A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified...
Transcript of A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified...
![Page 1: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/1.jpg)
A New Approach Unified Security
Haider Pasha, CISSP, C|EH, CCIE
Director, Security StrategyEmerging Markets
![Page 2: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/2.jpg)
Our Biggest Security Challenges
Reduce complexity and fragmentation
of security solutions
(Staying Simple)
Maintain Security and Compliance as business
models change
(Staying Agile)
Stay ahead of the threat landscape (Staying Proactive)
![Page 3: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/3.jpg)
Increased Attack Surface
APTs andCyber Wars
Malware and RootkitsWorms
20162000 2008 Tomorrow
The Threat Landscape has Evolved
![Page 4: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/4.jpg)
There’s a Vulnerability for everything…
http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html
…
![Page 5: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/5.jpg)
Your Digital Shadow
grows with every online interaction!
![Page 6: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/6.jpg)
![Page 7: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/7.jpg)
FIREWALLENDPOINT
SERVERGATEWAYEmail metadata Source email server identityWeb connection historyInbound attachmentsOutbound attachments
Administrative activityNetwork connectionsSuccessful / failed loginsSensitive docs accessedCompliance status
Security settings changesNetwork connectionsSuccessful / failed loginsSensitive docs accessedProcess behaviors
Inbound network trafficOutbound network trafficProtocol tunneling activityAdministrative activityInbound network traffic
![Page 8: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/8.jpg)
BETTERPROTECTION
+ REMEDIATION
BETTERPROTECTION
+ REMEDIATION
BETTERPROTECTION
+ REMEDIATION
BETTERPROTECTION
+ REMEDIATION
![Page 9: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/9.jpg)
GLOBALLY INFORMED
DEVICE RISK
BENCHMARKINGACROSS PEERS
INDUSTRY-SPECIFIC ATTACK
CAMPAIGNS
Many we have not thought of yet
![Page 10: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/10.jpg)
COLLECT
PARTNER
BUILD/ACQUIRE
INTERACTIVEANALYTICS
INCIDENTMANAGEMENT
RISK ANALYSIS & REDUCTION
INCIDENTINVESTIGATION
APP EXCHANGE
SOCIAL PLATFORM
![Page 11: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/11.jpg)
Your company gets a tip from a law enforcement agency that they may be under attack
They have only one lead: The name of a single file
![Page 12: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/12.jpg)
What is the file?
File Telemetry
![Page 13: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/13.jpg)
htz.dll
What is the “lineage” of the file?
Behavioral and Incursion Telemetry
Security_Scoop 12 2012.pdf.exe
groovestdurllauncher.exeSecurity_Scoop 12 2012.zip
![Page 14: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/14.jpg)
htz.dll
Security_Scoop 12 2012.pdf.exe
groovestdurllauncher.exeSecurity_Scoop 12 2012.zip
How did the file get in?
Hosted Email Telemetry
Security_Scoop 12 2012.zip
htz.dll
Security_Scoop 12 2012.pdf.exe
groovestdurllauncher.exeSecurity_Scoop 12 2012.zipSecurity_Scoop 12 2012.zip
htz.dll
Security_Scoop 12 2012.pdf.exe
groovestdurllauncher.exeSecurity_Scoop 12 2012.zip
![Page 15: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/15.jpg)
Where is the file connecting?
Network Protection Telemetry
htz.dll
Security_Scoop 12 2012.pdf.exe
groovestdurllauncher.exeSecurity_Scoop 12 2012.zip
C&C Server 2
C&C Server 1
Security_Scoop 12 2012.pdf.exe
htz.dll
![Page 16: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/16.jpg)
Global Data Collection
C&C Server 2
C&C Server 1
htz.dll
Security_Scoop 12 2012.pdf.exe
groovestdurllauncher.exeSecurity_Scoop 12 2012.zip
Block traffic to C&C serversWho else is impacted?
![Page 17: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/17.jpg)
DefenseAerospaceShipping
Telecom Think Tanks
![Page 18: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/18.jpg)
ExpertsBig Data Platformand Analytics
Massive Sensor Network
How do we do this?
![Page 19: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/19.jpg)
UNIFIED SECURITYVISION
Symantec will deliver a unified security intelligence platform
that leverages the combined visibility and intelligenceof all of our offerings (augmented by 3rd-party data)
to block, detect, and remediate attacks, protect information,
and reduce risk, better than anyone else.
![Page 20: A New Approach - Infocom Security · UNIFIED SECURITY VISION Symantec will deliver a unified security intelligence platform that leverages the combined visibility and intelligence](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f7c0510ee374605842f2fdc/html5/thumbnails/20.jpg)