Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec
In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582 That s 1 Million 179 Thousand a day. 2
TARGETED ATTACKS 150 1,500 122 120 1,200 Average Number of Email Attacks Per Campaign Recipients per Campaign 90 111 900 Campaigns 60 600 30 29 25 300 23 18 12 11 2012 2013 2014 2015 3
Attack Surfaces Spear-Phishing attacks Negligent Employee Other Network & Endpoints Email Advanced Malware Malicious sites Spam Ransomware 4
Building Integrated Cyber Defense For The Generation 5
It Starts With Data What Do We Know? Global Intelligence Network (GIN) 6
Intelligence Integration Press Release Copyright 2016 2017 Symantec Corporation 7
Innovation for the Generation: Protecting Against Advanced Threats Global Intelligence Network Discovered 430 million new unique pieces of malware last year 1B malicious emails stopped last year 100M social engineering scams blocked last year 12,000+ applications discovered and protected 182M web attacks blocked last year Global Intelligence Sourced From: 1 Billion previously unseen web requests scanned daily 2 Billion emails scanned per day 175M Consumer and Enterprise endpoints protected 9 global threat response centers with 3000 Researchers and Engineers 8
The Power of Combined Intelligence 1. ProxySG discovers a brand new malicious file/url 2. Telemetry sent to cloud 3. All SEP and Norton endpoints now block the file/url Copyright 2017 Symantec Corporation Copyright 2016 Symantec Corporation 9
The Power of Combined Intelligence 3. All ProxySG installations now block the file/url 2. Telemetry sent to cloud 1. SEP or Norton discover a brand new file/url Copyright 2017 Symantec Corporation Copyright 2016 Symantec Corporation 10
The Problems At Hand & Architectural Approach 11
Complex User Definition Evolving Data Attack Surface Expanding Perimeter Multi-Phased, Multi-Staged Attacks 12
It s About Termination Points Proxy Endpoint Mail Gateway 13
And Correlation Across the Critical Domains Messaging Users 14
Critical Domains for Correlated Threat Threat Global Intelligence Network Messaging Users 15
The fourth security domain Information Information Messaging Users 16
Core Technologies Data Loss Prevention Proxy SG / CASB Email SEP 17
The Integrated Cyber Defence Platform 18
ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP Email CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway SIEM Integration 19
Endpoint (User) integrations Symantec Endpoint (SEP) As A Core
ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP Email CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway SEP integration Today SIEM Integration 21
ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP Email CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway SEP integration Today Expected H1 2017 SIEM Integration 22
Information integrations Symantec Data Loss Prevention (DLP) As A Core
ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP Email CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway DLP Integration Today SIEM Integration 24
ON PREMISES CLOUD File URL Whitelist Blacklist Certificate Machine Learning Third Party Ecosystem Endpoint Secure Gateway VIP Identity DLP Email CASB Managed PKI Data Center Sandbox site Encryption Data SOC Workbench Cyber Services Secure Gateway DLP Encrypted Traffic Analytics IT System Malware Analysis Application Firewall Risk Insight Local Intelligence Endpoint EDR Content Analysis Encryption Data Center Performance Optimization Compliance Advanced Threat Secure Mail Gateway DLP Integration Today Expected H1 2017 SIEM Integration 25
Leveraging The Platform To Solve Higher Order Problems.. 26
Information Risk & GDPR Preparation Privacy Privacy Operational Lifecycle ISO 27001 NIST Cyber Framework Assess Plan Identify Recover Protect Respond Protect Act Do Sustain Check Respond Detect PREPARE PROTECT DETECT RESPOND 27 27
Symantec & Information Risk Reducing Risk from Preparation to Response PREPARE PROTECT DETECT RESPOND Understand Personal Data & Risk Posture Protect Personal Data From Malicious Attack & Misuse Provide Rapid Detection Understand Impact of Breach Respond Efficiently & Effectively to be Compliant Mitigate Risk Data Discovery and Privacy Impact Assessments Data Loss Prevention / Data Insight Information and Governance Data Loss Prevention / Encryption / Authentication Monitoring, Threat Intelligence and Cyber Expertise Cyber Services Crisis and Incident Response Cyber Services Risk Posture Assessment and Remediation Control Compliance Suite / Endpoint Threat SEP / DCS / ATP / Email / Advanced Persistent Threat Detection ATP / Unified Analytics Cyber Insurance Unified Analytics Data Risk Posture Assessment Elastica Data Encryption & Tokenization ProxySG, Data Advanced Persistent Threat Detection SSL Visibility, CAS/MA, Analytics Incident Response and Network Forensics Analytics 28
PREPARE PROTECT DETECT RESPOND Symantec & Information Risk Understand Data Risk DLP Data Insight CASB Audit Personal Data Everywhere VIP / MPKI DLP Encryption Advanced Breach Detection, Remediation, & Notification Endpoint Email Server / CASB Technology Risk CCS EPM CASB CDP ATP Analytics Understand, Report, and Remediate Compliance Cyber Services Unparalleled Threat Intelligence Endpoint 175M endpoints protected 12,000 cloud applications secured Email 2Bm emails scanned/day 1.2Bn web requests secured/day Physical & Virtual Workloads 64K Datacenters protected 29
Information Risk Solution Architecture 30
Information Risk User Risk Partner Dashboard/Reporting Monitoring Event Detection & Alerting Education & Awareness Behavioural Analytics People and Process Policy Policy Enforcement System Build & Remediation Operational Risk Configuration, Audit & Assessment Data Policy / Summary Risk Profile Infrastructure Information Governance Information /Prevention Encryption Classification & Discovery Storage Network Endpoint Application Tokenisation Standards Vulnerability Network Servers Endpoints Messaging 31
Data Loss Prevention/UBA/ Simulation/VIP User Risk Education & Awareness Behavioural Analytics Policy Enforcement IT Suite System Build & Remediation CCS Vulnerability Manager Vulnerability Operational CCS Vendor Manager Partner People and Process CCS Risk / Policy Manager Risk CCS Standards Manager Configuration Audit & Assessment SSL Visibility Network Performance DCS/CSP Workload Control Compliance Suite Dashboard/Reporting Policy Data Policy / Summary Risk Profile Infrastructure Endpoint EDR Secure Gway SSL Monitoring Information Governance Information /Prevention Encryption Tokenisation PGP/ Data SOC Email.cloud Messaging Gway Event Detection & Response Managed Deepsight Incident Response ATP / Analytics Data Loss Prevention/UBA/ Simulation Classification & Discovery Storage Network Endpoint Application Data Loss Prevention SOC Content Analysis Network Servers Endpoints Messaging 32
Enterprise Integrated Cyber Defense Platform Stay ahead of advanced threats through superior threat intelligence and integrated offerings Secure sensitive information and critical documents on premise or in the cloud Promote customer confidence with superior encryption and code signing Copyright 2017 Symantec Corporation Copyright 2016 Symantec Corporation 33