Your SlideShare is downloading. ×
Symantec Web Security Solutions
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Symantec Web Security Solutions


Published on

Symantec executes on its promise to offer innovative and comprehensive solutions to meet the many increasing security and performance needs for connected businesses. The company announces new …

Symantec executes on its promise to offer innovative and comprehensive solutions to meet the many increasing security and performance needs for connected businesses. The company announces new offerings to its Website Security Solutions portfolio, featuring the first available multi-algorithm SSL certificates with additional ECC and DSA options. These offerings will help organizations build and protect their web ecosystems and strengthen the foundation of trust online. The WSS strategy focuses on protecting companies, meeting compliance requirements, improving performance and reducing infrastructure costs. The end result is to deliver trusted shopping, trusted advertising and trusted applications for businesses and their consumer customers.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Symantec is the first CA to offer 3 crypto algorithmsRSA 2048, DSA 2028 and ECC 256Included as options, free of chargeDSA included in standard MPKI SSL CertificatesECC and DSA offered in Premium MPKI SSL CertificatesWhy are we launching new algorithms?Offer choice to customersDSA 2048 for US Government preferencesECC 256 for high connection speeds at loadRSA 2048 for safe business as usualIt’s about the futureMore secure connections to your serversImproved performance on your serversPricing for SSL Cert with ECC and DSA – Premium Certificates and ServicesSymantec™ Secure Site Pro - $995Symantec Secure Site Pro EV SSL Certificates with ECC - $1495 (as of 2/13/13)
  • The yellow bubble shows that ECC is already years ahead of the current industry standard of 2048-bit encryption, and we haven’t even began to test the limits of ECC’s capabilities to encrypt and protect data.ECC performs better in comparison to RSA as requests per second increaseThis translates into faster page loads for PCThese numbers are preliminary and are expected to greatly improveSource: Symantec Internal Research and TestingComputations 384-256-256 RSA 2048-2048-2048Desktop Page sizes: 200KSpecifications8 cores 7 GiB of memory
clock frequency: 2.33 ghznetwork: 1 GbpsWeb server: Apache 2.4.3.openssl: 1.0.1cWorst case scenario as session reuse = 0%
  • In terms of server performance, ECCUses less server powerHandles more requestsScales well to handle:Traffic spikesBusiness growthEnterprise-wide network security ECC:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHARSA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECC 384-256-256 RSA 2048-2048-2048Desktop Page sizes: 0K, 90K, 200KServer specifications8 cores 7 GiB of memory
clock frequency: 2.33 ghznetwork: 1 GbpsWeb server: Apache 2.4.3.openssl: 1.0.1cServer time: includes SSL Handshake time (key derivations: ECDHE) + data encryption + file transfer timeWorst case scenario as session reuse = 0%
  • Transcript

    • 1. Symantec Website Security Solutionsand Algorithm Agility AnnouncementsFebruary 13, 2013Quentin Liu, Sr. Director EngineeringRobert Hoblit, Sr. Director of Product ManagementDeena Thomchick, Director of Product Marketing 1
    • 2. What’s New • Website Security Solutions (WSS) Vision and Strategy • New SSL Encryption Algorithms • Elliptic Curve Cryptography (ECC) • Digital Signature Algorithm (DSA) • Symantec’s Partners for ECC Adoption • Expanding WSS Portfolio to Protect Future of the Internet and eCommerce • Symantec Certificate Intelligence Center Service • Symantec Secure App Service • Symantec AdVantage
    • 3. Protecting the Hyper-Connected WorldNeed for NEW Protection Models to Secure the Future Internet Technology Advancements Advanced Clouds Threats Mobile Information Explosion Regulatory & Compliance 30 Billion Connected Devices IT Complexities & Challenges Applications eCommerce $1 Trillion Digital & Social Life Advertising $102 Billion 3
    • 4. Website Security Solutions Vision Enabling people, businesses and countries… to protect and4.0 manage their digital information… so they can focus their time and energy achieving their aspirations Enable our Protect the Confer Trust to Trust ProtectEnable customers to information and accelerate the meet online presence growth of performance, of our online compliance, customers and information privacy and their end users sharing and security global Internet regulatory commerce requirements 4
    • 5. Website Security Solutions Strategy Trusted Advertising Trusted Trusted Applications Shopping Foundation of Trust on the Internet 5
    • 6. Key Drivers Demand the Need for New SSL Solutions NIST Compliance Recommendations Requirements ECC DSA RSA Increased Mobile & Cloud Attacks & Outages Proliferation 6
    • 7. Extending Symantec SSL:New Algorithms and Solutions First CA to offer 3 crypto algorithms Available soon in Managed PKI SSL Certificates No additional charges for ECC and DSAMore Choices | Improved Performance | Increased Security 7
    • 8. Elliptic Curve Cryptography Overview ECC 1 2 3 4 Stronger Efficient Highly Future of Encryption Performance Scalable Crypto Tech• Shorter key than RSA • Efficiency increases • Large SSL deployments • Viable for many years with higher server w/out additional • Built for Internet of• 256-bit ECC = 3072-bit loads hardware Things RSA • Utilizes less server CPU • Securing the • Supports billions of new• 10k times harder to enterprise: devices coming online crack than RSA 2048 • PC’s: Faster page load time • Use fewer • Ideal for Open Networks• Meets NIST resources recommendations • Ideal for mobile • Truly ‘future proof” trust devices • Lower costs infrastructure in place 8
    • 9. ECC Delivers Increased Security10k Times Harder to Break Than RSA Key Current acceptable security Current Ind. Std. Level [10^24 MIPS years] 18000 The longer the RSA key, the 16000 less applicable it becomes in SYMC ECC SYMC ECC the real world. 14000 12000 Key Size (bits) 10000 ECC 8000 RSA 6000 4000 ECC maintains very complex 2000 cryptography w/key lengths that meet demands of reality 0 1.00E+12 1.00E+24 1.00E+28 1.00E+47 1.00E+66 MIPS Years to break Source: Symantec Internal Research and Testing Computations ECC offers greater security as compared to other prevalent algorithms. Symantec ECC-256 certificates will offer equivalent security of a 3072-bit RSA certificate. Compared to a 2048 RSA key (which is the industry norm), ECC-256 keys are 10,000 times harder to crack. 9
    • 10. Improved Server Performance Under Peak Loads • ECC 256 has better performance than RSA at 0, 90k and 200k connections Web pages encrypted w/ECC load faster than those with RSA • ECC performance numbers are expected to significantly improve over time as the industry optimizes for ECC as they did for RSA • With better performance – customers will need to purchase fewer servers to handle SSL connections – a big cost savings • Performance Efficiencies Uses less server power Handles more requests ScalableSource: Symantec Internal Research and Testing 10
    • 11. Improved Desktop Performance and User ExperienceAs a server gets hit with more traffic, ECC… processes more requests… in less time…without affecting load… …than RSA Source: Symantec Internal Research and Testing 11
    • 12. Industry-leading Companies Partner with Symantec toAccelerate ECC Adoption 12
    • 13. Symantec RSA and DSA Provides More Choices Both RSA and DSA are offered at 2048 bits and are equivalent in security strength and performance • RSA is currently 100% of the World’s SSL • DSA was developed by the NSA Certificate install base (US Government) as an alternative • If you’re on the web and see to RSA HTTPS, you’re using RSA • Although historically of interest to the US • The industry this year will move from public sector, it is yet another choice in 1024 to 2048-bit keys crypto algorithm • From a brute force attack • DSA offers the same security and key perspective, RSA 2048 keys will be viable length as RSA, with different math until 2030 13
    • 14. The Most Common SSL Concerns by Enterprises What does this cost an enterprise? “Typical company lost $222k last year due to certificate • Missed sales mishaps” opportunities • Damage to brandBiggest certificate issues due and credibilityto the following: • Defection to • Unexpected Expirations competitors • Rogue Certificates • Calls to customer • Misconfigured support Certificates • Lost productivity • Missed Server Install • Calls to tech • Security Breaches support Source: Symantec SSL Management Customer Survey, February 2013 14
    • 15. NewSymantec® Certificate Intelligence Center 2.0Discover, Track and Automate SSL Certificate lifecycle Automation • Avoid painful, multi-step process to renew, replace and install a certificate • Consolidate to Symantec certificates • Auto-discover supported applications • Eliminate human error and installation overhead Discovery and Business Continuity • Highly optimized discovery of SSL certificates • Scheduled and on-demand discovery capabilities • Rich reporting functionality • Notification capabilities 15
    • 16. NewSymantec® Secure App ServiceSecure and Track Code Signing Keys Security and Control • Prevent security compromise with unique keys for each signing • Maintain control and avoid stolen or misplaced keys by storing keys with a trusted Certificate Authority • Ensure accountability with full audit and reporting capabilities • Provide support for a wide range of file options including Microsoft Authenticode, Java .jar, Java Mobile and Android • Easily integrate with enterprise environment via SOAP API • Full management GUI available in Summer 2013 16
    • 17. Malvertisements and RepercussionsAn advertisement infected with malware = malvertisement Increase 20x Repercussions from 2010 to 2012 • Business Disruption 50% + • Loss of Revenue publishers • Brand and Reputation Damage have experienced • Long Term Business Impact 1+ times • Reparation Costs Prime Time for Attacks: Peak online traffic, long weekend, etc. Source: Symantec AdVantage Malvertising Survey September 2012 17
    • 18. Symantec® AdVantageReal-time detection, notification and analysis of malvertisements “Symantec AdVantage provides critical security against the malicious advertisements that can ruin display advertising, damage brand reputation and ultimately, hurt eCommerce businesses.” Eng Tat, Head of Technology Development, Innity Brand Protection and Business Continuity • Avoid browser shutdowns and being blacklisted with real-time detection and instant notification of malvertisements • Identify new threats including zero-day threats, with new revolutionary scanning methodology • Improve security with visual ad trace-back to track source of malvertisement • Develop strategic business decisions based on detailed ad analytics, reputation scores and other key data points 18
    • 19. WSS Advances Future of Online Trust and Protection Symantec Website Security Solutions accelerates the growth of online information sharing and eCommerce • Leadership: Algorithm Agility with ECC, DSA and RSA • First Certificate Authority (CA) to offer commercially available ECC solutions for: Improved protection Improved server performance under peak loads Improved desktop performance for better end user experience Meeting NIST, government and compliance requirements • Symantec partners with industry leaders to accelerate ECC adoption • New to WSS Portfolio: CIC v2, Secure App Service, AdVantage 19
    • 20. Q A 20
    • 21. Thank you! Presenter’s Name Presenter’s Email Presenter’s Phone Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.Presentation Identifier Goes Here 21
    • 22. Quotes “The future is going to necessitate increasingly higher security cryptography and Akamai sees ECC as a technology that will allow cloud platforms to scale to meet those security demands without the crippling complexity of today’s common algorithms,” explained Stephen Ludin, chief architect, Akamai Technologies. “It is a significant step forward to better protect our data online in this hyper-connected world. As the Certificate Authority ecosystem for ECC gets ready, we will be building support into the Akamai Intelligent Platform.” “Citrix recognizes that ECC encryption represents the future of SSL encryption,” said Steve Shah, Sr. Director, Citrix. “This shift in the cryptographic infrastructure is clearly a next generation approach to the security ecosystem, allowing for better scalability in cloud computing and the supporting infrastructure. Once the certification authority infrastructure is in place, the trend will be clear to follow for networking product groups to make remote datacenters more accessible quickly, even allowing for increasing key sizes and increasing security needs.” “F5 helps customers seamlessly combine industry-leading traffic management with security and access solutions, including VPN and SSL encryption capabilities,” said Jason Needham, VP of Product Management and Product Marketing, F5 Networks. “One of the primary goals is to give organizations more choice and flexibility in deploying technologies to suit their business needs. F5 is proud to team up with leaders like Symantec to help enterprises and service providers enhance web and mobile security while scaling to better support cloud and BYOD initiatives.” “We believe in constantly furthering web security, which is why Chrome supports Elliptic Curve Digital Signature Algorithm (ECDSA) on all modern operating systems,” said Adam Langley, software engineer at Google.
    • 23. Quotes “HID Global specializes in security access solutions for the cloud, data and the door, with a comprehensive portfolio incorporating both physical and logical access solutions,” said Julian Lovelock, VP of Product Marketing at HID Global. “We’re very supportive of the new DSA and ECC algorithm options emerging in the marketplace, and we strongly feel that where the NIST Suite B has drawn up the future of security algorithms, the industry will follow.” "Junipers SSL VPN solution, #1 in the world market, supports both ECC and DSA algorithms for added security and flexibility. The Junos Pulse SSL VPN client and gateway software are both FIPS compliant,” said Michael Callahan, VP of product marketing, Juniper Networks. “We are fully committed to and continue to invest in standards-based security solutions, including the strictest of NIST Suite B standards for our customers, across federal, enterprise and service provider markets.” “At Opera we are committed to both high quality and security, and we welcome the adoption of new and improved security standards on the web. Elliptic Curve Cryptography provides significant improvements over earlier algorithm standards, and we are delighted to see Symantec support it. Operas Presto engine added support for ECC in version 395.” Source: Security Manager at Opera “Red Hat and Symantec have long collaborated to bring compelling, secure solutions to our customers. We continue to be interested in providing the advantages of increased security and computational efficiency that elliptical curve cryptography (ECC) offers for key management and digital signature, and have been an active participant with Symantec in Project Beacon. Currently, our Red Hat Certificate System supports ECC public-key cryptographic systems and continues to enhance its web browser and operating system ECC support." - Bryan Che, General Manager, Cloud Business Unit, Red Hat