Archive segmentations Quick queries and searches Retention Policy Automation Integrity verification Easy rule based analysis Hierarchical incident associations Global Intelligence Network integration Asset groupings Over 400 out of box queries Customizable consoles Web based portals Raw event data viewer Standardized query templates 2525

26 Enterprise Security Visibility & Mgmt Symantec Security Information Manager [ SSIM ] 1) Allows the CIC/members to build & maintain their own GIN. 2) Leverages Symantec GIN & Workflow for Proactive Threat Visibility, Agility, and Reactivity. Endpoint Mail and Groupware OS Enterprise Network Other sources Syslog Database Firewalls Vulnerability Scanners IDS/IPS SEP SNAC SCSP SEE Altiris Cisco ArcSight Microsoft McAfee CheckPoint ~200 more 2626

27 Symantec Security Strategy 2Develop and Enforce IT Policies Control Compliance Suite 27

28 Develop and Enforce IT Policies Define Risk and Develop IT Policies Assess Infrastructure and Processes Report, Monitor and Demonstrate Due Care Remediate Problems Control Compliance Suite 28

29 Control Compliance Suite Define Assess Report Remediate Determine Risk and Develop Policies Assess Infrastructure and Processes Monitor and Demonstrate Due Care Assess Risk and Remediate Problems POLICIES and CONTROLS TECHNICAL CONTROLS DASHBOARDS RISK WEIGHTED REMEDIATION RISK ASSESSMENTS PROCEDURAL CONTROLS AUDIT REPORTS * Gideon Technologies acquisition to grow SCAP Compliance Suite 2929

30 Symantec Security Strategy 3Protect the Information Data Loss Prevention Suite 30

31 Protect the Information Discover Where Sensitive Information Resides Monitor How Data is Being Used Protect Sensitive Information From Loss Data Loss Prevention Suite 31

32 Data Loss Prevention Direct integrations: -Symantec Enterprise Vault -Symantec Backup Exec Recovery -Symantec Network Access Control Process automations: Automated ediscovery Automated Lost Hardware Risk Mitigation Content Control Data Discovery Archive / Backup Removable Media DLP Platform E-Discovery / Classification Mail Security Monitoring & Prevention Discovery & Protection Web Security Data Governance Instant Message Security 3232

33 Symantec Endpoint Encryption Full Disk and/or Partition Encryption: -Encrypts boot disk -Encrypts up to 20+ partitions on system boot disk -FIPS validated AES cryptography -256-bit key (default) or 128-bit key for disk encryption -Self-service recovery for lost or forgotten passwords - Authenti-Check challenge/response questions and answers -Pre-boot hardened authentication -Single Sign-on integration Removable Media Encryption: -Transparent end user operation -Comprehensive encryption support Policy based encryption for removable media FIPS certified AES 256 bit or 128 bit, CC EAL4 pending Encrypt plain text data on devices -Best-in-class storage media support Flash drives, Hard drives, SD cards, CF cards, CDs/DVDs, ipods, etc. -Portability Access utility Install by policy, read / write encrypted data Self-extracting archives 3333

34 Symantec Security Strategy 4Manage the Enterprise Altiris Total Management Suite 34

35 Manage the Enterprise Increase IT Effectiveness Control Hardware and Software Expenses Improve Availability and Service Levels Altiris Total Management Suite 35

36 Integration Capabilities via Altiris LCM Integration of the Industry Leading Solutions; period. INFORMATION PROTECTION Symantec Data Loss Prevention Symantec Endpoint Encryption Backup Exec System Recovery Backup Exec Infrastructure Manager ENDPOINT SECURITY Symantec Endpoint Protection Symantec Network Access Control Symantec Critical Systems Protection SYSTEMS MANAGEMENT *Client Management Suite *Server Management Suite Service & Asset Management Suite Endpoint Virtualization Veritas Configuration Manager Unified Deployment and Management via Altiris Copyright 2010 Symantec Corporation. All rights reserved. 3636

37 IT Tool Collaboration & Process Automation via Symantec Workflow 3737

38 Virtualization Capabilities via Altiris Symantec Virtualization Solutions Virtual Distribution Symantec Workspace Streaming On-demand application streaming User-based provisioning Simplified packaging and scripting Direct MSI conversion Dynamic License Management Single click application upgrades Industry standard distributed architecture License tracking and management Virtual Execution Symantec Workspace Virtualization Eliminate application conflicts Accelerate application rollouts Low overhead Virtualized apps interact normally User/system/management agents interact normally with virtualized apps Keeps base OS image clean Rapidly resolve application problems Integration with multiple Symantec products Virtual Workspace Symantec Workspace Corporate and Symantec Workspace Remote Single sign-on Application auto launch Roaming with state persistence Kiosk for workstation sharing Location awareness Proximity printing Consistent local / remote access 3838

39 Protect the Infrastructure Develop and Enforce IT Policies Protect the Information > Symantec Protection Suite > Control Compliance Suite > Data Loss Prevention Suite Manage the Enterprise > Altiris Total Management Suite Copyright 2010 Symantec Corporation. All rights reserved. 39

40 Endpoint Security Roadmap Reputation-Based Protection #1 #2 #3 #4 prevalence hygiene provenance reputation How many other people in the world have this file? User behavior can drive infection rates Publishers and distributors Malware histories help prioritize publishers DeepClean Collectively, this becomes the system for building and maintaining the world s most precise and most comprehensive whitelist and file provide reputation infrastructure Copyright 2010 Symantec Corporation. All rights reserved. Copyright Symantec

41 Start with a mature endpoint stack Network Access Control Device and Application Control Firewall Intrusion Prevention Antispyware Antivirus E N C R Y P T I O N D L P A L T I R I S / L C M 41

42 Security Focused Advisory / Consulting Services Our Experts making a Difference for Your Organization Symantec Advisory Services Secure Application Services Compliance Application Development Services Lifecycle Review Secure Regulatory Application Infrastructure & Standards Penetration Tests Services Assessments PCI Services Security Application Network Architecture PCI Security Operations Design Assessment Assessment Audit Service Services & Design Application Secure Review PCI Lifecycle Security Code Scanning Development ReviewService Network Application Risk/Blueprint PCI Compliance Penetration Security Assessment Readiness Assessment Principles Review Course PCI Payment Application Best Network SOC Design Vulnerability and Staffing Assessment Wireless Practices Security Assessment Security Awareness Assessment Program ISO Gap Assessment Cyber Threat Analysis Program (CTAP) Federal/Gov t Standards Compliance Assessments Breach & Outbreak Response Action Team ( BORAT ) Copyright 2010 Symantec Corporation. All rights reserved. 42

43 Magic Quadrant Strategic Leadership Network Access Control Endpoint Protection Platforms Security Info & Event Mgmt Content-Aware DLP Security Boundaries PC Lifecycle Config Mgmt -

44 Thank You! 44

45 45