Building a Cyber Resilient Network
with Symantec
Chris Collier
Presales Specialist - Security
–What is Cyber Resilience?
–Current Threat Landscape
–Symantec Global Intelligence Network
–Symantec Security Solut...
What is Cyber Resilience?
Cyber Risk & Resilience
d World
Rapid IT
dependency on
connected services
and ...
Current Threat Landscape
Current Threat Landscape - ISTR
Current Threat Landscape – Targeted Attacks
Current Threat Landscape – Data Breaches
1200 x Laptops lost/stolen every week
40% of ex-employees take data with them
Current Threat Landscape – Mobile Threats
• No business is safe from attack – regardless of its size
• Attackers are being more selective in who they target...
Symantec Global Intelligence Network
Global Expertise
More researchers
Comprehensive data sources
More virus samples analyzed
Extensive customer support
Symantec Security Solutions Overview
Symantec Security Strategy
Global Intelligence
Network (GIN)
200+m Nodes Globally
40% Global email Monitored
2.5+m “decoy”...
• Most extensive portfolio of business
protection solutions available
• More experience – 30+ years of protecting
the worl...
Upcoming SlideShare
Loading in …5

Build a Cyber Resilient Network with Symantec


Published on

Cyber resilience explained, the current threat landscape explored and the Symantec solution.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • 8% of UK GDP dependent on online/web connected services. Will increase to 26% by 2016. – Boston Consulting GroupImpt; Mention: Attack types and actors (nation state threats – stuxnet), malware kits (zeus, sypyeye, attackers)Symantec view: Threats are more sophisticated, targeted and pervasive60%of organizations have > 25 incidentseach month42%YoY increase in targeted attacksNew attack surfaces – cloud, virtualization, mobile devices 77%of organization have rogue cloud deployments6x increase in mobile malware last year94%of all stolen data came from compromised servers
  • Each year Symantec conduct research into security threats posed by the Internet to give all market verticals an insight into the current threat landscape. This research is documented in the Internet Security Threat Report. This report is based on data from the Symantec Global intelligence network, which Symantec Analysts use to identify, analyse and provide commentary on emerging trends in the dynamic threat landscape.
  • Targeted Attacks There has been a 42% increase in targeted attacks in 2012 compared to the previous year. Targeted attacks are designed to steal intellectual property, bank account details and customer data. These targeted attacks are increasingly hitting the manufacturing sector as well as small businesses, which is the target of 31 % of these attacks.
  • Data Breaches According to the Internet Security Threat Report, Data loss within the UK is a huge problem for many organisations. According to the research, the vast amount of data breaches are caused by malicious outsiders and hackers trying to steel intellectual property, bank details and customer details. Data breaches can also be a result of lost laptops (unencrypted), misplaced memory sticks or deliberate theft or accidents carried out by well-meaning insiders and also malicious insiders. As you can see at 36%, the healthcare industry continues to be the sector responsible for the largest percentage of disclosed data breaches by industry. Data breach Example 1 – LinkedIn suffered a data breach, exposing 6.5 million user account details were stolen. As a result they were fined several million dollars. Data breach Example 2 – Global Payments - A payment processor company for a number of well-known credit card companies such as Visa and MasterCard was compromised, exposing details of 1.5 million accounts. The data breach cost the company approx. 94 million dollars in damages.
  • Mobile Threats The smartphone has become a powerful computer in its own right, and this makes these attractive devices to criminals. Businesses are increasingly allowing staff to “bring our own device” (BYOD) to work, either by allowing them use personal computers, tablets or smartphones for work. In the last year, we have seen a further increase in mobile threats. Android currently has a 72 market share with Apple iOS a distant second with 14% according to Gartner. As a result of its market share, Android is the main target for mobile threats. 32% of all mobile threats steal information  Customers should consider installing security software on mobile devices. Also, users need to be educated about the risks of downloading rogue applications and how to use their privacy and permission settings. For company-provided devices, customers should consider locking them down and preventing the installation of unapproved applications altogether.
  • GIN Data feeds into the Symantec Protection Center dashboard. Discuss the GIN, Symantec’s visibility into the threat environment, and share how that information works its way into the products. RelevancyWe track a sea of moving targets across the global threat landscape to keep your defenses razor sharp The threat landscape is littered with criminal activity, using stealth technologies to infiltrate customer networks and steal confidential information. It is increasingly more difficult to understand which external forces threaten your infrastructure, how to quickly identify which assets are at risk, the resulting impact on your business and how to prioritize incident response within your company.  Due to its long-time security leadership role, Symantec is uniquely positioned to tackle the challenges of collecting malware, spyware and adware samples. At the heart of Symantec's capabilities is the world's leading scalable security infrastructure, the Symantec Global Intelligence Network, with over 120 million desktop, server, and gateway antivirus installations that allow malware, spyware and adware to be captured and transmitted back to Symantec Security Response centers for analysis.  The global reach and size of this network gives Symantec unmatched coverage, allowing us to greatly improve the ability of organizations and end users across the world to protect themselves. Symantec has established some of the most comprehensive sources of Internet threat data in the world, gathered by The Symantec Global Intelligence Network - some of the most extensive sources of Internet activity data ever available to offer a complete compendium of information unprecedented in size, scope, and clarity. This data is critical to providing our analysts with the information needed to understand threat trends and the resulting impact – so that we can develop the security protection needed by our customers.  The volume of data that we collect over a broad range of security threats is a differentiator – as it gives us a much better statistical base to truly understand what is happening around the world: Monitor security devices in over 70 countries by our Managed Security Services that allows us to understand key threats that are impacting corporate networks 40,000 registered sensors in over 200 countries – where we anonymize the data – but are able to determine region, country, size of company and industry. From this – we are able to see if it is a localized threat, global activity or targeted against a specific industry. 120 million virus submission systems provide the insight to determine if these are new threats, variants of existing threats, or renewed activity from existing threats. Again – this data provides us with the intelligence to determine if we have existing protection in place – or if a new signature or definition needs to be created.  In addition, we have a network of additional sensors tracking data specific to Vulnerabilities: Maintain one of the world’s most comprehensive vulnerability databases, currently consisting of over 25, 000 recorded vulnerabilities (spanning more than two decades) affecting more than 50,000 technologies from over 8,000 vendors Symantec Honeynet: Virtual network of unprotected systems designed to attract malicious activity. This appears on Internet as 8,000+ IP addresses Symantec Probe Network: A system of over two million decoy accounts focused on Fraud/Phishing/Spam. Located in over 30 countries, attracts email from around the world to gauge global spam and phishing activity. If you don’t know what you have – how do you know what to watch for. AccuracyOur diverse team of experts analysts provides an invaluable understanding of threats from the inside out Millions of online attacks happen every day. Fraud, worms, spyware, we see it all. But, our customers are silently protected from most of them due to the sophisticated automated tools that filter the majority of the threats.  Many of today’s threats have become so complex that understanding the anatomy of a threat is the key, to creating the right protection. That is where our global team of experts make the difference. Located in North America, Asia, Australia, and Europe – our centers are staffed by researchers who represent a cross section of the most highly-regarded security experts in the industry, offering customers 24x7 coverage for important security events no matter when they happen.  The information we gather is analyzed by the largest Security Organization in the world, which not only creates classic antivirus signatures but IPS signatures that work at the network level and stop infections before they actually reach the operating system. Vulnerabilities are analyzed to create Generic Signatures that provide patch like protection long before actual patches are available. Vulnerabilities are categorized and organized so informed decisions can be made. In addition, Actionable Policies and Controls are derived from generic Regulations. When we identify an attack gathered from the data in the Global Intelligence Network, the first things we ask are:Have we seen it before? How is it being distributed? What’s the impact? And what needs to be done to block and remove the threat? ProtectionWith updates coming from a worldwide array of response centers at multiple intervals, you’re always a step ahead Before we deliver any signatures to our customers they go through a rigorous QA to ensure accuracy. Within minutes new spam senders are blocked, Within hours customers are protected from new threats. Within a day we deliver generic signatures shielding new vulnerabilities. We offer several delivery mechanisms so customers so customers can chose the best method for their environment:Filtered and relevant information is proactively sent to subscribing customers. Templates from PCI to ITIL provide in-built intelligence enabling to fast track your projects   The diversity of threats and security risks handled by the Symantec Security Response organization places it at the forefront of security research. For example, Symantec's antispyware researchers benefit from the understanding and expertise of not only their group, but also that of Symantec anti-spam specialists who monitor and analyze unsolicited email messages being used to deliver spyware program installers. Similarly, Symantec's intrusion experts provide analysis of the ways in which Web browser vulnerability exploitation can be used in conjunction with spyware to surreptitiously install the applications in a "silent" or "drive-by" fashion. Symantec provides multiple options to provide definition files to meet multiple customer needs. Rapid Release - updated hourlyIntelligent Updaters - Published 3 times a dayLiveUpdates - Virus definitions updated 3 times a day and for every major outbreak
  • Symantec Security StrategySymantec prides itself on having security strategy at the heart of its solutions. Good strategy is key to doing good business and when it comes to information security, there is no exception.Symantec’s Security portfolio is extremely diverse and you would be hard pushed to try and find a security requirement that cannot be met by the solutions they have to offer.SPSFirstly, we have Infrastructure protection through the use of Symantec Protection Suite. This comprehensive suite of products has been developed with core business functionality in mind. Secure your customers endpoints with Symantec Endpoint Protection 12.1, the Gartner 2013 market leading endpoint protection product, developed to not only fully integrate with a physical or VMware estate but to reduce resource overhead in some cases of up to 80%.Secure email servers with Mail security for Microsoft Exchange or Lotus Domino. Extend this protection to the network borders by using Spam &/or Web filters with Symantec Messaging and Web Gateway products.MDMFor organisations that are considering a BYOD initiative (Bring Your Own Device) or that need greater security for their corporate mobile estate. Symantec Mobile Management Suite is a key solution to give organisations better visibility of their mobile endpoints. To further enhance this, Symantec App Center enables user productivity on mobile devices, regardless of the ownership, while protecting enterprise data. CCSSymantec Control Compliance Suite (CCS) is an ISMS (Information Security Management System) & assists organisations with the enormous task of IT GRC. (Governance, Risk & Compliance) Through the use of the CCS, customers can leverage multiple tools to discover, assess, report, evaluate and remediate IT GRC related problems. Whether it is to review internal policies and procedures, assess the current level of compliance with an array of industry standards and frameworks or to discover if the technical controls that are already in place are actually working. By implementing Symantec Control Compliance Suite, organisations can get an expansive view of their IT GRC posture.DLP & PGPData is the lifeblood that business thrive on, the more that is collected, the greater the risks that are posed. Symantec Data Loss Prevention (DLP) is an enterprise content-aware DLP solution that discovers, monitors, and protects confidential data wherever it’s stored or used — across a customers network, storage and endpoint systems. To further enhance this, customers can implement Symantec Encryption Solutions powered by PGP. Symantec’s encryption solutions enable organizations to deliver data protection with centralized policy management through the optional use of Encryption Management Server. The solutions provide standards-based technology, centralized policy management, compliance-based reporting, and universal management for the encryption products.O3Symantec O3 is a unique cloud security platform that provides single sign-on and enforces access control policies across web applications. Symantec O3 helps enterprises migrate to Software as a Service (SaaS) applications while ensuring that proper risk management and compliance measures are in place to protect enterprise data and follow regulations.Symantec O3 improves security without getting in the way of usability. With Symantec O3, end users only have to login once, across all of their web applications. It works equally well for both cloud-based and internal web application use cases.In short, O3 enables enterprise IT to embrace the cloud while retaining visibility and control – simplifying the use of cloud applications for both enterprise IT staff and for users.VIPSymantec Validation and ID Protection Service is a leading cloud-based strong authentication service that enables enterprises to secure access to networks and applications while preventing access by malicious, unauthorized attackers. A unified solution providing both two-factor and risk-based token-less authentication, VIP is based on open standards and can easily integrate into enterprise applications.CSPLeading organizations leverage Symantec Critical System Protection to secure their physical and virtual data centres. Delivering host-based intrusion detection (HIDS) and intrusion prevention (HIPS), Symantec provides a proven and comprehensive solution for server security. Achieve complete protection for VMware vSphere, stop zero-day and targeted attacks, and gain real-time visibility and control into compliance with Symantec Critical System Protection. Symantec .CloudHosted services allow businesses to consume more IT services without assuming significant responsibilities of installing, managing and maintaining new hardware, systems or software. Directly consuming cloud-based services requires up front evaluation and on-going oversight to ensure information remains safe and available.Businesses are looking to simplify their IT by relying on cloud service providers to deliver more and more of the IT stack. In this model, the provider must ensure your information remains protected.Symantec delivers 16 pre-integrated security and backup services through their .cloud business line, and also delivers “authentication as a service” and “security incident and event management as a service” SSIMSymantec Security Information Manager offers enterprise wide log collection, management and retention, enabling organization to centralize and analyse large amounts of diverse log data. Symantec’s industry-leading correlation engine brings together organizational data, security event information and threat intelligence, allowing organizations to prioritize security incident response activities based on business risk. This proactive approach allows your customers to more effectively defend their enterprise from threats and demonstrate compliance with industry regulations. AltirisOptimize all endpoint and systems management operations to realize immediate savings and organizational efficiencies. Standardize on Symantec’s unified endpoint management and security portfolio across your entire computing infrastructure and client devices, including smartphones, tablets, laptops, and desktops. Deploy, enable, and manage it all in one place.Altiris IT Management Suite (ITMS) from Symantec is a suite of integrated products that help IT organizations provide faster and more predictable service to their business. The suite enables this by ensuring that organizations’ management infrastructures can easily support new technology changes, can quickly adapt to changing processes and business needs, and can provide the necessary insight to make more intelligent decisions because they are data-driven.WorkflowSymantec Workflow is a security process development framework that you can utilize to create both automated business processes and security processes. These processes provide for increased repeatability, control, and accountability while reducing overall workload. The Symantec Workflow framework also lets you create Workflow processes that integrate Symantec tools into your organization's unique business processes.
  • Symantec helps consumers and organizations secure and manage their information-driven world. Symantec’s teams around the world are developing technologies and building solutions to help your customers secure and manage their information. The company has a robust portfolio and a long history of technology leadership.Symantec is a global leader in providing security, storage and systems management solutions to help your customers – from consumers and small businesses to the largest global organizations – secure and manage their information against more risks at more points, more completely and efficiently than any other company. Symantec's unique focus is to eliminate risks to information, technology and processes, independent of the device, platform, interaction or location.With Symantec, your customers can protect more of their information and technology infrastructure, in greater depth, wherever information is stored or used. From securing a consumer’s online identity and interactions to protecting an organization’s mission-critical data, Symantec offers the leading and best-of-breed security, backup and recovery, data availability and data loss prevention products.
  • Build a Cyber Resilient Network with Symantec

    1. 1. Building a Cyber Resilient Network with Symantec Chris Collier Presales Specialist - Security E:
    2. 2. Agenda –What is Cyber Resilience? –Current Threat Landscape –Symantec Global Intelligence Network –Symantec Security Solutions Overview –Summary –Q&A 2
    3. 3. What is Cyber Resilience?
    4. 4. 4 Cyber Risk & Resilience TODAY’S APPROACH NEEDS TO BE RE-IMAGINED.
    5. 5. Hyper Connecte d World Rapid IT Evolution Agile Targeted Threat Cyber Risk Increased dependency on connected services and information exchange (i.e. Online & On- Demand Web and Cloud Services) IT platforms, devices & services evolving at a pace we have never seen before (i.e. Mobile, Virtualisation, Social Media Technologies) Threats & Actors leveraging hyper connectivity, IT evolution and weak traditional boundary style security approaches (i.e. APT’s, Hackitivism, Insider Abuse, Reputation Damage) INCREASEED BUSINESS IMPACT What is Driving Cyber Security Phenomena?
    6. 6. Current Threat Landscape
    7. 7. Current Threat Landscape - ISTR
    8. 8. Current Threat Landscape – Targeted Attacks
    9. 9. Current Threat Landscape – Data Breaches 1200 x Laptops lost/stolen every week 40% of ex-employees take data with them Average cost of data breach – £1.9m
    10. 10. Current Threat Landscape – Mobile Threats
    11. 11. Summary • No business is safe from attack – regardless of its size • Attackers are being more selective in who they target • Obtaining information is key – if an attacker could make money from it, it’s a potential target Below are some qualifying questions that can help you determine a security solution requirement: • What are you currently doing to safeguard your data? • How are your emails protected? • Do you use mobile devices in your organisation? • What industry regulations do you have to comply with? • How are you protecting your end users workstations?
    12. 12. Symantec Global Intelligence Network
    13. 13. Global Expertise More researchers Comprehensive data sources More virus samples analyzed Extensive customer support In-depth Analysis Signatures: AV,AS,IPS,GEB, SPAM, White lists DeepSight Database IT Policies and Controls Rigorous False Positive Testing Automated Updates Fast & Accurate Variety of Distribution Methods Relevant Information Relevancy Accuracy Protection Response Centers Users Symantec Security Intelligence Global Intelligence Network
    14. 14. Symantec Security Solutions Overview
    15. 15. Symantec Security Strategy Global Intelligence Network (GIN) 200+m Nodes Globally 40% Global email Monitored 2.5+m “decoy” accounts 200+ Countries Enforce IT Policies Control Compliance Suite (CCS) Protect Information Data Loss Prevention & Encryption (DLP/PGP) Trusted Interactions Protect The Infrastructure Symantec Protection Suite (SPS) Manage & Remediate Altiris (ITMS) Managed Security Services (MSS) Mobile Devices Mobile Management Suite/ Appcenter (MDM) Critical Systems Protect Interactions Critical Systems Protection (CSP) Symantec VIP Workflow O3
    16. 16. Summary
    17. 17. • Most extensive portfolio of business protection solutions available • More experience – 30+ years of protecting the world’s systems and information • Comprehensive and up-to-date protection against the latest threats • Market leadership - in both security and data protection • Trusted technology - Symantec protects 99% of the Fortune 500 Symantec Protects More Businesses Information ProtectionPreemptive Security Alerts Threat Triggered Actions Global Scope and ScaleWorldwide Coverage 24x7 Event Logging Rapid Detection Threat Activity • 240,000 sensors • 200+ countries Malcode Intelligence • 130M client, server, gateways • Global coverage Vulnerabilities • 32,000+ vulnerabilities • 11,000 vendors • 72,000 technologies Spam/Phishing •2.5M decoy accounts •8B+ email messages/daily •1B+ web requests/daily
    18. 18. Questions?