Symantec_2-4-5 nov 2010


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • IT security professionals feel they have more to deal with than ever before. Specifically, they have more viruses, more threats (spam, botnets etc.), more surface areas to protect due to people suppliers, customers, contractors and more Information to protect. In fact, regardless of the size of a company, information doubles every year. Finally job descriptions have expanded and not only are IT security professionals responsible for security, they are also responsible for compliance.
    Our reference labs (powered by Symantec Global Intelligence Network) showed that 2008 was the tipping point for security and landscape changed radically. Just two years ago, hackers were the biggest threat and they were primarily focused on taking down your machines and infrastructure and the only way you knew you were being hit was your PC started to act odd or you saw a spike in network traffic as a worm was moving through your infrastructure.
    We at Symantec warned at that time that in the future you would be more worried about organized crime and this change happened in 2008. 90% of records lost in 2008 involved organized crime targeting corporate information. That is vastly different than just 2 years ago….
    Additional Background on GIN
    At the heart of all of our products is the Symantec Global Intelligence Network. We are incredibly proud of this Network, and it just gets more and more powerful all the time.
    We have a 95% detection rate—that’s the highest of any security vendor—and the lowest number of false positives (0.0001%)
    The Network analyzes over 1.5 billion security alerts daily, validates approximately 5,000 as genuine security threats, and notifies customers of within 10 minutes of discovery
    This is, by far, the largest, most sophisticated intelligence network on the planet.
    It scans 30% of the world’s email traffic, processes over 8 billion email messages daily and gathers malicious code data from 130 million systems
    The Network updates every 5-10 Minutes from 240,000 Sensors In over 200 Countries
    There are more than 32,000 vulnerabilities in the Symantec vulnerability database
    There are 2.5 million decoy accounts in the Symantec Probe Network
    There are 4 Symantec Security Operations Centers located in Australia, UK, USA, India
    There are 11 Security Response Centers in the USA, Australia, Canada, India, China, Ireland
    What all of this means is that if there is a malicious attack about to hit you, we know about it first. We block it, we keep it from affecting your business, and we tell you how to take action. It’s about prioritized risk and response, and our intelligence network keeps you protected and tells you what to do first. There simply is no approach that’s faster or more thorough than ours.
    This Network is the main reason that 99% of the Fortune 500 & 1000 utilize our products. This is what makes all the difference between having security software and knowing that your information is protected 24/7.
  • Transcript:
    That includes our flagship endpoint protection product, but it also includes the capabilities to help our customers protect their web traffic and their email infrastructure because, as we saw, those are important vectors for malware to enter a corporate environment. In addition, it's important for our customers to have added hardening and added protection for their critical systems. And then finally, we've heard from our customers that the ability to backup and recover data are important security capabilities, and those are part of our Symantec Protection Suites as well.
    Author’s Original Notes:
    Secure Endpoints using Symantec Endpoint Protection (SEP)
    Protect Email and Web using Brightmail and Web Gateway (Mi5)
    Defend Critical Internal Servers using Critical Systems Protect (CSP)
    Backup and Recover Data using Backup Exec System Recovery (BESR)
    Bridge Solutions
    A secure infrastructure is a well managed infrastructure – therefore, part of protection is management and our Altiris suite also helps customers maintain both security and compliance
  • Symantec_2-4-5 nov 2010

    1. 1. 1 Enterprise IT Security BriefingIT Security Briefing Bogdan Stefanescu Presales Consultant - Symantec Romania
    3. 3. 3 EVERY 15 MINUTES IN PARIS.
    5. 5. 5 EVERY 2½ MINUTES IN TOKYO.
    8. 8. 8 Changes in the Threat Landscape Redefining Endpoint Security From Hackers… To Thieves Few named variants Overwhelming variants Noisy and highly visible Silent Fame motivated Financially motivated Indiscriminate Highly targeted
    9. 9. 9 •• •• On July 13 2010 a unique form of malware was discovered that was attempting to take control of industrial infrastructure around the world
    10. 10. 10 •• ••
    11. 11. 11 Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact Copyright © 2009 Symantec Corporation. All rights Information ProtectionPreemptive Security Alerts Threat Triggered Actions Global Scope and ScaleWorldwide Coverage 24x7 Event Logging Rapid Detection Attack Activity • 240,000 sensors • 200+ countries Malware Intelligence • 130M client, server, gateways monitored • Global coverage Vulnerabilities • 32,000+ vulnerabilities • 11,000 vendors • 72,000 technologies Spam/Phishing • 2.5M decoy accounts • 8B+ email messages/day • 1B+ web requests/day Austin, TXMountain View, CA Culver City, CA San Francisco, CA Taipei, Taiwan Tokyo, Japan Dublin, IrelandCalgary, Alberta Chengdu, China Chennai, India Pune, India Alexandria, VA Reading, England Sydney, AU
    12. 12. 12 Changes in the Threat Landscape Redefining Endpoint Security Period Numberofsignatures Source: Symantec Security Response
    13. 13. 13 The Problem Protection is a constant challenge • As we improve and innovate our technologies, malware authors adapt and innovate too • Their techniques are easy – exploit, encrypt, deploy and repeat Like a game of cat and mouse…
    14. 14. 14 Traditional, signature based detections just can’t keep up
    15. 15. 15 Then we need something different…
    16. 16. 16 Ubiquity is something different
    17. 17. 17 The Problem Millions of file variants (good and bad) • So imagine that we know: – about every file in the world today… – and how many copies of each exist – and which files are good and which are bad • Now let’s order them by prevalence with – Bad on left – Good on the right
    18. 18. 18 Unfortunately neither technique works well for the tens of millions of files with low prevalence. (But this is precisely where the majority of today’s malware falls) Unfortunately neither technique works well for the tens of millions of files with low prevalence. (But this is precisely where the majority of today’s malware falls) Today, both good and bad software obey a long-tail distribution. Bad Files Good Files Prevalence Whitelisting works well here. Whitelisting works well here. For this long tail a new technique is needed. For this long tail a new technique is needed. Blacklisting works well here. Blacklisting works well here. The Problem No Existing Protection Addresses the “Long Tail”
    19. 19. 19 Ubiquity Could we leverage our users for Security? • We looked at how others leverage their user communities • They ‘ask’! • So perhaps we should use a similar approach? – We ask our users to rate software they use – Over time, applications build a reputation – Symantec products then only allows users to run programs with at least “4 stars.” Books Music Movies
    20. 20. 20 Ubiquity Well not so fast • To a user, it’s not at all obvious what is safe and what is not… Many threats are silent, the user isn’t even aware of their presence Some threats hide inside legitimate processes Other threats pretend to be legitimate files… AntiVirus 2010 This means we can’t just ‘ask’ our users for feedback!
    21. 21. 21 How it Works Submission Servers Reputation Servers File hash Good/bad Confidence Prevalence Date first seen 11 Collect data 22 Calculate Ubiquity Safety Ratings (updated every 4 hrs) 33 Deliver Ubiquity Safety Ratings In 2007, we started collecting data and built a massively-parallel analysis algorithm.. Analogy: Google’s PageRank™ Analogy: Google’s PageRank™
    22. 22. 22 Five important new benefits: 1. Drastically Improved Protection 2. Policy-based lockdown 3. A Weapon Against False Positives 4. Improved performance 5. Unique endpoint visibility R eputation Ubiquity Benefits
    23. 23. 23 Conclusion Ubiquity Changes the Rules of the Game • Amplifies the protection of our current technologies • We no longer rely solely on traditional signatures • Use data from tens of millions of users to automatically identify otherwise invisible malware • Shifts the odds in our favor – attackers can no longer evade us by tweaking their threats
    24. 24. 24 Users – Given the tools to make choices Empower Users
    25. 25. 25 Organized Criminal Well Meaning Insider Malicious Insider Organized Criminal Well Meaning Insider Malicious Insider Develop and Enforce IT PoliciesDevelop and Enforce IT Policies Protect The InformationProtect The Information Manage SystemsManage Systems Protect The InfrastructureProtect The Infrastructure The Challenge
    26. 26. 26 Develop and Enforce IT Policies Control Compliance Suite Develop and Enforce IT Policies Define Risk and Develop IT Policies Assess Infrastructure and Processes Report, Monitor and Demonstrate Due Care Remediate Problems
    27. 27. 27 Protect The InformationProtect The Information Data Loss Prevention Suite Discover Where Sensitive Information Resides Monitor How Data is Being Used Protect Sensitive Information From Loss
    28. 28. 28 Manage SystemsManage Systems Altiris Total Management Suite Implement Secure Operating Environments Distribute and Enforce Patch Levels Automate Processes to Streamline Efficiency Monitor and Report on System Status ™
    29. 29. 29 Protect The Infrastructure Symantec Protection Suite Protect The Infrastructure Secure Endpoints Protect Email and Web Defend Critical Internal Servers Backup and Recover Data ™
    30. 30. 30 Organized Criminal Malicious Insider Organized Criminal Malicious Insider Protect the Infrastructure Develop & Enforce IT Policies Protect the Information Manage Systems • Lack of Visibility • Evolving Threats • Growing Complexity • IT Risk Management • Cost & Complexity of Compliance • Lack of Visibility • Growth of Unstructured Data • Social Media Access • Cloud Computing • Management of HW and SW • Complexity of IT Processes • Operating System Migration Integrated Security Platform Open Platform Console Unification Security Intelligence Dynamic Protection New Challenges Require New Technologies
    31. 31. 31 Thank You