Symantec ISTR v24
Lancom @ Rogla, 09.10.2019.
Davor KodrnjaRegional Sales Manager Adriatics
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
A History of Industry LeadershipSymantec:
Symantec is founded by Gary Hendrix with a focus on artificial intelligence
1 9 8 2
Symantecachieves profitability
Symantec acquires Peter Norton Computing
John Thompson is hired to become CEO of Symantec
Acquisition of Vontu is completed to enter into the data protection space
1 9 8 9 1 9 9 0 1 9 9 9 2 0 0 7
Symantec enters the Antivirus market with a focus on Macintoshcomputers
1 9 8 8
NASDAQ IPO of Symantec
Symantec launches Norton Antivirus
Symantec acquires Veritas and Brightmailto enter into storage and email security
Verisign Identity and Authentication Business acquired by Symantec
1 9 8 9 1 9 9 1 2 0 0 4 2 0 1 0
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Acquires Blue Coat and appoints Greg Clark as CEO
AUGUST 2016
Symantec integrates Blue Coat and Symantec threat data-lakes stopping 500K new threats per day
Symantec launches industry innovation with SEP14
Symantec acquires Fireglass and Skycure
Symantec acquires Javelin Networks
SEPTEMBER 2016 NOVEMBER 2016 JULY 2017 AUGUST 2018
Symantec divests Veritas business as it begins a pure focus on security
JANUARY 2016
Symantec launches Cloud Generation Data Protection with DLP and Blue Coat CASB integration
Symantec acquires Lifelock protecting the identity information of millions
Symantec takes leadership position in 5 Magic Quadrants – EPP, DLP, MSS, SWG, and CASB
Symantec launches Integrated Cyber Defence Platform (ICDX)
OCTOBER 2016 FEBRUARY 2017 JANUARY 2018 APRIL 2019
Celebrating The Past Three ++ Years of Advanced InnovationSymantec:
The New Threat
Landscape
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
2018 At A Glance: Big Numbers
WEB ATTACKS
• Web attacks up by 56%
• 1 in 10 URLs analyzed by Symantec were identified as malicious in 2018
FORMJACKING
• On average 4,800 websites were compromised by formjacking attacks every month in 2018
• Symantec blocked 3.7M formjacking attacks in 2018 on endpoint devices
RANSOMWARE
• Enterprise ransomware infections up 12%
• Mobile ransomware infections increased by 33%
• Overall ransomware infections were down by 20% as attackers moved to more lucrative activities
TARGETED ATTACKS
• Attack groups target an average of 55 organizations each
• The number of attack groups using destructive malware grew by 25% in 2018
CRYPTOJACKING
• Symantec blocked 4 times as many cryptojacking events in 2018 compared to 2017
• Cryptojacking activity remains at high levels with Symantec blocking 3.5 million events in December 2018
• Over the course of 2018, total cryptojackingevents dropped by 52% as cyptocurrencyprices dropped by almost 90%
LIVING OFF THE LAND ANDSUPPLY CHAIN ATTACKS
• Use of malicious Powershell scripts increased by 1000%
• Office files accounted for 48% of malicious email attachments, up from 5% in 2017
• Supply Chain Attacks increased by 78%
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 5
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 9ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019
CRYPTOJACKING&
RANSOMWARE
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
The Diminishing Returns Of Cryptojacking
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 10
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Ransomware Narrows in on Enterprises
Why the shift to enterprise?
11ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019
12% growth in ransomware attacks against enterprises in 2018
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
2016 2017 2018
Consumer Enterprise
Ransomware detections by marketo Ransomware primarily spreads through office
attachments in emailo Consumers less affected by email-based threatso Consumers more likely to have data backed up in
the cloudo Bigger payouts from enterprise ransomware
infectionso Increasing number of targeted ransomware
families: SamSam, Ryuk, Crysiso Some enterprises continue to see residual
WannaCry and Petya infections
20% drop in overall ransomware infections
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Ransomware Narrows in on Enterprises
ENTERPRISE
2018CONSUMER19% of all
attacks
2017CONSUMER51% of all
attacks
2016CONSUMER69% of all
attacks
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 12
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Ransomware Narrows in on Enterprises
12% Growth in Attacks Against Enterprises
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 13
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 14ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 14
IoTINTERNET OF THINGS
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 15ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 15
IoT devices experience an average of 5,200 attacks per monthAttacks involving connected cameras up from 3.5% in 2017 to 15% in 2018
5G connectivity will change the landscape with more directly connected devices
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
The Dangers of Infected Routers
Display spoofedwebsites Hide source
of attack
Common Threats
DDoS
VPNFilter Introduces
Redirect trafficBreak signatures
Collect all network traffic
Hijacks for major cryptomining
Stealscredentials
DestroyDevice
16ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 16
Stay residenton device
Attack localdevices
Click fraud
Network scans
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLYISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 20
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
The Great Privacy Awakening
Trump Campaign Consultants Cambridge Analytica Found Guilty of Breaking Data Laws
Dutch Petition Against Google's Location Tracking Gets 50,000 Signatures
Smart gadgets open door to stalking and abuse, say police
Security News This Week: Employees May Have Snooped On Ring Security Camera Feeds
Apple FaceTime bug lets people eavesdrop on your iPhone or Mac without your knowledge
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 21
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Smartphones Are Arguably the Greatest Spying Devices Ever Created
Types of personally identifiable information (PII) shared with apps
Emailaddress
Phonenumber
Username
Address
9%
12%
48%
33%
4%
44%
30%
5%
Analysis of top 100 free apps for iOS and Android
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 22
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Tracklocation
Accesscamera
Recordaudio
Read phoneCall log
Read SMSmessages
Smartphones Are Arguably the Greatest Spying Devices Ever Created
45%
25%
46%
25%
25%
9%
10%
15%
Not available on iOS
Not available on iOS
89%
39%
Risky permissions broken down by type and OS
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 23
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Risky Permissions
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 24
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLYISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 25
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLYISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 26
Dridex Gang - Number of Known Spam Runs Per Day
2016 Internet Security Threat Report Volume 21 27
Internet Security Threat Report Volume 23 | Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY29
Delivering Protection in The Cloud Generation
Endpoint Requirements
Best in Class Protection
Machine Learning / Artificial Intelligence
Single Agent / Efficient Architecture
Cloud Aware / Enabled
Supports all Endpoints
PROXY
CLOUD APPS
ENDPOINTENDPOINT
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY30
Proxy Requirements
ENDPOINT
PROXY
CLOUD APPS
Best in Class
Strong Encrypted Traffic Management
Integrated CASB
Network Browser Isolation
Cloud, On-Premise & Virtual Form Factors
Delivering Protection in The Cloud Generation
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY31
Email Requirements
Flexible Form Factor
Protects Intra-Company, Outbound & Inbound
Integrated Content Isolation
Best-In-Class Spam and Malware Defense
Machine Learning / Artificial Intelligence
ENDPOINT
PROXY
CLOUD APPS
Delivering Protection in The Cloud Generation
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY32
Cloud ApplicationRequirements
ENDPOINT
PROXY
CLOUD APPS
Visibility Over Cloud User Behavior
Control Across all Cloud Applications
User and User-Action Based Authentication
Protections Against Malicious Content
Extends Data Protection to the Cloud
Delivering Protection in The Cloud Generation
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY33
Delivering Protection in The Cloud Generation
• Open Interface to Symantec and Third Party Technologies
• Structures and Unifies Telemetry
• Control of Event Information for Regulatory Adherence
• Long-Term Correlation of Event and Telemetry Data
• Provides Automated Actions for Control Points
• Integration Point for External Control Structures
• MSP• Artificial Intelligence / Machine Learning• Orchestration
INTEGRATED CYBER DEFENSE EXCHANGE (ICDx)
ICDx
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY34
ADVANCED THREAT PREVENTION
Content Analysis
Sandboxing
Endpoint Detection & Response
Full Packet Capture and MetadataICDx
Delivering Technology Services in The Cloud Generation
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY35
INFORMATION PROTECTION
DLP
Multifactor Authentication
Encryption
Information Centric Analytics
Discovery and ComplianceICDx
Delivering Technology Services in The Cloud Generation
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY36
Delivering Protection in The Cloud Generation
ADVANCED THREAT PREVENTION
COMPLIANCE ENFORCEMENT
INFORMATION PROTECTION
ANALYTICS
ENCRYPTED TRAFFIC MANAGEMENT
ICDx
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY37
INTEGRATED CYBER DEFENSE PLATFORM
Delivering Protection in The Cloud Generation
Massive Global Threat Telemetry
State of The Art Security Analysis
Best-in-Class Global Cyberwarriors
Automated Threat Intel Fed to Platform
THREATRESEARCH
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY38
600+ PARTNERS INQUIRIES 95+ TECHNOLOGY PARTNERS 180+ INTEGRATIONS
Integrated Cyber Defense Platform
Copyright © 2019 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLYISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019 39
Davor [email protected]