SlideShare a Scribd company logo

Symantec-CWS_Brochure

J
Justyna Majek
1 of 10
Download to read offline
Symantec™ Complete Website Security A comprehensive solution for all your website security needs, with features ranging from Extended Validation SSL/TLS certificates and malware scanning, to DDoS mitigation and performance optimisation.
2 I Symantec Corporation Shifting threats, shifting defences A brave new world There’s only one constant in website security: that the threats we face will continue to grow in both scale and sophistication. The reality of this situation can be seen in the on-going battle between those seeking illegal access to online information, and those attempting to protect it. It’s been a sobering experience, and one that’s forced us to wave goodbye to the notion that a secure boundary can be built to keep out all unwanted intruders. The reality is that criminals have tunnelled under, made holes where no one was looking, or simply donned a disguise and walked through the front door. Understanding the threat Until now, the role of website security has been predominantly reactive – rapid firefighting whenever a new threat arises to build up defences and mitigate the potential impact. A solution is needed that proactively and effectively protects your website from increasing danger. As a function, we’re no longer facing the single threat of lone hackers working out of their bedrooms. Rather, this danger now comes from criminal networks, government-sponsored threats, and hacktivists. Ensuring the right resources are deployed at the right place and the right time is no longer just important, it’s essential. Generating a response Building and maintaining a secure corporate infrastructure, alongside customer trust, is a continuous exercise that can be undone in seconds, and this rapidly changing threat landscape has meant that constant innovation is required to evolve website security solutions at the same pace. Although we know that sitting still is simply not an option, it’s also impractical to expect a response to each new emerging threat given the twin constraints of time and money. Instead, you should be looking to your security partner for support, and for education in spotting vulnerabilities and mitigating any risks. Enter Symantec™ Complete Website Security. 29,927 New unique malicious web domains in 2014 496,657 Web attacks blocked each day 317,256,956 New malware variants emerged in 2014 183% Increase in DNS amplification attacks between January and August 2014 The threat landscape in numbers (from Symantec’s Website Security Threat Report 2015)
3 I Symantec Corporation A focus on security The challenge of resourcing your security As we all know, website security is ultimately about confidence – and building a sense of trust with each visitor. Generating this trust requires a realistic understanding of the dangers faced by your organisation and an accurate assessment of the capabilities needed to counter them. It could be argued that the biggest threat is actually the limited resources typically dedicated to website security – and a reliance on manual processes that, combined with time pressures, make even the simplest security task difficult to achieve. Extended Validation SSL/TLS Certificates Instilling confidence and trust in your website is vital; visitors need to feel assured that your business’s site is safe to transact on. Research from Econsultancy showed that 50% of customers who abandon an online purchase do so because of a lack of trust. A recent YouGov online survey in the UK, US, France and Germany gave clear and encouraging results: the majority of people know what to look for when deciding whether or not to put their trust in a website. Not displaying clear visual signs of a secure website can damage your end consumers’ trust in your business, and might lose you valuable conversions. Level 1: Domain validation (DV) The lowest level of authentication – for situations where trust and credibility are less important Level 2: Organisation Validation (OV) A more secure step – for public-facing websites dealing with less sensitive transactions Level 3: Extended Validation (EV) The gold standard in SSL/TLS certificates – for websites handling credit card and other sensitive data Certificate type Domain validated? https encrypted? Identity validation Address validation? Padlock displayed in browser user interface Green address bar* DV Yes Yes None No Yes No OV Yes Yes Good Yes Yes No EV Yes Yes Strong Yes Yes Yes Finding your right level of SSL/TLS certificate *And/or a green padlock or green treatment within the address bar
4 I Symantec Corporation A denial of service It’s also an established fact that many organisations fall victim to hacks and malware infections because they don’t carry out basic website health checks. In 2014 for example, 75% of scanned websites had vulnerabilities – a fifth of which were critical. These infections can be crippling – Google blacklists 10,000 websites every single day, and it takes an average of 6 weeks before they’re restored. Then there are the high profile breaches and, in particular, Distributed Denial of Service (DDoS) attacks that range from simple HTTP404 error pages to complete blackout, and are constantly increasing in intensity. Symantec™ Complete Website Security now includes Imperva Incapsula DDoS Protection - capable of mitigating all types of DDoS attacks targeting any type of online service - alongside our established armoury of tools to help keep your website at full health. Malicious bots at the application layer In addition to the above, there are application level DDoS attacks, which target vulnerabilities in your OS or web applications, and are immune to generic filtering. These are attacks performed by malicious bots designed to impersonate legitimate human visitors and hijack browsers in a bid to take down an organisation’s servers. In 2014 we identified a 240% increase in Bot traffic, numbers that confirm what many security experts already know: hacker tools are now being designed first and foremost for stealth. Our response has been to further enhance the protection our solution offers, with the addition of Imperva Incapsula Website Application Firewall (WAF) – redefining and extending the WAF beyond traditional concepts. At Symantec we thrive on providing solutions to the challenges you face, to support you today and for the future. Symantec™ Complete Website Security Vulnerability Assessment Malware Scanning Extended Validation SSL/TLS Certificates Imperva Incapsula DDoS Protection Imperva Incapsula Web Application Firewall Secure App Service Security features spotlight:
5 I Symantec Corporation A focus on management The quest for greater simplicity There’s a growing appreciation that managing website security has become far harder than it should be. This is particularly the case when it comes to licensing SSL/TLS certificates, and many PKI administrators and website security managers still face the daunting task of searching out hidden certificates to avoid unexpected expiration dates. The problem of tracking certificates At Symantec we understand that tracking SSL/TLS certificates isn’t easy, especially if multiple people in your organisation have the ability to implement them in isolation. Expired certificates can hurt you even more – our research found that over 75% of consumers would abandon their transaction if they encountered an expired SSL/TLS certificate. On top of that, 45% of surveyed businesses experienced security breaches that were due to SSL/TLS certificate issues. That’s why you need tools that simplify and centralise this process, which is exactly what’s on offer with Symantec™ Complete Website Security. SSL/TLS certificate management made easy Of course there’s more to life – or at least website security – than just focusing on the buying and renewing of certificates. There is also the need to search out rogue certificates, monitor expiration dates, and maintain standards – all of which can prove difficult in large, geographically dispersed organisations. In a recent Symantec survey, four out of five companies with 2,000+ certificates found rogue certificates in their systems. However, with Symantec’s discovery and automation tools you can centralise SSL/TLS management – and discover all certificates across the enterprise regardless of which certificate authority issued them. Symantec™ Complete Website Security Discovery Automation Private CA 24 Hour Support Management features spotlight:
6 I Symantec Corporation A focus on performance Website management Let’s face it, the key metric when measuring website performance is traffic – which also involves considerations such as conversion levels, alongside more technical aspects including latency, availability, and bandwidth. Symantec™ Complete Website Security solution can support your website in each of these areas. Optimised content delivery According to Forrester, 40% of shoppers will wait no longer than three seconds for a web page to load before abandoning a retail site.1 Today there are number of sophisticated tools available to help your website load and run faster. For example, a Content Delivery Network (CDN) is a global system of strategically positioned servers that brings your web content closer to your consumers. Symantec™ Complete Website Security now includes Imperva Incapsula CDN that offers caching, content and network optimisation tools, and research has shown that websites using it are typically 50% faster and consume up to 70% less bandwidth. In addition, CDN supports load balancing; ensuring workloads are efficiently distributed to help maintain high website availability. Strength and speed through encryption As we know, SSL/TLS certificates enable encryption all the data that passes between a user’s browser when they consult a protected website and the company server hosting this website. So, obviously, stronger encryption is more desirable. Elliptic Curve Cryptography (ECC) 256-bit is a more advanced encryption algorithm that is 64,000 times more secure than RSA 2048-bit. What makes it even better is that it requires much less server capacity to encrypt information, reducing costs and improving your website’s performance. Just for example, Directorz Co. Ltd., a Japanese firm, saw a 46% lower CPU burden and a 7% improvement in response time when they implemented ECC. Today, you can also combine the ubiquitous RSA root with the stronger security and server performance offered by ECC in our hybrid SSL/TLS certificates. Building on trust We’ve already demonstrated how important it is for consumers to feel confident when providing data or making an online purchase, and trust marks are a well-recognised indicator of website security. Of these, the Norton Secured Seal is one of the most trusted on the internet, and is viewed over a billion times a day in 170 countries. It makes a big difference: 90% of respondents in an international consumer study said they are more likely to continue online transactions if they see the Norton Secured Seal.2 Displaying the seal beside your link in search engine results is also proven to significantly increase traffic to your website. Symantec™ Complete Website Security Performance features spotlight: Imperva Incapsula CDN & Optimization Elliptic Curve Cryptography Norton Secured Seal Seal in Search 1 Forrester Consulting Online Consumer Study, September 2009 2 International Online Consumer Study: US, Germany, UK, July 2013
7 I Symantec Corporation Symantec™ Complete Website Security Advanced threats, enhanced solution Features and benefits - Security Complete Website Security goes far beyond encryption to deliver protection for websites, data and applications—with 24/7 control that helps to mitigate risk and helps to ensure uninterrupted performance for every website. Multi-layered security and controls make our certificate issuance and authentication processes one of the most rigorous in the industry. Automated management pinpoints certificate and website weaknesses due to unexpected expirations, flawed installations, deprecation and critical vulnerabilities in the event of attacks. Meanwhile, Symantec’s unified security identifies worldwide security vulnerabilities, delivers real-time analytics and helps our customers to protect against damage, 24/7. It’s why we’ve become the name people trust. VULNERABILITY ASSESSMENT • A weekly scan helps identify and act against exploitable website vulnerabilities • Delivers actionable reports that identify critical vulnerabilities requiring immediate investigation and lower risk items • Provides an option to then rescan website to help confirm that vulnerabilities have been rectified MALWARE SCANNING • A daily scan detects and reports malware to site owner • Highlights the malicious code, meaning time taken to resolve the issue is minimised • Mitigates the risk of being blacklisted by search engines (Google blacklists 10K sites a day – with up to 6 weeks’ recovery time) EXTENDED VALIDATION SSL/TLS CERTIFICATES • EV SSL/TLS certificates deliver the highest level of consumer trust through the strictest authentication standards • Sites with EV display well-recognised visual trust indicators for added assurance • The most secure and best performing choice for website security; EV is known to increase conversion rates and lower site abandonment IMPERVA INCAPSULA DDOS PROTECTION • Market-leading protection against one of the most common website attacks • Automatic always-on detection and triggering of ‘under-attack’ mode • Zero business disruption based on transparent mitigation with minimum false positives • End-to-end protection against the largest and smartest DDoS attacks
IMPERVA INCAPSULA WEB APPLICATION FIREWALL • Innovative cloud based firewall to protect against Layer 7 attacks, powered by Imperva Incapsula • Defends against OWASP Top 10 threats including: SQL injection, cross-site scripting, illegal resource access and remote file inclusion • Proactive remediation from constant monitoring and application of dedicated security rules • Activated by a simple DNS change SECURE APP SERVICE • Enables enterprises to: - Sign apps and files in the cloud - Protect signing keys - Provide reporting of signing activity - Keep track of engineering output through use of an integrated web-based portal or via API DISCOVERY • Allows you to discover all SSL /TLS certificates in your environment regardless of CA • Eliminates the chance of certificates expiring unexpectedly AUTOMATION • Allows you to automate the renewal of Symantec certificates to save time and reduce the risk of human error PRIVATE CA • Improves security and enables consolidation with Public and Private Certificates in one console • Reduces the risks, errors, and hidden costs associated with Self-Signed CAs • Allows the continued use of internal server names, and the ability to ignore migrations associated with public roots • Allows you to create a customised hierarchy based on your precise needs 24 HOUR SUPPORT • Includes access to a dedicated technical account manager* 7 days a week who: - Monitors and drives prioritisation for your support cases - Tracks product enhancement requests (if applicable) - Communicates any service-impacting maintenance - Acts as a service/support escalation point 8 I Symantec Corporation Features and benefits - Management *Does not include Imperva Incapsula products
IMPERVA INCAPSULA CDN & OPTIMIZATION • Application-aware, global CDN for full site acceleration • Layer 7 Load Balancing solution for optimal utilisation • Static and dynamic content caching for maximum website performance ELLIPTIC CURVE CRYPTOGRAPHY • Elliptic Curve Cryptography (ECC) Algorithm - 64,000 more secure than RSA – compared to an industry-standard 2048-bit RSA key - ECC-256-bit keys are 64,000 times harder to crack - 7-10% faster using less CPU power • ECC/RSA Hybrid Algorithm - Improves browser compatibility; better root ubiquity - Improved performance - More secure than pure RSA NORTON SECURED SEAL • The Norton™ Secured Seal is the most recognised trust mark on the Internet1 • Recognised by 77% of consumers2 • 90% of respondents more likely to continue online transactions if they see the Norton Seal3 SEAL IN SEARCH • Establish trust and credibility with visitors by displaying the Norton Secured Seal • Demonstrate that your site is both a legitimate and safe environment to perform transactions • Convert more visitors into customers 9 I Symantec Corporation 1 International Online Study (U.S, Germany, UK, France, Australia and Singapore only) October 2015 2 US online Consumer Research November 2013 3 International Online Consumer Study: US, Germany, UK, July 2013 Features and benefits - Performance
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Circle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Greater security, simplified management, enhanced performance To find out more about how Symantec™ Complete Website Security can deliver an efficient, effective and comprehensive solution for all your website security needs, contact us today: 0800 032 2101 or ssl_info@symantec.com

Recommended

Solution Brief
Solution BriefSolution Brief
Solution Briefwebhostingguy
 
Cost of DDoS Attacks | DDoS Attacks Cost | MazeBolt Technologies
Cost of DDoS Attacks | DDoS Attacks Cost | MazeBolt TechnologiesCost of DDoS Attacks | DDoS Attacks Cost | MazeBolt Technologies
Cost of DDoS Attacks | DDoS Attacks Cost | MazeBolt TechnologiesMazeBolt Technologies
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityPeopleWorks IN
 
Eliminate DDoS Mitigation False Positive | DDoS Protection | Case Study
Eliminate DDoS Mitigation False Positive | DDoS Protection | Case StudyEliminate DDoS Mitigation False Positive | DDoS Protection | Case Study
Eliminate DDoS Mitigation False Positive | DDoS Protection | Case StudyMazeBolt Technologies
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Why DDoS RADAR | MazeBolt Technologies
Why DDoS RADAR | MazeBolt TechnologiesWhy DDoS RADAR | MazeBolt Technologies
Why DDoS RADAR | MazeBolt TechnologiesMazeBolt Technologies
 
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltDDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltMazeBolt Technologies
 

Recommended

Solution Brief
Solution BriefSolution Brief
Solution Briefwebhostingguy
 
Cost of DDoS Attacks | DDoS Attacks Cost | MazeBolt Technologies
Cost of DDoS Attacks | DDoS Attacks Cost | MazeBolt TechnologiesCost of DDoS Attacks | DDoS Attacks Cost | MazeBolt Technologies
Cost of DDoS Attacks | DDoS Attacks Cost | MazeBolt TechnologiesMazeBolt Technologies
 
Growth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityGrowth Uninterrupted with Security, Scalability and Simplicity
Growth Uninterrupted with Security, Scalability and SimplicityPeopleWorks IN
 
Eliminate DDoS Mitigation False Positive | DDoS Protection | Case Study
Eliminate DDoS Mitigation False Positive | DDoS Protection | Case StudyEliminate DDoS Mitigation False Positive | DDoS Protection | Case Study
Eliminate DDoS Mitigation False Positive | DDoS Protection | Case StudyMazeBolt Technologies
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Why DDoS RADAR | MazeBolt Technologies
Why DDoS RADAR | MazeBolt TechnologiesWhy DDoS RADAR | MazeBolt Technologies
Why DDoS RADAR | MazeBolt TechnologiesMazeBolt Technologies
 
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltDDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltMazeBolt Technologies
 
Automatic DDoS Attack Simulator | MazeBolt Technologies
Automatic DDoS Attack Simulator | MazeBolt TechnologiesAutomatic DDoS Attack Simulator | MazeBolt Technologies
Automatic DDoS Attack Simulator | MazeBolt TechnologiesMazeBolt Technologies
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeA Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeNeustar, Inc.
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online TrustAlex Todd
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataSteven Schwartz
 
Building Trust in the Cloud
Building Trust in the CloudBuilding Trust in the Cloud
Building Trust in the CloudDatabarracks
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businessesntoscano50
 
Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudTechSoup
 
Paul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul Hobbs
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs FactsOPAQ
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendArrow ECS UK
 
Heartland
HeartlandHeartland
Heartlandgrimesjo
 
Disaster recovery glossary
Disaster recovery glossaryDisaster recovery glossary
Disaster recovery glossarysinglehopsn
 
Cybercrime Threats in 2012 - What You Need to Know
Cybercrime Threats in 2012 - What You Need to KnowCybercrime Threats in 2012 - What You Need to Know
Cybercrime Threats in 2012 - What You Need to KnowKaseya
 
True costs of a SIEM
True costs of a SIEMTrue costs of a SIEM
True costs of a SIEMDavid Humphrey
 
OneLogin Review
OneLogin ReviewOneLogin Review
OneLogin ReviewDavid Humphrey
 
ResumeEngrMarkanthonybCaban_201602261608
ResumeEngrMarkanthonybCaban_201602261608ResumeEngrMarkanthonybCaban_201602261608
ResumeEngrMarkanthonybCaban_201602261608Mark Anthony Caban
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Mahmuda Rahman
 

More Related Content

What's hot

Automatic DDoS Attack Simulator | MazeBolt Technologies
Automatic DDoS Attack Simulator | MazeBolt TechnologiesAutomatic DDoS Attack Simulator | MazeBolt Technologies
Automatic DDoS Attack Simulator | MazeBolt TechnologiesMazeBolt Technologies
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeA Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeNeustar, Inc.
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online TrustAlex Todd
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataSteven Schwartz
 
Building Trust in the Cloud
Building Trust in the CloudBuilding Trust in the Cloud
Building Trust in the CloudDatabarracks
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businessesntoscano50
 
Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudTechSoup
 
Paul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul Hobbs
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs FactsOPAQ
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendArrow ECS UK
 
Disaster recovery glossary
Disaster recovery glossaryDisaster recovery glossary
Disaster recovery glossarysinglehopsn
 
Cybercrime Threats in 2012 - What You Need to Know
Cybercrime Threats in 2012 - What You Need to KnowCybercrime Threats in 2012 - What You Need to Know
Cybercrime Threats in 2012 - What You Need to KnowKaseya
 

What's hot (20)

Automatic DDoS Attack Simulator | MazeBolt Technologies
Automatic DDoS Attack Simulator | MazeBolt TechnologiesAutomatic DDoS Attack Simulator | MazeBolt Technologies
Automatic DDoS Attack Simulator | MazeBolt Technologies
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the SmokeA Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderCase Study - Currency from the Cloud: Security & Compliance for Payment Provider
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
The Challenges of Online Trust
The Challenges of Online TrustThe Challenges of Online Trust
The Challenges of Online Trust
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate Management
 
Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal Data
 
Building Trust in the Cloud
Building Trust in the CloudBuilding Trust in the Cloud
Building Trust in the Cloud
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small BusinessesCyber Risks & Liabilities - Cyber Security for Small Businesses
Cyber Risks & Liabilities - Cyber Security for Small Businesses
 
Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the Cloud
 
Paul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media Services
 
Cloud Security Myths Vs Facts
Cloud Security Myths Vs FactsCloud Security Myths Vs Facts
Cloud Security Myths Vs Facts
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - Trend
 
Heartland
HeartlandHeartland
Heartland
 
Disaster recovery glossary
Disaster recovery glossaryDisaster recovery glossary
Disaster recovery glossary
 
Cybercrime Threats in 2012 - What You Need to Know
Cybercrime Threats in 2012 - What You Need to KnowCybercrime Threats in 2012 - What You Need to Know
Cybercrime Threats in 2012 - What You Need to Know
 
True costs of a SIEM
True costs of a SIEMTrue costs of a SIEM
True costs of a SIEM
 
OneLogin Review
OneLogin ReviewOneLogin Review
OneLogin Review
 

Viewers also liked

ResumeEngrMarkanthonybCaban_201602261608
ResumeEngrMarkanthonybCaban_201602261608ResumeEngrMarkanthonybCaban_201602261608
ResumeEngrMarkanthonybCaban_201602261608Mark Anthony Caban
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Mahmuda Rahman
 
adi Mail March 2015
adi Mail March 2015adi Mail March 2015
adi Mail March 2015Claire Frays
 
Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...
Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...
Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...Marwa Fouad
 
Cisco catalyst 3750 x and 3560-x series switches
Cisco catalyst 3750 x and 3560-x series switchesCisco catalyst 3750 x and 3560-x series switches
Cisco catalyst 3750 x and 3560-x series switchesfgonzalez2005
 
Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...
Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...
Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...Gharbi wissem
 
EMC World 2016 - cnaITL.06 Containers are not Cloud Native
EMC World 2016 - cnaITL.06 Containers are not Cloud NativeEMC World 2016 - cnaITL.06 Containers are not Cloud Native
EMC World 2016 - cnaITL.06 Containers are not Cloud Native{code}
 
Acute aortic dissection in the emergency department - Emergency Medicine - Cl...
Acute aortic dissection in the emergency department - Emergency Medicine - Cl...Acute aortic dissection in the emergency department - Emergency Medicine - Cl...
Acute aortic dissection in the emergency department - Emergency Medicine - Cl...Julio Diez
 
Hybrid DR in the Cloud - Harford SIM 2015
Hybrid DR in the Cloud - Harford SIM 2015Hybrid DR in the Cloud - Harford SIM 2015
Hybrid DR in the Cloud - Harford SIM 2015Joe Conlin
 
Hướng dẫn sử dụng biến tần
Hướng dẫn sử dụng biến tầnHướng dẫn sử dụng biến tần
Hướng dẫn sử dụng biến tầnHồng Trọng
 
EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...
EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...
EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...{code}
 
Meritronics_Company rev 07.02.14
Meritronics_Company rev 07.02.14Meritronics_Company rev 07.02.14
Meritronics_Company rev 07.02.14Fides Sales
 
Grounding of Multi Cable Transits for on-shore use
Grounding of Multi Cable Transits for on-shore useGrounding of Multi Cable Transits for on-shore use
Grounding of Multi Cable Transits for on-shore useMathieu Melenhorst
 
cytel-white-paper-aces-silva
cytel-white-paper-aces-silvacytel-white-paper-aces-silva
cytel-white-paper-aces-silvaEric Silva
 

Viewers also liked (20)

ResumeEngrMarkanthonybCaban_201602261608
ResumeEngrMarkanthonybCaban_201602261608ResumeEngrMarkanthonybCaban_201602261608
ResumeEngrMarkanthonybCaban_201602261608
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
 
adi Mail March 2015
adi Mail March 2015adi Mail March 2015
adi Mail March 2015
 
Catálogo NL Technologies
Catálogo NL TechnologiesCatálogo NL Technologies
Catálogo NL Technologies
 
Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...
Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...
Implementation Engineer, Unity Solutions Specialist Version 1.0 (EMCIE) certi...
 
Cisco catalyst 3750 x and 3560-x series switches
Cisco catalyst 3750 x and 3560-x series switchesCisco catalyst 3750 x and 3560-x series switches
Cisco catalyst 3750 x and 3560-x series switches
 
Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...
Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...
Implementation Engineer, VNX Solutions Specialist Version 8.0 (EMCIE) certifi...
 
Bi reporting final
Bi reporting finalBi reporting final
Bi reporting final
 
EMC World 2016 - cnaITL.06 Containers are not Cloud Native
EMC World 2016 - cnaITL.06 Containers are not Cloud NativeEMC World 2016 - cnaITL.06 Containers are not Cloud Native
EMC World 2016 - cnaITL.06 Containers are not Cloud Native
 
Seminar sv vj2016
Seminar sv vj2016Seminar sv vj2016
Seminar sv vj2016
 
Acute aortic dissection in the emergency department - Emergency Medicine - Cl...
Acute aortic dissection in the emergency department - Emergency Medicine - Cl...Acute aortic dissection in the emergency department - Emergency Medicine - Cl...
Acute aortic dissection in the emergency department - Emergency Medicine - Cl...
 
Hybrid DR in the Cloud - Harford SIM 2015
Hybrid DR in the Cloud - Harford SIM 2015Hybrid DR in the Cloud - Harford SIM 2015
Hybrid DR in the Cloud - Harford SIM 2015
 
PPT Com Dev. Project
PPT Com Dev. ProjectPPT Com Dev. Project
PPT Com Dev. Project
 
Hướng dẫn sử dụng biến tần
Hướng dẫn sử dụng biến tầnHướng dẫn sử dụng biến tần
Hướng dẫn sử dụng biến tần
 
EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...
EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...
EMC World 2016 - code.11 Intimidate me not - How to Contribute to Large Open ...
 
Meritronics_Company rev 07.02.14
Meritronics_Company rev 07.02.14Meritronics_Company rev 07.02.14
Meritronics_Company rev 07.02.14
 
Grounding of Multi Cable Transits for on-shore use
Grounding of Multi Cable Transits for on-shore useGrounding of Multi Cable Transits for on-shore use
Grounding of Multi Cable Transits for on-shore use
 
Career city index
Career city indexCareer city index
Career city index
 
cytel-white-paper-aces-silva
cytel-white-paper-aces-silvacytel-white-paper-aces-silva
cytel-white-paper-aces-silva
 
Cs 7.2 dql
Cs 7.2 dqlCs 7.2 dql
Cs 7.2 dql
 

Similar to Symantec-CWS_Brochure

Hackers Locked
Hackers Locked Hackers Locked
Hackers Locked Sam S
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAnju Gigoo
 
Secure Video Downloads Amid Cyber Threats.pdf
Secure Video Downloads Amid Cyber Threats.pdfSecure Video Downloads Amid Cyber Threats.pdf
Secure Video Downloads Amid Cyber Threats.pdfAndy Tabachnikov
 
How do I activate my Webroot keycode?
How do I activate my Webroot keycode?How do I activate my Webroot keycode?
How do I activate my Webroot keycode?NovellaJohns
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliabilitycaca1009
 
Website Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafeWebsite Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafePixlogix Infotech
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubResellerClub
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?Lucy Zeniffer
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
TechFai.com.pdf
TechFai.com.pdfTechFai.com.pdf
TechFai.com.pdfTechFai
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 

Similar to Symantec-CWS_Brochure (20)

Hackers Locked
Hackers Locked Hackers Locked
Hackers Locked
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Adwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_httpsAdwebtech ssl presentation_beyond_https
Adwebtech ssl presentation_beyond_https
 
Secure Video Downloads Amid Cyber Threats.pdf
Secure Video Downloads Amid Cyber Threats.pdfSecure Video Downloads Amid Cyber Threats.pdf
Secure Video Downloads Amid Cyber Threats.pdf
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
How do I activate my Webroot keycode?
How do I activate my Webroot keycode?How do I activate my Webroot keycode?
How do I activate my Webroot keycode?
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
 
Case study
Case studyCase study
Case study
 
Website Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website SafeWebsite Security Certification The Key to Keeping Your Website Safe
Website Security Certification The Key to Keeping Your Website Safe
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClub
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Identikey
IdentikeyIdentikey
Identikey
 
TechFai.com.pdf
TechFai.com.pdfTechFai.com.pdf
TechFai.com.pdf
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
 

Symantec-CWS_Brochure

  • 1. Symantec™ Complete Website Security A comprehensive solution for all your website security needs, with features ranging from Extended Validation SSL/TLS certificates and malware scanning, to DDoS mitigation and performance optimisation.
  • 2. 2 I Symantec Corporation Shifting threats, shifting defences A brave new world There’s only one constant in website security: that the threats we face will continue to grow in both scale and sophistication. The reality of this situation can be seen in the on-going battle between those seeking illegal access to online information, and those attempting to protect it. It’s been a sobering experience, and one that’s forced us to wave goodbye to the notion that a secure boundary can be built to keep out all unwanted intruders. The reality is that criminals have tunnelled under, made holes where no one was looking, or simply donned a disguise and walked through the front door. Understanding the threat Until now, the role of website security has been predominantly reactive – rapid firefighting whenever a new threat arises to build up defences and mitigate the potential impact. A solution is needed that proactively and effectively protects your website from increasing danger. As a function, we’re no longer facing the single threat of lone hackers working out of their bedrooms. Rather, this danger now comes from criminal networks, government-sponsored threats, and hacktivists. Ensuring the right resources are deployed at the right place and the right time is no longer just important, it’s essential. Generating a response Building and maintaining a secure corporate infrastructure, alongside customer trust, is a continuous exercise that can be undone in seconds, and this rapidly changing threat landscape has meant that constant innovation is required to evolve website security solutions at the same pace. Although we know that sitting still is simply not an option, it’s also impractical to expect a response to each new emerging threat given the twin constraints of time and money. Instead, you should be looking to your security partner for support, and for education in spotting vulnerabilities and mitigating any risks. Enter Symantec™ Complete Website Security. 29,927 New unique malicious web domains in 2014 496,657 Web attacks blocked each day 317,256,956 New malware variants emerged in 2014 183% Increase in DNS amplification attacks between January and August 2014 The threat landscape in numbers (from Symantec’s Website Security Threat Report 2015)
  • 3. 3 I Symantec Corporation A focus on security The challenge of resourcing your security As we all know, website security is ultimately about confidence – and building a sense of trust with each visitor. Generating this trust requires a realistic understanding of the dangers faced by your organisation and an accurate assessment of the capabilities needed to counter them. It could be argued that the biggest threat is actually the limited resources typically dedicated to website security – and a reliance on manual processes that, combined with time pressures, make even the simplest security task difficult to achieve. Extended Validation SSL/TLS Certificates Instilling confidence and trust in your website is vital; visitors need to feel assured that your business’s site is safe to transact on. Research from Econsultancy showed that 50% of customers who abandon an online purchase do so because of a lack of trust. A recent YouGov online survey in the UK, US, France and Germany gave clear and encouraging results: the majority of people know what to look for when deciding whether or not to put their trust in a website. Not displaying clear visual signs of a secure website can damage your end consumers’ trust in your business, and might lose you valuable conversions. Level 1: Domain validation (DV) The lowest level of authentication – for situations where trust and credibility are less important Level 2: Organisation Validation (OV) A more secure step – for public-facing websites dealing with less sensitive transactions Level 3: Extended Validation (EV) The gold standard in SSL/TLS certificates – for websites handling credit card and other sensitive data Certificate type Domain validated? https encrypted? Identity validation Address validation? Padlock displayed in browser user interface Green address bar* DV Yes Yes None No Yes No OV Yes Yes Good Yes Yes No EV Yes Yes Strong Yes Yes Yes Finding your right level of SSL/TLS certificate *And/or a green padlock or green treatment within the address bar
  • 4. 4 I Symantec Corporation A denial of service It’s also an established fact that many organisations fall victim to hacks and malware infections because they don’t carry out basic website health checks. In 2014 for example, 75% of scanned websites had vulnerabilities – a fifth of which were critical. These infections can be crippling – Google blacklists 10,000 websites every single day, and it takes an average of 6 weeks before they’re restored. Then there are the high profile breaches and, in particular, Distributed Denial of Service (DDoS) attacks that range from simple HTTP404 error pages to complete blackout, and are constantly increasing in intensity. Symantec™ Complete Website Security now includes Imperva Incapsula DDoS Protection - capable of mitigating all types of DDoS attacks targeting any type of online service - alongside our established armoury of tools to help keep your website at full health. Malicious bots at the application layer In addition to the above, there are application level DDoS attacks, which target vulnerabilities in your OS or web applications, and are immune to generic filtering. These are attacks performed by malicious bots designed to impersonate legitimate human visitors and hijack browsers in a bid to take down an organisation’s servers. In 2014 we identified a 240% increase in Bot traffic, numbers that confirm what many security experts already know: hacker tools are now being designed first and foremost for stealth. Our response has been to further enhance the protection our solution offers, with the addition of Imperva Incapsula Website Application Firewall (WAF) – redefining and extending the WAF beyond traditional concepts. At Symantec we thrive on providing solutions to the challenges you face, to support you today and for the future. Symantec™ Complete Website Security Vulnerability Assessment Malware Scanning Extended Validation SSL/TLS Certificates Imperva Incapsula DDoS Protection Imperva Incapsula Web Application Firewall Secure App Service Security features spotlight:
  • 5. 5 I Symantec Corporation A focus on management The quest for greater simplicity There’s a growing appreciation that managing website security has become far harder than it should be. This is particularly the case when it comes to licensing SSL/TLS certificates, and many PKI administrators and website security managers still face the daunting task of searching out hidden certificates to avoid unexpected expiration dates. The problem of tracking certificates At Symantec we understand that tracking SSL/TLS certificates isn’t easy, especially if multiple people in your organisation have the ability to implement them in isolation. Expired certificates can hurt you even more – our research found that over 75% of consumers would abandon their transaction if they encountered an expired SSL/TLS certificate. On top of that, 45% of surveyed businesses experienced security breaches that were due to SSL/TLS certificate issues. That’s why you need tools that simplify and centralise this process, which is exactly what’s on offer with Symantec™ Complete Website Security. SSL/TLS certificate management made easy Of course there’s more to life – or at least website security – than just focusing on the buying and renewing of certificates. There is also the need to search out rogue certificates, monitor expiration dates, and maintain standards – all of which can prove difficult in large, geographically dispersed organisations. In a recent Symantec survey, four out of five companies with 2,000+ certificates found rogue certificates in their systems. However, with Symantec’s discovery and automation tools you can centralise SSL/TLS management – and discover all certificates across the enterprise regardless of which certificate authority issued them. Symantec™ Complete Website Security Discovery Automation Private CA 24 Hour Support Management features spotlight:
  • 6. 6 I Symantec Corporation A focus on performance Website management Let’s face it, the key metric when measuring website performance is traffic – which also involves considerations such as conversion levels, alongside more technical aspects including latency, availability, and bandwidth. Symantec™ Complete Website Security solution can support your website in each of these areas. Optimised content delivery According to Forrester, 40% of shoppers will wait no longer than three seconds for a web page to load before abandoning a retail site.1 Today there are number of sophisticated tools available to help your website load and run faster. For example, a Content Delivery Network (CDN) is a global system of strategically positioned servers that brings your web content closer to your consumers. Symantec™ Complete Website Security now includes Imperva Incapsula CDN that offers caching, content and network optimisation tools, and research has shown that websites using it are typically 50% faster and consume up to 70% less bandwidth. In addition, CDN supports load balancing; ensuring workloads are efficiently distributed to help maintain high website availability. Strength and speed through encryption As we know, SSL/TLS certificates enable encryption all the data that passes between a user’s browser when they consult a protected website and the company server hosting this website. So, obviously, stronger encryption is more desirable. Elliptic Curve Cryptography (ECC) 256-bit is a more advanced encryption algorithm that is 64,000 times more secure than RSA 2048-bit. What makes it even better is that it requires much less server capacity to encrypt information, reducing costs and improving your website’s performance. Just for example, Directorz Co. Ltd., a Japanese firm, saw a 46% lower CPU burden and a 7% improvement in response time when they implemented ECC. Today, you can also combine the ubiquitous RSA root with the stronger security and server performance offered by ECC in our hybrid SSL/TLS certificates. Building on trust We’ve already demonstrated how important it is for consumers to feel confident when providing data or making an online purchase, and trust marks are a well-recognised indicator of website security. Of these, the Norton Secured Seal is one of the most trusted on the internet, and is viewed over a billion times a day in 170 countries. It makes a big difference: 90% of respondents in an international consumer study said they are more likely to continue online transactions if they see the Norton Secured Seal.2 Displaying the seal beside your link in search engine results is also proven to significantly increase traffic to your website. Symantec™ Complete Website Security Performance features spotlight: Imperva Incapsula CDN & Optimization Elliptic Curve Cryptography Norton Secured Seal Seal in Search 1 Forrester Consulting Online Consumer Study, September 2009 2 International Online Consumer Study: US, Germany, UK, July 2013
  • 7. 7 I Symantec Corporation Symantec™ Complete Website Security Advanced threats, enhanced solution Features and benefits - Security Complete Website Security goes far beyond encryption to deliver protection for websites, data and applications—with 24/7 control that helps to mitigate risk and helps to ensure uninterrupted performance for every website. Multi-layered security and controls make our certificate issuance and authentication processes one of the most rigorous in the industry. Automated management pinpoints certificate and website weaknesses due to unexpected expirations, flawed installations, deprecation and critical vulnerabilities in the event of attacks. Meanwhile, Symantec’s unified security identifies worldwide security vulnerabilities, delivers real-time analytics and helps our customers to protect against damage, 24/7. It’s why we’ve become the name people trust. VULNERABILITY ASSESSMENT • A weekly scan helps identify and act against exploitable website vulnerabilities • Delivers actionable reports that identify critical vulnerabilities requiring immediate investigation and lower risk items • Provides an option to then rescan website to help confirm that vulnerabilities have been rectified MALWARE SCANNING • A daily scan detects and reports malware to site owner • Highlights the malicious code, meaning time taken to resolve the issue is minimised • Mitigates the risk of being blacklisted by search engines (Google blacklists 10K sites a day – with up to 6 weeks’ recovery time) EXTENDED VALIDATION SSL/TLS CERTIFICATES • EV SSL/TLS certificates deliver the highest level of consumer trust through the strictest authentication standards • Sites with EV display well-recognised visual trust indicators for added assurance • The most secure and best performing choice for website security; EV is known to increase conversion rates and lower site abandonment IMPERVA INCAPSULA DDOS PROTECTION • Market-leading protection against one of the most common website attacks • Automatic always-on detection and triggering of ‘under-attack’ mode • Zero business disruption based on transparent mitigation with minimum false positives • End-to-end protection against the largest and smartest DDoS attacks
  • 8. IMPERVA INCAPSULA WEB APPLICATION FIREWALL • Innovative cloud based firewall to protect against Layer 7 attacks, powered by Imperva Incapsula • Defends against OWASP Top 10 threats including: SQL injection, cross-site scripting, illegal resource access and remote file inclusion • Proactive remediation from constant monitoring and application of dedicated security rules • Activated by a simple DNS change SECURE APP SERVICE • Enables enterprises to: - Sign apps and files in the cloud - Protect signing keys - Provide reporting of signing activity - Keep track of engineering output through use of an integrated web-based portal or via API DISCOVERY • Allows you to discover all SSL /TLS certificates in your environment regardless of CA • Eliminates the chance of certificates expiring unexpectedly AUTOMATION • Allows you to automate the renewal of Symantec certificates to save time and reduce the risk of human error PRIVATE CA • Improves security and enables consolidation with Public and Private Certificates in one console • Reduces the risks, errors, and hidden costs associated with Self-Signed CAs • Allows the continued use of internal server names, and the ability to ignore migrations associated with public roots • Allows you to create a customised hierarchy based on your precise needs 24 HOUR SUPPORT • Includes access to a dedicated technical account manager* 7 days a week who: - Monitors and drives prioritisation for your support cases - Tracks product enhancement requests (if applicable) - Communicates any service-impacting maintenance - Acts as a service/support escalation point 8 I Symantec Corporation Features and benefits - Management *Does not include Imperva Incapsula products
  • 9. IMPERVA INCAPSULA CDN & OPTIMIZATION • Application-aware, global CDN for full site acceleration • Layer 7 Load Balancing solution for optimal utilisation • Static and dynamic content caching for maximum website performance ELLIPTIC CURVE CRYPTOGRAPHY • Elliptic Curve Cryptography (ECC) Algorithm - 64,000 more secure than RSA – compared to an industry-standard 2048-bit RSA key - ECC-256-bit keys are 64,000 times harder to crack - 7-10% faster using less CPU power • ECC/RSA Hybrid Algorithm - Improves browser compatibility; better root ubiquity - Improved performance - More secure than pure RSA NORTON SECURED SEAL • The Norton™ Secured Seal is the most recognised trust mark on the Internet1 • Recognised by 77% of consumers2 • 90% of respondents more likely to continue online transactions if they see the Norton Seal3 SEAL IN SEARCH • Establish trust and credibility with visitors by displaying the Norton Secured Seal • Demonstrate that your site is both a legitimate and safe environment to perform transactions • Convert more visitors into customers 9 I Symantec Corporation 1 International Online Study (U.S, Germany, UK, France, Australia and Singapore only) October 2015 2 US online Consumer Research November 2013 3 International Online Consumer Study: US, Germany, UK, July 2013 Features and benefits - Performance
  • 10. No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Circle Logo and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Greater security, simplified management, enhanced performance To find out more about how Symantec™ Complete Website Security can deliver an efficient, effective and comprehensive solution for all your website security needs, contact us today: 0800 032 2101 or ssl_info@symantec.com