Managed Security Services from Symantec

17,247 views

Published on

Symantec Managed Security Services helps organisations anticipate and counteract the constantly changing threat environment.

Published in: Technology
  • Be the first to comment

Managed Security Services from Symantec

  1. 1. Managed Security Services from Symantec Chris Collier Presales Specialist – Security Arrow ECS
  2. 2. Agenda • MSS high-level overview • Industry Examples • Things to think about • Summary • Q&A Symantec Managed Services
  3. 3. Managed Security Services Mission Statement Symantec Managed Security Services (MSS) helps organizations anticipate and counteract the constantly changing threat environment by providing: • Unparalleled global threat visibility. • Comprehensive edge-to-endpoint incident detection and analysis. • 24/7 direct access to Symantec’s industry-leading security specialists. Symantec Managed Security Services
  4. 4. Symantec Managed Security Services Security Monitoring – – – – – – – 24x7x365 global operation >300 staff dedicated to delivering MSS >50 GIAC-certified Intrusion Analysts 10min Severe Event Escalation Warranty High Accuracy, Low False-positive Collect , retain and analyse >400B logs per month Escalate >400 validated severe incidents per day across 1,200 Global customers – Strong Service Governance (ITIL, ISO27001, SSAE 16) Infrastructure Management – Network IDS/IPS Management Services – Firewall Management Services – Symantec Endpoint Protection Management Services Symantec Managed Security Services
  5. 5. Symantec Managed Security Services The only Gartner recognised leader in ALL regions Unparalleled Global Intelligence Network Edge-to-Endpoint Security Monitoring Enterprise-wide Pricing Model NIDS HIDS Web Proxy Firewall Endpoint OS & Apps WebApp Firewall Network Infra. VA Symantec Managed Security Services
  6. 6. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats Evolving Threat Landscape • Targeted attacks • Social networking • Zero-day vulnerabilities and rootkits • Attack kits • Mobile threats Symantec Managed Security Services Build a sustainable program Connect to Business
  7. 7. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Build a sustainable program Connect to Business Stay ahead of threats Where are the gaps? • Complete coverage of surface area, Edge-to-Endpoint • Standardise security monitoring across all sites, all geographies, all systems • Where am I at risk of attack? Symantec Managed Security Services NIDS HIDS Web Proxy Firewall Endpoint OS & Apps WebApp Firewall Network Infra. VA
  8. 8. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats Actionable Incidents • Focus on the most critical problems first • Eliminate the risk of chasing irrelevant events • Avoid over and under-reacting • Report everything Symantec Managed Security Services Build a sustainable program Connect to Business
  9. 9. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats Security Operation Demands • • • • • 24x7, Global, Certified Scalable, Available Performing Future ‘proof’ architecture Recruitment Symantec Managed Security Services Build a sustainable program Connect to Business
  10. 10. Critical Protection Challenges How MSS Can Help Visibility Focus on top priorities Stay ahead of threats How to Demonstrate Value? • • • • Protect revenue Process improvement Predictable cost-base Measure and report on effectiveness and improvement • Time-to-Benefit Symantec Managed Security Services Build a sustainable program Connect with Business
  11. 11. Symantec MSS Portfolio Deepsight Global Threat Intelligence • Unified threat Intelligence portal and XML Data Feeds • Vulnerability, Threat and Risk content Log Collection, Retention and Access Firewalls • 2FA Portal Access, tamper proof, searchable, exportable • PCI and ISO27001 reporting features IDS / IPS Real-time Security Monitoring and Analysis Web Proxy • 24x7 security event monitoring and log analysis • Global Intelligence Network correlation Endpoint Security Incident Notification and Reporting OS & Apps • Incident Prioritisation, 10min Severe Event Notification • Real-time security dashboard Switches & Routers Infrastructure Management • Managed Network IDS/IPS, Managed Firewall, Managed SEP
  12. 12. Monitoring Service Tiers Service Transition Essential Advanced Log Collection Correlation Analysis GIN •Collect Logs from Man Systems •Store Logs Online •Available for Download and Reporting •Internal Vulnerabilities •Rate against Assets •Analyze against log/alert data •Enterprise Wide Security Analysis •Expert Human Analysis •Protect Information Assets •Correlate Against GIN •Anomalous Activity monitoring •Protect against Emerging Threats Applicable to ALL Systems Applicable to ALL Systems Applicable to all Systems with Security Data Applicable to Egress Points, such as FW’s Symantec Managed Security Services
  13. 13. Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta San Francisco, CA Mountain View, CA Culver City, CA Dublin, Ireland Tokyo, Japan Chengdu, China Austin, TX Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence • 240,000+ sensors • 64M total internet sensors • 200+ countries • 180M+ systems monitored • 13 security response centers Preemptive Security Alerts Symantec Managed Security Services Vulnerabilities • 50,000+ vulnerabilities • 15,000+ vendors • 105,000+ technologies Information Protection Spam/Phishing • 5M+ decoy accounts • 8B+ email messages/day • 1B+ web requests/day Threat Triggered Actions
  14. 14. Process - Symantec Security Monitoring Firewalls/ VPN Intrusion Detection Systems Server and Desktop OS User Activity Monitoring Network Equipment Critical file modifications Vulnerability Assessment Anti-Virus Policy Malicious IP Changes Traffic Applications Web Traffic Identified . threats Known vulnerabilities Business-critical IT assets Risk-based Prioritization Industrial IT Security 2012 Databases Tens of Millions: Raw Events Millions: Security Relevant Events Hundreds: Correlated Events Threat Determined
  15. 15. Without MSS Service Device Logs: Perimeter FW LAN FW IDS Web Proxy http://paypay.co/vv/config.bin Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 10.1.25.1 --> 98.77.1.11 - Overnet Client Scan Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445 10.2.1.58 --> 44.75.26.88 - POLICY Yahoo Webmail client chat http://121.242.39.105/www.paypa l.us/account.limited.us/cgi.bin/we bscr.htm Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 10.1.22.7 --> 16.1.82.9 SHELLCODE base64 x86 NOOP http://yeeshiedot.ru/bin/xingaepa. bin Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 10.1.11.4 --> 64.99.57.12 SHELLCODE x86 NOOP http://zsbiz.in/php/cfg002.bin Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Internet Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445 Outbound TCP connection acc from 10.2.14.1 to 10.1.14.1/445 10.2.64.27 --> 18.197.26.177 SNMP trap udp Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 Outbound TCP connection drop from 10.1.25.1 to 98.77.1.11/25 19.11.157.22 --> 45.4.55.1 - SQL Query in HTTP Request Outbound UDP connection acc from 10.235.22.11 to 198.28.22.5/53 Outbound UDP connection acc from 10.2.32.11 to 10.1.19.11/137 48.45.66.99 --> 48.77.88.11 - UDP eDonkey Activity Outbound TCP connection acc from 10.1.17.4 to 18.7.13.2/80 10.2.1.58 --> 44.75.26.88 - WEBMISC cat%20 access Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 Inbound UDP connection acc from 198.28.22.5 to 10.235.22.11/10256 Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Outbound TCP connection acc from 10.1.25.1 to 98.77.1.11/80 Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 Outbound TCP connection acc from Outbound ICMP ping acc from 10.1.25.1 to 10.2.1.11/ 00-08 Windows SMB 10.1.11.4 --> 64.99.57.12 - WEBtraffic PHP test.php access http://ww3.irs.gov.binnet11.net/re fund/form http://johgheejae.ru/bin/laangiet. LAN bin http://push.bbc.co.uk/http-bind/ http://scores.espn.go.com/ncf/cas ter/snapshot?sessionId=CFBGamec LAN 2 ast9 http://money.cnn.com/.element/s si/main/2.0/content_ssi.exclude.ht ml Outbound TCP connection drop from 10.1.25.1 toEmail traffic 14.231.5.16/25 10.2.64.27 --> 18.197.26.177 SNMP request udp http://www.sunshinelive.de/typo3temp/JS_playlistfeed _hash.txt? Outbound TCP connection acc from 10.1.22.7 to 55.10.17.22/80 10.2.64.27 --> 18.197.26.177 SNMP public access udp 9140000/newsid_9141700/ Inbound TCP connection acc from 14.28.75.64 to 12.55.26.85/80 10.2.1.58 --> 27.192.26.88 IRC_Rogue_Session http://cdnedge.bbc.co.uk/sport/hi /english/static/football/statistics Outbound TCP connection acc from 10.1.25.1 to 10.2.55.17/445 10.1.25.1 --> 98.77.1.11 - Overnet Client Scan http://jskit.com/api/echo/subscribe?existin 15 gRenderers=%5B0%2C1%5D& Inbound TCP connection acc from 10.2.75.64 to 10.1.26.85/445 10.2.1.58 --> 44.75.26.88 - POLICY Web traffic 1 http://www.youtube.com/set_awe
  16. 16. Example Stats, one Wednesday afternoon... • Log lines analysed - 15,279,389,291 • Number of Incidents Created including Summaries - 7966 • Number of Real Time Incidents presented to analysts for validation – 3124 • Number of Real Time Published Incidents – 964 • Number of Summary Published Incidents - 1007 • Number of Real Time Critical Incidents – 244 Symantec Managed Services
  17. 17. Symantec MSS Portal • Customizable modules for organizing data in different ways • Trend graphs for visibility of incident trends • New Incidents arrive in real time to the Home Page • Modular elements customizable to each user Symantec Managed Security Services
  18. 18. Symantec Managed Security Services Reliability and Trust - Symantec Managed Security Services has been a Gartner Quadrant Leader for 11 consecutive years Proven – Symantec Managed Service s clients include 6 of Fortune 10, 44 of Fortune 100 and 117 of Fortune 500 Scalable - Symantec MSS analyzes >12 Billion logs from 727,000 devices every day Detection - Symantec MSS identifies an average of 15,000 security events and escalates 200 critical incidents every day Flexible – Symantec has flexible pricing and service levels to deliver the right protection and compliance at the right price. Personal – Symantec provides Named personnel for transition , service management and security analysis duties to drive personal relationships and customer care Symantec Managed Security Services
  19. 19. Questions? Symantec Managed Services

×