Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Transcription

1 Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec

2 In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582 That s 1 Million 179 Thousand a day. 2

3 TARGETED ATTACKS 150 1, ,200 Average Number of Attacks Per Campaign Recipients per Campaign Campaigns

4 Attack Surfaces Spear-Phishing attacks Negligent Employee Other Network & Endpoints Advanced Malware Malicious sites Spam Ransomware 4

5 Building Integrated Cyber Defense For The Generation 5

6 It Starts With Data What Do We Know? Global Intelligence Network (GIN) 6

7 Intelligence Integration Press Release Copyright Symantec Corporation 7

8 Innovation for the Generation: Protecting Against Advanced Threats Global Intelligence Network Discovered 430 million new unique pieces of malware last year 1B malicious s stopped last year 100M social engineering scams blocked last year 12,000+ applications discovered and protected 182M web attacks blocked last year Global Intelligence Sourced From: 1 Billion previously unseen web requests scanned daily 2 Billion s scanned per day 175M Consumer and Enterprise endpoints protected 9 global threat response centers with 3000 Researchers and Engineers 8

9 The Power of Combined Intelligence 1. ProxySG discovers a brand new malicious file/url 2. Telemetry sent to cloud 3. All SEP and Norton endpoints now block the file/url Copyright 2017 Symantec Corporation Copyright 2016 Symantec Corporation 9

10 The Power of Combined Intelligence 3. All ProxySG installations now block the file/url 2. Telemetry sent to cloud 1. SEP or Norton discover a brand new file/url Copyright 2017 Symantec Corporation Copyright 2016 Symantec Corporation 10

11 The Problems At Hand & Architectural Approach 11

12 Complex User Definition Evolving Data Attack Surface Expanding Perimeter Multi-Phased, Multi-Staged Attacks 12

13 It s About Termination Points Proxy Endpoint Mail Gateway 13

14 And Correlation Across the Critical Domains Messaging Users 14

15 Critical Domains for Correlated Threat Threat Global Intelligence Network Messaging Users 15

16 The fourth security domain Information Information Messaging Users 16

17 Core Technologies Data Loss Prevention Proxy SG / CASB SEP 17

18 The Integrated Cyber Defence Platform 18

19 ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway SIEM Integration 19

20 Endpoint (User) integrations Symantec Endpoint (SEP) As A Core

21 ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway SEP integration Today SIEM Integration 21

22 ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway SEP integration Today Expected H SIEM Integration 22

23 Information integrations Symantec Data Loss Prevention (DLP) As A Core

24 ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway DLP Integration Today SIEM Integration 24

25 ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway DLP Integration Today Expected H SIEM Integration 25

26 Leveraging The Platform To Solve Higher Order Problems.. 26

27 Information Risk & GDPR Preparation Privacy Privacy Operational Lifecycle ISO NIST Cyber Framework Assess Plan Identify Recover Protect Respond Protect Act Do Sustain Check Respond Detect PREPARE PROTECT DETECT RESPOND 27 27

28 Symantec & Information Risk Reducing Risk from Preparation to Response PREPARE PROTECT DETECT RESPOND Understand Personal Data & Risk Posture Protect Personal Data From Malicious Attack & Misuse Provide Rapid Detection Understand Impact of Breach Respond Efficiently & Effectively to be Compliant Mitigate Risk Data Discovery and Privacy Impact Assessments Data Loss Prevention / Data Insight Information and Governance Data Loss Prevention / Encryption / Authentication Monitoring, Threat Intelligence and Cyber Expertise Cyber Services Crisis and Incident Response Cyber Services Risk Posture Assessment and Remediation Control Compliance Suite / Endpoint Threat SEP / DCS / ATP / / Advanced Persistent Threat Detection ATP / Unified Analytics Cyber Insurance Unified Analytics Data Risk Posture Assessment Elastica Data Encryption & Tokenization ProxySG, Data Advanced Persistent Threat Detection SSL Visibility, CAS/MA, Analytics Incident Response and Network Forensics Analytics 28

29 PREPARE PROTECT DETECT RESPOND Symantec & Information Risk Understand Data Risk DLP Data Insight CASB Audit Personal Data Everywhere VIP / MPKI DLP Encryption Advanced Breach Detection, Remediation, & Notification Endpoint Server / CASB Technology Risk CCS EPM CASB CDP ATP Analytics Understand, Report, and Remediate Compliance Cyber Services Unparalleled Threat Intelligence Endpoint 175M endpoints protected 12,000 cloud applications secured 2Bm s scanned/day 1.2Bn web requests secured/day Physical & Virtual Workloads 64K Datacenters protected 29

30 Information Risk Solution Architecture 30

31 Information Risk User Risk Partner Dashboard/Reporting Monitoring Event Detection & Alerting Education & Awareness Behavioural Analytics People and Process Policy Policy Enforcement System Build & Remediation Operational Risk Configuration, Audit & Assessment Data Policy / Summary Risk Profile Infrastructure Information Governance Information /Prevention Encryption Classification & Discovery Storage Network Endpoint Application Tokenisation Standards Vulnerability Network Servers Endpoints Messaging 31

32 Data Loss Prevention/UBA/ Simulation/VIP User Risk Education & Awareness Behavioural Analytics Policy Enforcement IT Suite System Build & Remediation CCS Vulnerability Manager Vulnerability Operational CCS Vendor Manager Partner People and Process CCS Risk / Policy Manager Risk CCS Standards Manager Configuration Audit & Assessment SSL Visibility Network Performance DCS/CSP Workload Control Compliance Suite Dashboard/Reporting Policy Data Policy / Summary Risk Profile Infrastructure Endpoint EDR Secure Gway SSL Monitoring Information Governance Information /Prevention Encryption Tokenisation PGP/ Data SOC .cloud Messaging Gway Event Detection & Response Managed Deepsight Incident Response ATP / Analytics Data Loss Prevention/UBA/ Simulation Classification & Discovery Storage Network Endpoint Application Data Loss Prevention SOC Content Analysis Network Servers Endpoints Messaging 32

33 Enterprise Integrated Cyber Defense Platform Stay ahead of advanced threats through superior threat intelligence and integrated offerings Secure sensitive information and critical documents on premise or in the cloud Promote customer confidence with superior encryption and code signing Copyright 2017 Symantec Corporation Copyright 2016 Symantec Corporation 33