Symantec Event Template - Veritasvox.veritas.com/legacyfs/online/veritasdata/LONDON... · Symantec Data Analytics Platform 2 1 0 0 0 0 0 0 0 0 0 0 0 55,000 rows added every second

#SymVisionEmea

#SymVisionEmea

Securing the Endpoint and Your Data 2

Securing the endpoint and your data

Piero DePaoli– Sr. Director, Product Marketing

Marcus Brownell – Sr. Regional Product Manager

SYMANTEC VISION SYMPOSIUM 2014

Safe harbor disclaimer

Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.

3 Securing the Endpoint and Your Data 3


Agenda


Changing Threat Landscape 1

Protecting Endpoints Today 2

Protecting Data on Endpoints with Encryption 3


Increase in targeted attacks

5

Increase in targeted attack campaigns

+91% 2012

2013

Securing the Endpoint and Your Data


Targeted attack campaigns

6

2011 2012 2013

Email per campaign

Recipient/campaign

78

122

29

61

111

23

Duration of campaign 4 days 3 days 8.3 days

Campaigns 165

408

779



Protecting endpoints today



Symantec data analytics platform

Malware alerts

Behaviors

Web sites visited

Downloads

Crashes

File appearance

Intrusion alerts

Symantec Data Analytics Platform

1 0 0 2 0 0 0 0 0 0 0 0 0

55,000 rows added every second

File Insight

URL Insight

SONAR engine

Crash Ratings

Intelligence

Scam Insight

2.1 trillion rows of data

Examples:

Downloads

Web site visits

Intrusion alerts

Malware alerts

Behaviors

File appearance

Crashes

…

Raw features Big Data System Intelligence driven applications

File URL Crash Behavior Forms …



Symantec IS Security Intelligence


Monitors Threats in

157+ countries 550 Threat

Researchers

14 Data Centers

World Wide

7 Billion

1 Billion+

2.5 Trillion

File, URL & IP Classifications

Devices Protected

Rows of Security Telemetry

Capturing previously unseen threats and attack methods

Putting “big data” analytics to work for every end user

More visibility across devices creates better context and deeper insight

2B+ events logged daily Over 100,000 security alerts

generated annually 200,000 daily code

submissions


Security Technology and Response (STAR ) Layers of protection


Reputation

File

Network

Behavioral Repair

S TA R P R O T E C T I O N


Star protection


Network Stops malware as it travels over the network and tries to take up residence on a system

• Protocol aware IPS

• Browser Protection

File Looks for and eradicates malware that has already taken up residence on a system

• Antivirus Engine

• Auto Protect

• Malheur

Reputation Establishes information about entities e.g. websites, files, IP addresses to be used in effective security

• Domain Reputation

• File Reputation

Behavioral Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware

• SONAR

• Behavioral Signatures

Repair Aggressive tools for hard to remove infections

• Boot to a clean OS

• Power Eraser uses aggressive heuristics

• Threat-specific tools


Reputation

File

Network

Behavioral Repair

S TA R

P R O T E C T I O N

Network Threat Protection



Network Threat Protection blocks todays most critical threats


Hundreds of Millions of threats are

stopped with this

technology

Protect Against Drive-by Downloads that install “APTs”

Prevent Social Engineering Attacks

Find Infected Systems with Post Infection Protection

Prevent Social Media Attacks

Protect Against Unpatched Vulnerabilities

SYMANTEC VISION SYMPOSIUM 2014 14

Reputation

File

Network

Behavioral Repair


S TA R

P R O T E C T I O N


File-based protection

15 Securing the Endpoint and Your Data

• Malheur - Increased use of a new Artificial Intelligence engine

– Extracts 100’s of attributes from each file

– Looks for suspicious combinations of attributes

– Endpoint uses predictive classifiers or rules derived from them and corroborates with leverages Insight Reputation

• Backend uses complex attributes to identify malware and releases definitions for them

– These heuristics can detect many variants and are specifically effective at polymorphic malware families

• Benefits

– Proactive – catches new 0-day threats

– Proactive – blocks threats before they have a chance to run

File


Reputation

File

Network

Behavioral Repair


S TA R

P R O T E C T I O N


Reputation-based Security Insight - Reputation in a Nutshell

• Our Insight reputation system uses the wisdom of our hundreds of millions of users to automatically derive highly accurate safety ratings for every file on the internet

• It is an entirely different approach to that requires no traditional virus signatures


Data Collection

Opt in program to collect

anonymous file usage data

‘Reputation’ Engine

Patent pending algorithms to

compute safety reputations

> 210 Million

Contributing Users

>3 B unique program files,

growing continuously

It can accurately identify threats even if just a single Symantec user encounters them – and it blocks them without any signatures

17

File Attribute Database

World’s largest nexus of

data on executable content

File Safety Reputations

A measure of how good or

bad a file is

Updates every rating

every 4 – 6 hours

For all files, both

good and bad

Reputation

17


Superior Protection

Our reputation system improves protection in three ways:

18

It blocks entirely new malware that traditional fingerprints miss

It ratchets up the “resolution” of our heuristics and behavior blocking

Changes the game, killing mutated malware once and for all


SYMANTEC VISION SYMPOSIUM 2014 Securing the Endpoint and Your Data

Reputation

File

Network

Behavioral Repair

S T A R P R O T E C T I O N

19


SONAR Behavioral Protection

Build an engine that ignores what the threat

LOOKS LIKE

20 Securing the Endpoint and Your Data

But detects threats based on what the threat

DOES

20

SYMANTEC VISION SYMPOSIUM 2014 Securing the Endpoint and Your Data

SONAR Behavioral Protection SONAR (5th Generation) Behavioral Protection

New Behavioral-detection engine with significantly improved effectiveness

• Same Enterprise UI but totally redesigned behavioral protection under the hood

Proactively detects new threats based entirely on Behaviors

• Day-0 detection for Hydraq/Aurora and StuxNet

• Sophisticated Rootkits like TidServ

• Non-process Based Threats (NPT’s) are stopped

Behavioral Rules-based

• Customers get up-to-date protection automatically via Liveupdate

• Coverage for APT like Shamoon PoisonIvy

High-Performance real-time engine

• Behaviors are monitored and assessed as they happen

• Sandboxing to insulate system from threats

• No measurable impact on performance

Now with 1390 Behaviors

21


Reputation

File

Network

Behavioral Repair

S T A R P R O T E C T I O N



Repair technology

23

Additional options to help fix the problem:

2. Bootable Recovery Tool A bootable recovery disk

with full detection and repair

capabilities

1. Symantec Power

Eraser standalone & integrated

3. Threat Specific Tools

Fix tools created for

specific threats available

from Security Response

Repair



Roadmap – futures and near term



Near-term roadmap

Ease of Use Enhanced Protection

Improved Performance

Extended Platform Support



Improved performance

Client performance and content deltas

Reduce disk space on SEPM by 85-95%

Allow customers to cache more revisions

-Reduces the number of full

definitions delivered

Improve boot time by more than 10%



Extended platform support

Improved management of endpoints

Linux client management

-Single client package fully managed by SEPM

-Auto update

-Auto-compile kernels during install

Mac client management

-Client remote deployment

-Device control

-Firewall



IT Analytics



Enhanced protection

Against advanced threats

Integrated Power Eraser

-Aggressively scan an infected endpoint to

locate APTs

-Reduce time to clean infected systems

-Mitigate false positive



Customer participation opportunities


SEP 12.1.5 Program – Just released

• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization

SEP 12.1.6 Customer Previews – Q1, 2015

• Embedded client updates, VDI • System Lockdown enhancements • Symantec Endpoint Security : ATP integration


Encryption



Causes of breaches


Top Causes of Data Breach, 2013 Source: Symantec

Hackers

Accidentally Made Public

Theft or Loss of Computer or Drive

Insider Theft

Unknown

Fraud

34%

29% 27%

6%

2% 2%

87

72

69

15

6

4

253 TOTAL

Number of Incidents

Average number of identities exposed per data breach for hacking incidents was approximately

4.7 million

Theft or loss + accidental breaches accounted for

56% of data breach incidents


Protects individual files in transit and at-rest from

unauthorized parties, allowing secure collaboration

Protects email in transit and at-rest from

unauthorized parties

Renders data-at-rest inaccessible to unauthorized parties on devices

such as laptops, desktops and removable media

Email Encryption File & Folder Encryption Endpoint Encryption

Manage individual and group keys, create and set up encryption policies and report on encryption status

Endpoint Encryption Management Server

33

Symantec encryption portfolio


Encryption Management Server


Symantec endpoint encryption


Disk Encryption

- Also known as Full-Disk or Whole Disk Encryption - Used on laptops and desktops

Additional benefits such as:

• Initial encryption happens in the background allowing users to keep working like normal

• Self-Recovery capabilities as well as Help Desk recovery

• Single Sign-On capability

• No end user interaction required

Removable Media Encryption

- Used on USBs, portable hard drives, SD cards..


Single Endpoint Encryption Offering

3rd Party Encryption Management

Encryption Center of Excellence

Next Generation Encryption

Encryption strategy


Enable customers to seamlessly protect sensitive information, wherever it resides, with Symantec Encryption

35

E N C R Y P T I O N

E N C R Y P T I O N E N C R Y P T I O N

E N C R Y P T I O N

35

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

#SymVisionEmea


Piero DePaoli Marcus Brownell

Symantec Event Template - Veritasvox.veritas.com/legacyfs/online/veritasdata/LONDON... · Symantec Data Analytics Platform 2 1 0 0 0 0 0 0 0 0 0 0 0 55,000 rows added every second

Documents