Symantec Ransomware Protection

Similar documents
Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Symantec Endpoint Protection Family Feature Comparison

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ein wichtiger Baustein im Security Ökosystem Dr. Christian Gayda (T-SEC) und Ingo Kruckewitt (Symantec)

The Evolution of : Continuous Advanced Threat Protection

CloudSOC and Security.cloud for Microsoft Office 365

100% Endpoint Protection dank Machine Learning, EDR & Deception?

Synchronized Security

At a Glance: Symantec Security.cloud vs Microsoft O365 E3

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Maximum Security with Minimum Impact : Going Beyond Next Gen

Endpoint Security for the Enterprise. Multilayered Defense for the Cloud Generation FAMILY BROCHURE

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

MODERN DESKTOP SECURITY

Securing the SMB Cloud Generation

SentinelOne Technical Brief

Symantec Endpoint Protection 14

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Next Generation Endpoint Security Confused?

Next Generation Enduser Protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Endpoint Protection : Last line of defense?

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

McAfee Advanced Threat Defense

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Massive Attack WannaCry Update and Prevention. Eric Kwok KL.CSE

Securing the Modern Data Center with Trend Micro Deep Security

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

SentinelOne Technical Brief

Building Resilience in a Digital Enterprise

Block, Detect and Analyze Threats with Automated, Advanced Threat Protection at the Gateway

INTRODUCING SOPHOS INTERCEPT X

with Advanced Protection

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

IBM Security Network Protection Solutions

Sandboxing and the SOC

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

Gladiator Incident Alert

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

Qualys Indication of Compromise

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Technical Brochure F-SECURE THREAT SHIELD

May the (IBM) X-Force Be With You

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Managed Endpoint Defense

Synchronized Security

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Endpoint Security. How to improve the security of your endpoints thanks to the innovative egambit Endpoint Security agent

Security by Default: Enabling Transformation Through Cyber Resilience

Intelligent Protection

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Advanced Endpoint Protection

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Building a Threat-Based Cyber Team

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

CS 356 Operating System Security. Fall 2013

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Why Are We Still Being Breached?

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Symantec Advanced Threat Protection: Endpoint

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Security Experts Webinar

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Securing Office 365 with Symantec

What is an Endpoint Protection Platform?

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

AT&T Endpoint Security

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

ANATOMY OF AN ATTACK!

We re ready. Are you?

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

SYMANTEC DATA CENTER SECURITY

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Cisco Advanced Malware Protection against WannaCry

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

THE ACCENTURE CYBER DEFENSE SOLUTION

Juniper Sky Advanced Threat Prevention

Lastline Breach Detection Platform

Deception: Deceiving the Attackers Step by Step

Risk and Visibility Report

Symantec Endpoint Protection 12

RSA INCIDENT RESPONSE SERVICES

JUNIPER SKY ADVANCED THREAT PREVENTION

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Transcription:

Symantec Ransomware Protection

Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway Web Symantec Secure Web Gateway Solutions* Endpoint Symantec Endpoint Protection 14, ATP: Endpoint (EDR) Workload Symantec Data Center Security: Server Advanced o Perform static analysis of malicious indicators within files or documents o Detonate potentially malicious scripts in sandbox before email delivery and block if signs of malicious behavior evident o Block malicious links with real-time link following before email delivery and link analysis at click-time post delivery o Block malicious sites including command & control and encryption server o Analyze files for suspicious behavior from unknown URLs for ransomware activity using multi-layer and live threat feeds o Malware Analysis looks for ransomware-specific behaviors and detonates unknown files in a sandbox before delivering o Advanced Machine Learning detects polymorphic malware o Emulator unpacks evasive malware while Behavior Analysis uncovers ransomware actions o IPS blocks ransomware s attempt to download encryption keys o Isolate endpoints when ransomware is detected to prevent lateral movement o Hunt for ransomware IoCs across all endpoints o Out of the box IPS rules can prevent ransomware executables from being dropped or executed on the system o Customers not using full IPS protections can deploy policies to block specific malware executables o Additional rules can be applied to block all in/outbound SMB traffic o Ransomware can also be blocked by adding executable hashes to global no-run lists *ProxySG, WSS, GIN, Content and Malware Analysis, Security Analytics, SSLV

How do Ransomware Attacks Work? Malicious Email or 1 Website Armed Malware Delivery 3 Malware Installed 4 Call C&C Server 5 Encryption 3

Symantec Email Security.cloud Ransomware Protection Cloud-Based Sandboxing Advanced Machine Learning Behavioral & Network Analysis 1 Email with Malicious Payload or Link Advanced Heuristics Real-Time Link Following & Click- Time URL Protection Malicious Email Blocked Static/Dynamic Detections Script Analyzers Link Evaluation at Email Delivery Link Evaluation at Click-Time 4

Messaging Gateway Ransomware Protection Anti-Malware Scan 1 Email with Malicious Payload or Link Reputation Analysis Sanitize URLs & Files Malicious Email Blocked Email Sender Authentication URLs Reconstruct & reattach clean links & attachments before sending to end user 5

Symantec Content Analysis: ID and Block Ransomware First Layer of Analysis Identifies and Blocks Ransomware Content Analysis Global Intelligence Network Proxy/ SMG Web / Mail Threat.JAR.EXE Protection URL Reputation SSL Decryption Categorization / policy Spam detection Real-time blocking Additional Sandbox Hash Reputation Custom user whitelist/blacklist + Risk Scoring 5 Billion file reputation database Dual Anti-Malware/Anti-Virus Combine Kaspersky, Sophos or McAfee Files up to 5GB / Signature updates every 5 minutes Predictive File Analysis Static Code Analysis / Machine Learning Parse and collect files / Match code to 4B bad Dynamic Sandboxing VM + Emulation Sandboxing using custom Gold Images Behavior and YARA rule analysis Ransomware identified and blocked Signatures evaluated for known Ransomware Analyzes code for Ransomware attributes Sandboxing reveals Ransomware behavior 6

SEP 14: Ransomware Protection 1 Malware Delivery Exploit Mitigation, Machine Learning Intrusion Prevention 4 Encryption Behavior Analysis, App Control Malware installed 3 Call C&C Server 7

Data Center Security: Server Advanced Ransomware Protection Block ransomware executables Ransomware hashes added to no-run list Custom IPS Policies Global No-run List Attack from Internet or Peer on Local Network Out of the box IPS Polices Kernel and Network Policies Attacks and Malware Blocked at Any Stage Windows 6.0 (and up) Basic, Hardening and Whitelisting Block all in/outbound SMB traffic 8

IT Management Suite: Stop Ransomware CVE 017-0144? 1 Patch Assessment Patch Delivery 4 Malware Delivery ITMS Determines Appropriate Patches ITMS Delivers Patches to Endpoint 3 Patches Installed 5 Exploit Fails 9

Cyber Security Services Actionable Threat Intelligence, Continuous Threat Monitoring, & Rapid Incident Response Actionable Intelligence Symantec DeepSight Intelligence o Get ahead of an attack with advance notice of threat activity o Prioritize patching with vulnerability ratings/alerts to protect against ransomware o Implement countermeasures against attacks by leveraging in-depth adversary intelligence on threats, campaigns, attribution, and motivation Continuous Monitoring Symantec Managed Security Services o Detect ransomware spread to minimize impact o Monitor SOC operations 4x7 and apply global intelligence to identify threats and prioritize actions o Apply advanced analytics and machine learning to identify previously unknown indicators and stealth attacks Rapid Response Symantec Incident Response Services o Respond quickly to engage the adversary, contain the attack, and mitigate future attacks o Reconstruct the attack to determine Patient Zero and whether data is encrypted, deleted, or being stolen o Hunt for advanced threats with intelligent forensics tools and expert analysis 10 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback