Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Web Security and Network Security

7,272 views

Published on

Published in: Technology
  • Be the first to comment

Web Security and Network Security

  1. 1. Symantec MessageLabs Web Security.cloud Chris Russell <ul><li>Cloud Security Specialist </li></ul>Web Security .cloud – January 2011
  2. 2. Web Security Challenges Web Misuse <ul><li>Reduces productivity, consumes bandwidth, and creates exposure to security and legal risk </li></ul>Web Security .cloud – January 2011 Defending Against Malware <ul><li>Attackers use the Web to deliver viruses, spyware, and other malware </li></ul>Enforcing a Web Acceptable Use Policy <ul><li>Often difficult and time consuming </li></ul>An Increasingly Mobile Workforce <ul><li>Extending security and policy enforcement can be difficult when workers are located away from the corporate LAN </li></ul>
  3. 3. Web Threat Landscape +20% Vs. 2009 on a per client per month basis. Average amount of Website requests blocked by our Service: Attackers are increasing their volume and frequently use legitimate Websites… Source: MessageLabs Intelligence, July 2010 Web Security .cloud – January 2011 10% 90% Legitimate Websites compromised by malware without the owners knowledge Analysis of Blocked Domains: <ul><li>New Malware Sites per Day </li></ul><ul><ul><li>Sites with spyware = 200+ per day </li></ul></ul><ul><ul><li>Sites with Web viruses: 4000+ per day </li></ul></ul>
  4. 4. Dangers of Web Misuse The Case for URL Filtering and Policy Enforcement InformationWeek :The Browser As Attack Vector, August 7, 2010 (From the August 9, 2010 issue; eWeek: How to Protect Your Business from Web 2.0 Risks , Bob Walters, 2010-02-01 MessageLabs Intelligence: 2009 Annual Security Report December, 2009 Comprehensive URL Filtering is needed to control Web traffic, protect bandwidth and enforce your Acceptable Use Policies “ ..the misuse of company resources through excessive bandwidth use is crippling some networks, as employees are increasingly storing large amounts of personal downloads. This can be expensive and slow down the entire network.” Web Security .cloud – January 2011 <ul><li>MessageLabs Intelligence Findings: </li></ul><ul><li>87.4% of all blocks occur between 8am-6pm; </li></ul><ul><li>32.6% of all blocks occur from 12-2pm; </li></ul><ul><li>Adult & Sexually Explicit: </li></ul><ul><ul><li>68% of blocks within working hours </li></ul></ul><ul><ul><li>32% outside of working hours. </li></ul></ul><ul><li>Streaming Media: 12.5% of all blocks </li></ul><ul><li>44% of Phishing/Fraud website blocks occur during lunchtime </li></ul>
  5. 5. Dangers of Web Misuse Social Media and Web 2.0 -MyJobGroup.co.uk - Social Media Costing UK Economy up to £14billion in Lost Work Time - 4th August 2010 http://www.symantec.com/connect/blogs/fraudsters-provide-false-security-facebook-users <ul><li>How do Attacks Happen? </li></ul><ul><li>Compromised accounts send malicious links </li></ul><ul><li>Links direct users to: </li></ul><ul><li>a. site resembling a Facebook login b. a page with malware downloads </li></ul><ul><li>Criminals harvest the victim’s login. and password information for future attacks </li></ul>Nearly 2 million workers spend over an hour per day 'Facebooking' at work 13% of employees aged 18-29, and 13% of employees aged 30-43 now use social networking sites for work purposes Web Security .cloud – January 2011
  6. 6. Web Security.cloud Overview Web Security .cloud – January 2011
  7. 7. Web Security.cloud How it works Clean content is delivered without noticeable delay 3 Web content is retrieved by Symantec.cloud Multi-layer scanning detects Web-borne threats Web Security .cloud – January 2011 A user initiates a Web request which is checked against the customer policies 1 Firewall Firewall Policies determine whether traffic is sent on, flagged or denied. Each request is logged. Internet 2
  8. 8. Roaming Support Options Smart Connect for Web Security.cloud Web protection and policy management for Mobile Users Seamlessly connects users from: <ul><li>Seamlessly logs in users in a variety of network environments </li></ul><ul><li>Ideal for “road-warrior” users and frequent travelers </li></ul><ul><li>Enforces policies and protects users as if they were inside your corporate LAN </li></ul>Web Security .cloud – January 2011 Public Wi-Fi Hotspots; Pay-for-use portals Home Offices Corporate LAN & Regional Offices Data center
  9. 9. Smart Connect Roaming Agent Customer Benefits <ul><ul><li>Automatically adjusts to differences in networking environments </li></ul></ul><ul><ul><li>Location awareness connects user to optimal infrastructure point </li></ul></ul>Flexible <ul><ul><li>No ‘sign-on’ with compliant Web usage and transparent to user </li></ul></ul><ul><ul><li>Same protection and usage policies whether on or off LAN </li></ul></ul>Seamless <ul><ul><li>Simple add-on to existing ClientNet policies and user groups </li></ul></ul><ul><ul><li>Standard agent install package for easy distribution </li></ul></ul>Easy to Manage <ul><ul><li>Interoperable with captive portals/pay for use hotspots </li></ul></ul><ul><ul><li>Tested with leading endpoint security products to avoid conflicts </li></ul></ul>Compatible <ul><ul><li>Protected with SSL encryption </li></ul></ul><ul><ul><li>System authenticated for roaming usage </li></ul></ul><ul><ul><li>Users are authorized for individual Web usage policies </li></ul></ul>Secure Web Security .cloud – January 2011
  10. 10. Benefits of Using Web Security.cloud <ul><li>Average scanning of Web content within 100 ms </li></ul><ul><li>Response times for critical, major, and minor support calls </li></ul>Web Security .cloud – January 2011 <ul><li>Internet-level, multi-layer scanning uses multiple commercial engines and proprietary heuristics </li></ul><ul><li>Global threat intelligence helps protect against new and converged threats </li></ul><ul><li>URL filtering draws from 67 million URLs and over 80 categories </li></ul>Accurate Defenses <ul><li>Global Infrastructure of 14 data centers in 4 continents processes billions of Web requests each month </li></ul><ul><li>Load-balanced servers help maintain minimal Web latency </li></ul><ul><li>Rapid deployment and automatic updates </li></ul>Strong Coverage <ul><ul><ul><li>Dashboard, summary, detailed and scheduled reporting options for insight into service activities </li></ul></ul></ul><ul><ul><ul><li>Detailed reporting options include: browse time by category, individual URL and bandwidth consumption by users and groups </li></ul></ul></ul>Comprehensive Reporting Our Aggressive Service Level Agreement: <ul><li>100% protection against known web viruses </li></ul><ul><li>100% service uptime </li></ul>
  11. 11. What Makes Our Approach Unique? Web Security .cloud – January 2011 <ul><li>Security that exceeds point solutions </li></ul><ul><li>All Web content is scanned by our service, promoting enhanced accuracy above services that rely solely on URL filtering for threat detection </li></ul><ul><li>Our services share threat intelligence across email Web and IM for enhanced accuracy </li></ul><ul><li>Strong URL categorization </li></ul><ul><li>Large amount of categories available allowing you to create more granular policies </li></ul><ul><li>More categories means: less unclassified content, greater accuracy and stronger policy enforcement </li></ul><ul><li>Comprehensive options to enforce your Web Policy </li></ul><ul><li>Flexible quota management allows administrators to set limits for browse time and </li></ul><ul><li>bandwidth consumption </li></ul><ul><li>Create custom rules based on time of day, user, group and location to suit your organization </li></ul><ul><li>Roaming and remote worker support options </li></ul><ul><li>Options for both remote and roaming workers are available to suit your needs </li></ul><ul><li>Our roaming agent possesses location and network intelligence capabilities to provide the best browsing experience   </li></ul>
  12. 12. Delivered Using a Global Infrastructure <ul><li>Incorporating 14 data centers spanning four continents </li></ul><ul><li>Every data center is scalable and secured to the highest standards </li></ul><ul><li>Clustered high performance servers, each cluster has full redundancy within itself and all other hardware is duplicated </li></ul>Web Security .cloud – January 2011
  13. 13. Part of a Portfolio of Integrated Cloud-based Services Web IM Email Content Control Image Control URL Filtering Boundary Encryption Policy Based Encryption Archiving Continuity Content Control Recover Secure Control Protect AntiVirus AntiSpam AntiVirus AntiSpam AntiVirus AntiSpyware Skeptic TM EndPoint.cloud Web Security .cloud – January 2011 EndPoint
  14. 14. Summary <ul><li>Advanced multi-layered protection from Web threats </li></ul><ul><li>Comprehensive URL Filtering with over 80 categories to promote service accuracy </li></ul><ul><li>Delivered through a highly available global infrastructure </li></ul><ul><li>Low latency service - Scanning performed in under 100 ms </li></ul><ul><li>Helps you make Web use more productive and compliant </li></ul><ul><li>Provides SaaS Advantages </li></ul><ul><li>Support for mobile workforce </li></ul><ul><li>Backed by an industry leading Service Level Agreement </li></ul>Web Security .cloud – January 2011
  15. 15. Next Steps <ul><li>Begin a free trial of Web Security.cloud </li></ul><ul><li>See a demo </li></ul><ul><li>Request a quote </li></ul><ul><li>Visit www.messagelabs.com for additional information </li></ul>Web Security .cloud – January 2011
  16. 16. Chris Russell [email_address] +61 (0) 2 9086 8285 Web Security .cloud – January 2011
  17. 17. Web Security .cloud – January 2011
  18. 18. Web Threat Landscape Common entry points Comprehensive Protection Needed Across Email, Web, and IM Attackers frequently use multiple protocols to evade point solutions <ul><li>When threats are found in our other services, this information is shared with the Web Security service for increased accuracy in detecting new and converging threats </li></ul>Web Security .cloud – January 2011 ‘ Spoofed’ Email with Web Link Fraudulent IM with Web Link Compromised Website Hosting Malware
  19. 19. Dangers of Web Misuse (v2) The Case for URL Filtering and Policy Enforcement “ the browser is now your employees' gateway out-and an attacker's gateway in…new attack techniques are exploiting browser flaws and leading to the compromise of data. ” <ul><li>MessageLabs Intelligence Findings: </li></ul><ul><li>87.4% of all blocks occur between 8am-6pm; </li></ul><ul><li>32.6% of all blocks occur from 12-2pm; </li></ul><ul><li>Adult & Sexually Explicit: </li></ul><ul><ul><li>68% of blocks within working hours </li></ul></ul><ul><ul><li>32% outside of working hours. </li></ul></ul><ul><li>Streaming Media: 12.5% of all blocks </li></ul><ul><li>44% of Phishing/Fraud website blocks occur during lunchtime </li></ul>InformationWeek :The Browser As Attack Vector, August 7, 2010 (From the August 9, 2010 issue; eWeek: How to Protect Your Business from Web 2.0 Risks , Bob Walters, 2010-02-01 MessageLabs Intelligence: 2009 Annual Security Report December, 2009 Comprehensive URL Filtering is needed to control Web traffic, protect bandwidth and enforce your Acceptable Use Policies Web Security .cloud – January 2011
  20. 20. Market Leadership Web Security .cloud – January 2011
  21. 21. Email and Web Converged Threats Example Phishing Attack Malicious URLs appear in emails designed to appear legitimate Spoofed or compromised website is used to capture account information or install malware Web Security .cloud – January 2011
  22. 22. Web Security Deployment Options Web Security .cloud – January 2011 Business Need On Premise Software or Appliance Symantec.cloud Service Block Threats Outside the Network Automatic URL, Virus Signature, and Product Updates Roaming User Traffic Not Routed Through Corporate Network Predictable Costs Managed as OPEX Rapid Deployment Service Level Agreements Unlimited Scalability Built-in High Availability Complimentary 24 / 7 Support
  23. 23. Roaming Support Options Remote Connect Web protection & policy management for Small & Home Office Users For your remote workers connecting from: <ul><li>Easily activated within ClientNet administrative interface </li></ul><ul><li>Ideal for less mobile users located in remote offices or home offices </li></ul><ul><li>Enforces policies and protects users as if they were inside your corporate LAN </li></ul>Web Security .cloud – January 2011 VPN Home Offices Regional Offices
  24. 24. Defense against Converging Threats Web Security.cloud and Email Security.cloud Services <ul><li>Convergence of Web and email threats call for a hosted services expert in both protocols </li></ul><ul><li>Symantec .cloud provides integrated Web, email and IM hosted security services </li></ul><ul><li>One trusted supplier and management interface </li></ul><ul><li>Saves time and money, while increasing visibility and control </li></ul>Web Security .cloud – January 2011
  25. 25. Management Interface Portal dashboard <ul><li>Reporting </li></ul><ul><li>Policy Management </li></ul><ul><li>User Administration </li></ul><ul><li>Online Help </li></ul>Web Security .cloud – January 2011
  26. 26. Web Security.cloud Reporting Dashboard, Summary, Detailed and Audit reports <ul><ul><li>Dashboard – snapshot view of service statistics </li></ul></ul><ul><ul><li>Summary – graphs, tables and key statistics </li></ul></ul><ul><ul><li>Audit – information on individual user activities </li></ul></ul>Web Security .cloud – January 2011
  27. 27. Web Security.cloud Reporting Detailed reports <ul><ul><li>Options include: </li></ul></ul><ul><ul><ul><li>AntiVirus & AntiSpyware Activities </li></ul></ul></ul><ul><ul><ul><li>URL Filtering Activity </li></ul></ul></ul><ul><ul><ul><li>Bandwidth by User </li></ul></ul></ul><ul><ul><ul><li>Browse time by URL category, individual URL </li></ul></ul></ul><ul><ul><ul><li>Bandwidth by Individual URL , URL Category </li></ul></ul></ul><ul><ul><ul><li>Web Audit </li></ul></ul></ul>Web Security .cloud – January 2011
  28. 28. Web Security.cloud Dashboard <ul><li>The Dashboard provides a quick view of recent trends and activity of the service: </li></ul><ul><li>URL Filtering intercepts </li></ul><ul><li>Top 5 URL Categories </li></ul><ul><li>Top 5 Content Types </li></ul>Web Security .cloud – January 2011
  29. 29. Web Security.cloud - URL Filtering Policy building for categories & content <ul><li>Over 80 Categories to Select from </li></ul><ul><li>Multiple category support for a single website URL </li></ul>Web Security .cloud – January 2011
  30. 30. Web Security.cloud - URL Filtering Policy building for users & groups <ul><li>Policies may be configured to block access by users and groups: </li></ul>Web Security .cloud – January 2011
  31. 31. Web Security.cloud - URL Filtering URL Lookup Tool <ul><li>Aids in the creation of custom policies </li></ul>Web Security .cloud – January 2011
  32. 32. Web Security.cloud - URL Filtering Quota based policies <ul><li>Policies may be configured to restrict access for users and groups to specific websites or site categories by: </li></ul><ul><ul><li>time of day </li></ul></ul><ul><ul><li>browse time </li></ul></ul><ul><ul><li>bandwidth consumption </li></ul></ul>Web Security .cloud – January 2011
  33. 33. What Makes Us Different <ul><li>The ‘In the cloud’ SaaS pioneer </li></ul><ul><li>Skeptic AntiVirus ‘zero hour’ protection unsurpassed: Each day, Skeptic stops 200 unique strains of malware that traditional, signature based antivirus engines miss </li></ul><ul><li>Continued investment in our technology and infrastructure </li></ul><ul><li>Unbeatable Service Level Agreements </li></ul><ul><li>24/7 global client support team </li></ul><ul><li>Global infrastructure, global presence </li></ul>Web Security .cloud – January 2011
  34. 34. Industry Leading Service Level Agreement Support Email Web AntiVirus Protection  100% protection from known and unknown email viruses Credit is offered if a client infected by a virus Virus False Positives  0.0001% FP capture rate Credit is offered if we do not meet this commitment Spam Capture Rate  99% capture rate (95% for emails containing Asian characters) Credit is offered if we do not meet this commitment Spam False Positives  0.0003% FP capture rate Credit is offered if we do not meet this commitment Latency  Average roundtrip time of 100% of email delivered in less than 60 seconds Credit is offered if latency exceeds 1 minute Delivery  100% delivery guarantee Client may terminate if we do not meet this Service Availability  100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95% Archiving Service Availability Guarantee  99.9% uptime for archiving network Client may terminate if availability falls below 90% Appliance Replacement Guarantee  If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost Technical support / Fault Response  critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls within 8hrs Credit is offered if we do not meet this commitment Web Security .cloud – January 2011 AntiVirus Protection  100% protection against known viruses Credit is offered if a client infected by a virus Latency  Average scanning time of 100% of web content is within 100 milliseconds Credit is offered if latency exceeds 100 milliseconds Service Availability  100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95%
  35. 35. SaaS is Strong in Messaging Security Web Security .cloud – January 2011 <ul><li>SaaS in General </li></ul><ul><li>Quick and easy set up </li></ul><ul><li>Predictable, low cost </li></ul><ul><li>Redundancy </li></ul><ul><li>Platform independent </li></ul><ul><li>No maintenance or version control </li></ul><ul><li>Messaging Security </li></ul><ul><li>Preserves bandwidth (removes up to 80% of emails in cloud) </li></ul><ul><li>Better protection </li></ul>SaaS BENEFITS BARRIERS to SaaS <ul><li>Concerns over security </li></ul><ul><li>Concerns over network reliability / availability </li></ul><ul><li>Configurability of services </li></ul>
  36. 36. Web Security.cloud Roaming Use Cases VPN User Payment authorization traffic VPN Traffic Hotel/ Hotspot Internet Data center Web Security .cloud – January 2010 Corporate LAN Non-Corporate LAN Roaming Web User
  37. 37. Smart Connect Flow Diagram Symantec .cloud Confidential 4 2 5 3 Agent state is Off LAN Protected <ul><li>System Authentication </li></ul><ul><li>Network Discovery </li></ul><ul><li>Logged On User Info </li></ul><ul><li>User/Group filters </li></ul><ul><li>URL filters </li></ul><ul><li>Content Scanning </li></ul><ul><li>Logging/Reporting </li></ul>‘ Trip ’ Infrastructure RAS Proxies <ul><li>Session authentication </li></ul>NED Servers Geo-location and NED DB <ul><li>Source IP lookup </li></ul><ul><li>Country of origin </li></ul><ul><li>Trip assignment </li></ul><ul><li>Initial Authentication </li></ul><ul><li>Connection details </li></ul><ul><li>Session certificate </li></ul>1

×