#SymVisionEmea
#SymVisionEmea
#SymVisionEmea
Securing the Endpoint and Your Data 2
Securing the endpoint and your data
Piero DePaoli– Sr. Director, Product Marketing
Marcus Brownell – Sr. Regional Product Manager
SYMANTEC VISION SYMPOSIUM 2014
Safe harbor disclaimer
Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
3 Securing the Endpoint and Your Data 3
SYMANTEC VISION SYMPOSIUM 2014
Agenda
Securing the Endpoint and Your Data 4
Changing Threat Landscape 1
Protecting Endpoints Today 2
Protecting Data on Endpoints with Encryption 3
SYMANTEC VISION SYMPOSIUM 2014
Increase in targeted attacks
5
Increase in targeted attack campaigns
+91% 2012
2013
Securing the Endpoint and Your Data
SYMANTEC VISION SYMPOSIUM 2014
Targeted attack campaigns
6
2011 2012 2013
Email per campaign
Recipient/campaign
78
122
29
61
111
23
Duration of campaign 4 days 3 days 8.3 days
Campaigns 165
408
779
Securing the Endpoint and Your Data
SYMANTEC VISION SYMPOSIUM 2014
Protecting endpoints today
Securing the Endpoint and Your Data 7
SYMANTEC VISION SYMPOSIUM 2014
Symantec data analytics platform
Malware alerts
Behaviors
Web sites visited
Downloads
Crashes
File appearance
Intrusion alerts
Symantec Data Analytics Platform
1 0 0 2 0 0 0 0 0 0 0 0 0
55,000 rows added every second
File Insight
URL Insight
SONAR engine
Crash Ratings
Intelligence
Scam Insight
2.1 trillion rows of data
Examples:
Downloads
Web site visits
Intrusion alerts
Malware alerts
Behaviors
File appearance
Crashes
…
Raw features Big Data System Intelligence driven applications
File URL Crash Behavior Forms …
Securing the Endpoint and Your Data 8
SYMANTEC VISION SYMPOSIUM 2014
Symantec IS Security Intelligence
Securing the Endpoint and Your Data 9
Monitors Threats in
157+ countries 550 Threat
Researchers
14 Data Centers
World Wide
7 Billion
1 Billion+
2.5 Trillion
File, URL & IP Classifications
Devices Protected
Rows of Security Telemetry
Capturing previously unseen threats and attack methods
Putting “big data” analytics to work for every end user
More visibility across devices creates better context and deeper insight
2B+ events logged daily Over 100,000 security alerts
generated annually 200,000 daily code
submissions
SYMANTEC VISION SYMPOSIUM 2014
Security Technology and Response (STAR ) Layers of protection
Securing the Endpoint and Your Data 10
Reputation
File
Network
Behavioral Repair
S TA R P R O T E C T I O N
SYMANTEC VISION SYMPOSIUM 2014
Star protection
Securing the Endpoint and Your Data 11
Network Stops malware as it travels over the network and tries to take up residence on a system
• Protocol aware IPS
• Browser Protection
File Looks for and eradicates malware that has already taken up residence on a system
• Antivirus Engine
• Auto Protect
• Malheur
Reputation Establishes information about entities e.g. websites, files, IP addresses to be used in effective security
• Domain Reputation
• File Reputation
Behavioral Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware
• SONAR
• Behavioral Signatures
Repair Aggressive tools for hard to remove infections
• Boot to a clean OS
• Power Eraser uses aggressive heuristics
• Threat-specific tools
SYMANTEC VISION SYMPOSIUM 2014
Reputation
File
Network
Behavioral Repair
S TA R
P R O T E C T I O N
Network Threat Protection
Securing the Endpoint and Your Data 12
SYMANTEC VISION SYMPOSIUM 2014
Network Threat Protection blocks todays most critical threats
Securing the Endpoint and Your Data 13
Hundreds of Millions of threats are
stopped with this
technology
Protect Against Drive-by Downloads that install “APTs”
Prevent Social Engineering Attacks
Find Infected Systems with Post Infection Protection
Prevent Social Media Attacks
Protect Against Unpatched Vulnerabilities
SYMANTEC VISION SYMPOSIUM 2014 14
Reputation
File
Network
Behavioral Repair
Securing the Endpoint and Your Data
S TA R
P R O T E C T I O N
SYMANTEC VISION SYMPOSIUM 2014
File-based protection
15 Securing the Endpoint and Your Data
• Malheur - Increased use of a new Artificial Intelligence engine
– Extracts 100’s of attributes from each file
– Looks for suspicious combinations of attributes
– Endpoint uses predictive classifiers or rules derived from them and corroborates with leverages Insight Reputation
• Backend uses complex attributes to identify malware and releases definitions for them
– These heuristics can detect many variants and are specifically effective at polymorphic malware families
• Benefits
– Proactive – catches new 0-day threats
– Proactive – blocks threats before they have a chance to run
File
SYMANTEC VISION SYMPOSIUM 2014 16
Reputation
File
Network
Behavioral Repair
Securing the Endpoint and Your Data
S TA R
P R O T E C T I O N
SYMANTEC VISION SYMPOSIUM 2014
Reputation-based Security Insight - Reputation in a Nutshell
• Our Insight reputation system uses the wisdom of our hundreds of millions of users to automatically derive highly accurate safety ratings for every file on the internet
• It is an entirely different approach to that requires no traditional virus signatures
Securing the Endpoint and Your Data
Data Collection
Opt in program to collect
anonymous file usage data
‘Reputation’ Engine
Patent pending algorithms to
compute safety reputations
> 210 Million
Contributing Users
>3 B unique program files,
growing continuously
It can accurately identify threats even if just a single Symantec user encounters them – and it blocks them without any signatures
17
File Attribute Database
World’s largest nexus of
data on executable content
File Safety Reputations
A measure of how good or
bad a file is
Updates every rating
every 4 – 6 hours
For all files, both
good and bad
Reputation
17
SYMANTEC VISION SYMPOSIUM 2014
Superior Protection
Our reputation system improves protection in three ways:
18
It blocks entirely new malware that traditional fingerprints miss
It ratchets up the “resolution” of our heuristics and behavior blocking
Changes the game, killing mutated malware once and for all
Securing the Endpoint and Your Data
SYMANTEC VISION SYMPOSIUM 2014 Securing the Endpoint and Your Data
Reputation
File
Network
Behavioral Repair
S T A R P R O T E C T I O N
19
SYMANTEC VISION SYMPOSIUM 2014
SONAR Behavioral Protection
Build an engine that ignores what the threat
LOOKS LIKE
20 Securing the Endpoint and Your Data
But detects threats based on what the threat
DOES
20
SYMANTEC VISION SYMPOSIUM 2014 Securing the Endpoint and Your Data
SONAR Behavioral Protection SONAR (5th Generation) Behavioral Protection
New Behavioral-detection engine with significantly improved effectiveness
• Same Enterprise UI but totally redesigned behavioral protection under the hood
Proactively detects new threats based entirely on Behaviors
• Day-0 detection for Hydraq/Aurora and StuxNet
• Sophisticated Rootkits like TidServ
• Non-process Based Threats (NPT’s) are stopped
Behavioral Rules-based
• Customers get up-to-date protection automatically via Liveupdate
• Coverage for APT like Shamoon PoisonIvy
High-Performance real-time engine
• Behaviors are monitored and assessed as they happen
• Sandboxing to insulate system from threats
• No measurable impact on performance
Now with 1390 Behaviors
21
SYMANTEC VISION SYMPOSIUM 2014 22
Reputation
File
Network
Behavioral Repair
S T A R P R O T E C T I O N
Securing the Endpoint and Your Data
SYMANTEC VISION SYMPOSIUM 2014
Repair technology
23
Additional options to help fix the problem:
2. Bootable Recovery Tool A bootable recovery disk
with full detection and repair
capabilities
1. Symantec Power
Eraser standalone & integrated
3. Threat Specific Tools
Fix tools created for
specific threats available
from Security Response
Repair
Securing the Endpoint and Your Data
SYMANTEC VISION SYMPOSIUM 2014
Roadmap – futures and near term
Securing the Endpoint and Your Data 24
SYMANTEC VISION SYMPOSIUM 2014
Near-term roadmap
Ease of Use Enhanced Protection
Improved Performance
Extended Platform Support
Securing the Endpoint and Your Data 25
SYMANTEC VISION SYMPOSIUM 2014
Improved performance
Client performance and content deltas
Reduce disk space on SEPM by 85-95%
Allow customers to cache more revisions
-Reduces the number of full
definitions delivered
Improve boot time by more than 10%
Securing the Endpoint and Your Data 26
SYMANTEC VISION SYMPOSIUM 2014
Extended platform support
Improved management of endpoints
Linux client management
-Single client package fully managed by SEPM
-Auto update
-Auto-compile kernels during install
Mac client management
-Client remote deployment
-Device control
-Firewall
Securing the Endpoint and Your Data 27
SYMANTEC VISION SYMPOSIUM 2014
IT Analytics
Securing the Endpoint and Your Data 28
SYMANTEC VISION SYMPOSIUM 2014
Enhanced protection
Against advanced threats
Integrated Power Eraser
-Aggressively scan an infected endpoint to
locate APTs
-Reduce time to clean infected systems
-Mitigate false positive
Securing the Endpoint and Your Data 29
SYMANTEC VISION SYMPOSIUM 2014
Customer participation opportunities
Securing the Endpoint and Your Data 30
SEP 12.1.5 Program – Just released
• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization
SEP 12.1.6 Customer Previews – Q1, 2015
• Embedded client updates, VDI • System Lockdown enhancements • Symantec Endpoint Security : ATP integration
SYMANTEC VISION SYMPOSIUM 2014
Encryption
Securing the Endpoint and Your Data 31
SYMANTEC VISION SYMPOSIUM 2014
Causes of breaches
Securing the Endpoint and Your Data 32
Top Causes of Data Breach, 2013 Source: Symantec
Hackers
Accidentally Made Public
Theft or Loss of Computer or Drive
Insider Theft
Unknown
Fraud
34%
29% 27%
6%
2% 2%
87
72
69
15
6
4
253 TOTAL
Number of Incidents
Average number of identities exposed per data breach for hacking incidents was approximately
4.7 million
Theft or loss + accidental breaches accounted for
56% of data breach incidents
SYMANTEC VISION SYMPOSIUM 2014
Protects individual files in transit and at-rest from
unauthorized parties, allowing secure collaboration
Protects email in transit and at-rest from
unauthorized parties
Renders data-at-rest inaccessible to unauthorized parties on devices
such as laptops, desktops and removable media
Email Encryption File & Folder Encryption Endpoint Encryption
Manage individual and group keys, create and set up encryption policies and report on encryption status
Endpoint Encryption Management Server
33
Symantec encryption portfolio
Securing the Endpoint and Your Data 33
Encryption Management Server
SYMANTEC VISION SYMPOSIUM 2014
Symantec endpoint encryption
Securing the Endpoint and Your Data 34
Disk Encryption
- Also known as Full-Disk or Whole Disk Encryption - Used on laptops and desktops
Additional benefits such as:
• Initial encryption happens in the background allowing users to keep working like normal
• Self-Recovery capabilities as well as Help Desk recovery
• Single Sign-On capability
• No end user interaction required
Removable Media Encryption
- Used on USBs, portable hard drives, SD cards..
SYMANTEC VISION SYMPOSIUM 2014
Single Endpoint Encryption Offering
3rd Party Encryption Management
Encryption Center of Excellence
Next Generation Encryption
Encryption strategy
Securing the Endpoint and Your Data
Enable customers to seamlessly protect sensitive information, wherever it resides, with Symantec Encryption
35
E N C R Y P T I O N
E N C R Y P T I O N E N C R Y P T I O N
E N C R Y P T I O N
35
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
#SymVisionEmea
Securing the Endpoint and Your Data 36
Piero DePaoli Marcus Brownell