Managed Security Services from Symantec
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Managed Security Services from Symantec

  • 9,192 views
Uploaded on

Symantec Managed Security Services helps organisations anticipate and counteract the constantly changing threat environment.

Symantec Managed Security Services helps organisations anticipate and counteract the constantly changing threat environment.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
9,192
On Slideshare
9,192
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
85
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Symantec detected over 286 million new malware variants and recorded over 3 billion malware attacks in 2010. Average cost of U.S. data breach: $7.2 million1
  • Advanced Security MonitoringSymantec MSS Advanced Security Monitoring Service provides enterprise-wide, intelligence-driven security analysis to identify known and emerging threats to critical infrastructure, enabling clients to protect their information assets and demonstrate compliance with industry regulations.Essential Security MonitoringSymantec MSS Essential Security Monitoring Service provides enterprise-wide security analysis to identify threats to critical infrastructure, enabling clients to protect their information assets and demonstrate compliance with industry regulations.Talk about HLR for some systems, and how this relates.NOTE ESSENTIALSOC writes own signaturesEmerging ThreatsNOTE ADVANCEDDon’t need to do day oneDue Diligence for choice of systems to uplift
  • Slide ObjectiveDescribe the strength of the Global Intelligence Network, which is truly a differentiator for Symantec. ScriptAt the heart of all of our products is the Symantec Global Intelligence Network. We are incredibly proud of this Network, and it just gets more and more powerful all the time.We have a 95% detection rate—that’s the highest of any security vendor And the lowest number of false positives (0.0001%)***KM: This is just the anti-spam stat. What stat do we have for our overall effectiveness?***This is, by far, the largest, most sophisticated intelligence network on the planet.It processes over 8 billion email messages daily and gathers malicious code data from 130 million systemsThe Network updates every 5-10 Minutes from 240,000 Sensors In over 200 CountriesThere are more than 35,000 vulnerabilities in the Symantec vulnerability databaseThere are 5 million decoy accounts in the Symantec Probe NetworkThere are 4 Symantec Security Operations Centerslocated in Australia, UK, USA, IndiaThere are 11 Security Response Centers in the USA, Australia, Canada, India, China, IrelandWhat all of this means is that if there is a malicious attack about to hit you, we know about it first. We block it, we keep it from affecting your business, and we tell you how to take action. It’s about prioritized risk and response, and our intelligence network keeps you protected and tells you what to do first. There simply is no approach that’s faster or more thorough than ours. This Network is the main reason that 99% of the Fortune 500 & 1000 utilize our products. This is what makes all the difference between having security software and knowing that your information is protected 24/7.
  • The theme of this slide is “There are five things wrong with this network that are invisible wit h your current monitoring”.Host infected with Botnet malware via browser attackTCP 445 worm on the LANSMTP spambot infectionSMTP server being used as open relayWeb server being targetted by vulnerability scan
  • Endpoint Security (#1 market position2, Positioned in Leader’s Quadrant in Gartner Magic Quadrant3)• Messaging Security (#1 market position4, Positioned in Leader’s Quadrant in Gartner Magic Quadrant leader5) • Policy & Compliance (#1 market position6)• Email Archiving (#1market position7, Positioned in Leader’s Quadrant in Gartner Magic Quadrant8, Forrester Wave leader9)• Data Loss Prevention (#1 market position, Positioned in Leader’s Quadrant in Gartner Magic Quadrant10 and Forrester Wave leader11)• Security Management (#1 market position12)• Security Information & Event Management (SIEM) (Positioned in Leader’s Quadrant in Gartner Magic Quadrant13)• Network Access Control (Positioned in Leader’s Quadrant in Gartner Magic Quadrant14)• Endpoint Management (Positioned in Leader’s Quadrant in Gartner Magic Quadrant15)

Transcript

  • 1. Managed Security Services from Symantec Chris Collier Presales Specialist – Security Arrow ECS
  • 2. Agenda • MSS high-level overview • Industry Examples • Things to think about • Summary • Q&A Symantec Managed Services
  • 3. Managed Security Services Mission Statement Symantec Managed Security Services (MSS) helps organizations anticipate and counteract the constantly changing threat environment by providing: • Unparalleled global threat visibility. • Comprehensive edge-to-endpoint incident detection and analysis. • 24/7 direct access to Symantec’s industry-leading security specialists. Symantec Managed Security Services
  • 4. Symantec Managed Security Services Security Monitoring – – – – – – – 24x7x365 global operation >300 staff dedicated to delivering MSS >50 GIAC-certified Intrusion Analysts 10min Severe Event Escalation Warranty High Accuracy, Low False-positive Collect , retain and analyse >400B logs per month Escalate >400 validated severe incidents per day across 1,200 Global customers – Strong Service Governance (ITIL, ISO27001, SSAE 16) Infrastructure Management – Network IDS/IPS Management Services – Firewall Management Services – Symantec Endpoint Protection Management Services Symantec Managed Security Services
  • 5. Symantec Managed Security Services The only Gartner recognised leader in ALL regions Unparalleled Global Intelligence Network Edge-to-Endpoint Security Monitoring Enterprise-wide Pricing Model NIDS HIDS Web Proxy Firewall Endpoint OS & Apps WebApp Firewall Network Infra. VA Symantec Managed Security Services
  • 6. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats Evolving Threat Landscape • Targeted attacks • Social networking • Zero-day vulnerabilities and rootkits • Attack kits • Mobile threats Symantec Managed Security Services Build a sustainable program Connect to Business
  • 7. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Build a sustainable program Connect to Business Stay ahead of threats Where are the gaps? • Complete coverage of surface area, Edge-to-Endpoint • Standardise security monitoring across all sites, all geographies, all systems • Where am I at risk of attack? Symantec Managed Security Services NIDS HIDS Web Proxy Firewall Endpoint OS & Apps WebApp Firewall Network Infra. VA
  • 8. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats Actionable Incidents • Focus on the most critical problems first • Eliminate the risk of chasing irrelevant events • Avoid over and under-reacting • Report everything Symantec Managed Security Services Build a sustainable program Connect to Business
  • 9. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats Security Operation Demands • • • • • 24x7, Global, Certified Scalable, Available Performing Future ‘proof’ architecture Recruitment Symantec Managed Security Services Build a sustainable program Connect to Business
  • 10. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats How to Demonstrate Value? • • • • Protect revenue Process improvement Predictable cost-base Measure and report on effectiveness and improvement • Time-to-Benefit Symantec Managed Security Services Build a sustainable program Connect with Business
  • 11. Symantec MSS Portfolio Deepsight Global Threat Intelligence • Unified threat Intelligence portal and XML Data Feeds • Vulnerability, Threat and Risk content Log Collection, Retention and Access Firewalls • 2FA Portal Access, tamper proof, searchable, exportable • PCI and ISO27001 reporting features IDS / IPS Real-time Security Monitoring and Analysis Web Proxy • 24x7 security event monitoring and log analysis • Global Intelligence Network correlation Endpoint Security Incident Notification and Reporting OS & Apps • Incident Prioritisation, 10min Severe Event Notification • Real-time security dashboard Switches & Routers Infrastructure Management • Managed Network IDS/IPS, Managed Firewall, Managed SEP
  • 12. Monitoring Service Tiers Service Transition Essential Advanced Log Collection Correlation Analysis GIN •Collect Logs from Man Systems •Store Logs Online •Available for Download and Reporting •Internal Vulnerabilities •Rate against Assets •Analyze against log/alert data •Enterprise Wide Security Analysis •Expert Human Analysis •Protect Information Assets •Correlate Against GIN •Anomalous Activity monitoring •Protect against Emerging Threats Applicable to ALL Systems Applicable to ALL Systems Applicable to all Systems with Security Data Applicable to Egress Points, such as FW’s Symantec Managed Security Services
  • 13. Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta San Francisco, CA Mountain View, CA Culver City, CA Dublin, Ireland Tokyo, Japan Chengdu, China Austin, TX Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence • 240,000+ sensors • 64M total internet sensors • 200+ countries • 180M+ systems monitored • 13 security response centers Preemptive Security Alerts Symantec Managed Security Services Vulnerabilities • 50,000+ vulnerabilities • 15,000+ vendors • 105,000+ technologies Information Protection Spam/Phishing • 5M+ decoy accounts • 8B+ email messages/day • 1B+ web requests/day Threat Triggered Actions
  • 14. Process - Symantec Security Monitoring Firewalls/ VPN Intrusion Detection Systems Server and Desktop OS User Activity Monitoring Network Equipment Critical file modifications Vulnerability Assessment Anti-Virus Policy Malicious IP Changes Traffic Applications Web Traffic Identified . threats Known vulnerabilities Business-critical IT assets Risk-based Prioritization Industrial IT Security 2012 Databases Tens of Millions: Raw Events Millions: Security Relevant Events Hundreds: Correlated Events Threat Determined
  • 15. Without MSS Service Device Logs: Perimeter FW LAN FW IDS Web Proxy http://paypay.co/vv/config.bin Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 10.1.25.1 --> 98.77.1.11 - Overnet Client Scan Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445 10.2.1.58 --> 44.75.26.88 - POLICY Yahoo Webmail client chat http://121.242.39.105/www.paypa l.us/account.limited.us/cgi.bin/we bscr.htm Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 10.1.22.7 --> 16.1.82.9 SHELLCODE base64 x86 NOOP http://yeeshiedot.ru/bin/xingaepa. bin Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 10.1.11.4 --> 64.99.57.12 SHELLCODE x86 NOOP http://zsbiz.in/php/cfg002.bin Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Internet Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445 Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445 10.2.64.27 --> 18.197.26.177 SNMP trap udp Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25 19.11.157.22 --> 45.4.55.1 - SQL Query in HTTP Request Outbound UDP connection acc from 10.235.22.11 to 198.28.22.5/53 Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137 48.45.66.99 --> 48.77.88.11 - UDP eDonkey Activity Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80 10.2.1.58 --> 44.75.26.88 - WEBMISC cat%20 access Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/10256 Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Outbound TCP connection acc from Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08 Windows SMB 10.1.11.4 --> 64.99.57.12 - WEBtraffic PHP test.php access http://ww3.irs.gov.binnet11.net/re fund/form http://johgheejae.ru/bin/laangiet. LAN bin http://push.bbc.co.uk/http-bind/ http://scores.espn.go.com/ncf/cas ter/snapshot?sessionId=CFBGamec LAN 2 ast9 http://money.cnn.com/.element/s si/main/2.0/content_ssi.exclude.ht ml Outbound TCP connection drop from 10.1.25.1 toEmail traffic 14.231.5.16/25 10.2.64.27 --> 18.197.26.177 SNMP request udp http://www.sunshinelive.de/typo3temp/JS_playlistfeed _hash.txt? Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 10.2.64.27 --> 18.197.26.177 SNMP public access udp 9140000/newsid_9141700/ Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 10.2.1.58 --> 27.192.26.88 IRC_Rogue_Session http://cdnedge.bbc.co.uk/sport/hi /english/static/football/statistics Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445 10.1.25.1 --> 98.77.1.11 - Overnet Client Scan http://jskit.com/api/echo/subscribe?existin 15 gRenderers=%5B0%2C1%5D& Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445 10.2.1.58 --> 44.75.26.88 - POLICY Web traffic 1 http://www.youtube.com/set_awe
  • 16. Example Stats, one Wednesday afternoon... • Log lines analysed - 15,279,389,291 • Number of Incidents Created including Summaries - 7966 • Number of Real Time Incidents presented to analysts for validation – 3124 • Number of Real Time Published Incidents – 964 • Number of Summary Published Incidents - 1007 • Number of Real Time Critical Incidents – 244 Symantec Managed Services
  • 17. Symantec MSS Portal • Customizable modules for organizing data in different ways • Trend graphs for visibility of incident trends • New Incidents arrive in real time to the Home Page • Modular elements customizable to each user Symantec Managed Security Services
  • 18. Symantec Managed Security Services Reliability and Trust - Symantec Managed Security Services has been a Gartner Quadrant Leader for 11 consecutive years Proven – Symantec Managed Service s clients include 6 of Fortune 10, 44 of Fortune 100 and 117 of Fortune 500 Scalable - Symantec MSS analyzes >12 Billion logs from 727,000 devices every day Detection - Symantec MSS identifies an average of 15,000 security events and escalates 200 critical incidents every day Flexible – Symantec has flexible pricing and service levels to deliver the right protection and compliance at the right price. Personal – Symantec provides Named personnel for transition , service management and security analysis duties to drive personal relationships and customer care Symantec Managed Security Services
  • 19. Questions? Symantec Managed Services