Hosted Security: Complete Protection With A Peace Of Mind Leonard Sim Client Services Manager –...

Click here to load reader

  • date post

    30-Dec-2015
  • Category

    Documents

  • view

    214
  • download

    0

Embed Size (px)

Transcript of Hosted Security: Complete Protection With A Peace Of Mind Leonard Sim Client Services Manager –...

Symantec Hosted Services Strategy & Vision

Hosted Security: Complete Protection With A Peace Of MindLeonard SimClient Services Manager South AsiaSymantec Hosted Services1

Agenda2Whats being done now?There is a new riskThe new approachTop Information Security ConcernsProtection and ControlCost Containment

StaffingKeep threats outControl sensitive dataEnforce complianceDo more with lessQuicker time to benefitCAPEX v OPEX

Limited staff, expertiseInnovation vs. managing infrastructure3Todays CIOs and CISOs are struggling with a variety of difficult challenges. Protecting the business and managing compliance is more difficult than ever, yet there is constant pressure to control costs and do more with less. At the same time, IT security expertise is more difficult than ever to locate and retain.

These challenges are forcing you to evaluate new approaches to dealing with security.

Evolving Threat Landscape90% of breaches in 2009 involved organized crime targeting corporate information90% of all email traffic is spam and the Web has become the primary vector for malware delivery11x increase in unique malware samples in the last two years seen by Symantec44Email and web threats are blending

Sophistication of high end threats is evolving rapidlyContinued growth in targeted threats which attack specific companies, persons or systemsEvolving Threat LandscapeNew Zero Hour Threats continue to increaseNew malicious code signaturesDriven by:Increase in new threats leading to failure of traditional signature based protectionReadily available malware toolkitsSpecialization of highly skilled participantsHuge sums of money$5It was annoying once.6Its now malicious

Graphical representations of virus, malware &

CIMUZ>INFORMATION-STEALING TROJANCIMUZ is an information-stealing Trojan that hooks itself into Internet Explorer. By capturing information entered or saved by the user, including passwords, keystrokes and other confidential information, it transmits the harvested data to its controller. This terminates security software and unlocks firewalls, leaving the computer vulnerable to further attacks.

7What are they attempting to do.IncursionDiscovery & CaptureExtractionIncursion / Break-in * job of malware - 90% of attacks begin with email then leverage web to infect.

Discovery & Capture* capture keystrokes, data streams, passwords* Activities

Export / Removal Sends information back to malware owner Allows criminals to take control of your machine.8Attacks Are Becoming More Complex

Fraudulent IM with Web LinkCompromised Website Hosting MalwareSpoofed Email with Web LinkComprehensive Protection Needed Across Email, Web, and IMMulti-Vector threats biggest risk29% of web malware was stopped in email

The web has become the primary vector for delivering malware. Well known sites are infected through SQL injection and cross-site scripting techniques. In some cases, cyber criminals are even paying for ad space and deploying banners with malicious payloads.

Increasingly, email and IM are used as part of a converged or blended attack to drive users to malicious websites. In a given month, 85-90% of email traffic is spam, and 90% of spam contains a link. In addition, according to MessageLabs research, 1:78 links sent via IM is malicious.

Given the way attacks now span multiple communication protocols, its more important than ever that businesses take a comprehensive approach to gateway security that spans email, Web, and IM traffic.

SPAM IS JUST THE DELIVERY VEHICLE 90% of SPAM contains a web link9You Cant See It BUT Its There10

This is the meaning of drive-bysyou visit a legitimate site that has been comprised and it infects you without your knowledge10

New Web Threats

Facebook Delivered Viruses

12Point solutions leave gaps multi-protocol converged threat analysis and unrivaled accuracy are essentialEarly warning systems were built for the old style mass mailing viruses not targeted attacks or smaller attacks from thousands of attackersA new threat landscape requires a different approach90%Of all breaches are now driven by highly resourced organized criminals2008: total market value of illegally obtained corporate data$600B - $1T 13Whats being done now?14

How Email Flows To Your CompanySender

Email Client

Email Server

Email Client

Email ServerRecipientSender creates email in client and sends email to the abc.coms email server (Sender [email protected], Recipient [email protected]).abc.coms email server queries DNS server for email server of def.com.abc.coms DNS queries for MX Records of def.com.def..coms DNS replies with MX Records and IP address of def.coms email server (2.2.2.2), abc.coms DNS informs email server of IP address.abc.coms email server sends mail to def.coms email server (2.2.2.2) using SMTP.def.coms email server delivers mail to Recipient ([email protected]).15Traditional Email Security

Email ServerDNSEmail Client

Email ServerDNSEmail Client

RecipientMail FlowATTACKS!SenderSender creates email in client and sends email to the abc.coms email server (Sender [email protected], Recipient [email protected]).abc.coms email server queries DNS server for email server of def.com.abc.coms DNS queries for MX Records of def.com.def..coms DNS replies with MX Records and IP address of def.coms email server (2.2.2.2), abc.coms DNS informs email server of IP address.abc.coms email server sends mail to def.coms email server (2.2.2.2) using SMTP.def.coms email server delivers mail to Recipient ([email protected]).16What happens insideTraditional Email SecurityEmails will have to be received by the device to be processedWasted resources and bandwidthMajority Signature BasedMost use the same signatures as their desktop AV productsSome have IP reputation filteringWhite listing/black listing based on IP address onlyWill rely on updates by the vendor to keep up to dateWindow of vulnerability, time taken for updates to be developed and deliveredWill have to increase physical resources once volume of mail increasesThe New Approach18

FiltrationSedimentationSlow Sand FiltersActivated SludgeFlocculationChlorinationElectromagnetic RadiationSuspended ParticlesParasitesBacteriaAlgaeVirusesFungiAre these terms familiar?19How Water Flows To Your HomeReservoirHome

FiltrationSedimentationSlow Sand FiltersActivated SludgeFlocculationChlorinationElectromagnetic RadiationUntreated WaterSuspended ParticlesParasitesBacteriaAlgaeVirusesFungiClean Water

20DNS Block ListsSignatureHeuristicsTraffic ShapingWhite ListsBlack ListsBayesian FilteringSandbox

VirusesTrojansSpywareSpamPhishing

Are these terms familiar?21How Hosted Email Scanning WorksSender

Email Client

Email Server

Email Client

Email ServerRecipient

MessageLabsData CentreInternetDNS Block ListsSignaturingHeuristicsTraffic ShapingWhite ListsBlack ListsBayesian FilteringSandbox

Untreated EmailsVirusesTrojansSpywareSpamPhishing

Clean Emails22What is Symantec Hosted Security?In The Cloud Security-as-a-Service

So what do we do?

We operate in the email and web security markets protecting our customers from threats such as viruses, spam and inappropriate content.

We do this in the cloud and take it aware from your premises

All your internet traffic runs through Messagelabs/ Symantec and returns to you clean and protected.

Essentially there are 3 main models to provide security in this area. - Software, the traditional solution which sits at the desktop or server on the right hand side of this visual - and remains the principle focus of the likes of Symantec and McAfee. - Appliances which combine software and hardware and have some advantages in terms of ease of configuration and use. And- Managed services, which in the case of MessageLabs and some others, sit in the cloud closer to the source of the threats.

It is important to state that we do not advocate getting rid of desktop software, which still has part to play in an overall security solution

MessageLabs focuses exclusively on services because we believe it has a number of inherent advantages as outlined on the slide:-- Fundamentally services and esp ML do a better job of protecting the customer because sitting where do we are closer to the threats and there are clever things we can do around identifying them. We back this up with the strongest SLAs in the industry.- Services are quick and easy to set up have a totally predictable cost and a lower TCO because you are essentially outsourcing your security to experts who can benefits from economies of scale.- Our service works independent of a clients OS or technology platform and you can have better load balancing of traffic and redundancy across our global network shown on the right there.- And lastly because we filter out all the rubbish before it gets to you, you use less bandwidth and put less strain on your systems (mail servers etc).

OUTCOME ORIENTATED NOT A SET OF TOOLS

ProcurementDeploymentTestingPerformance TuningPolicy AdministrationCapacity Planning

High AvailabilityPatchingUpgrades

Management OverheadEliminate On-Site InfrastructureMessagingWeb

ManagementTraffic ShapingAV / AS / Content FilteringHigh Availability

ManagementAV / AS / Content FilteringHigh Availability

HQ OfficeBranch Office #1Branch Office #2MessagingWeb

AV / AS / Content FilteringHigh Availability

AV / AS / Content FilteringHigh Availability

MessagingWeb

AV / AS / Content FilteringHigh Availability

AV / AS / Content FilteringHigh Availability

IT AdminPolicy Administration

Management Simplified2424Managing gateway security through an on-site approach can be expensive and labor intensive. Multiple appliances are required to address core filtering capabilities, as well as traffic shaping, management across sites, and high availability. Branch offices typically require additional appliances for Web security, and can require local messaging security appliances as well.

In addition to the added infrastructure expense, organizations taking an on-site approach are confronted with significant management overhead. Employees must deal with procurement, deployment, testing, performance tuning, policy administration, capacity planning, load balancing, high availability, patching, and upgrade cycles.

Using MessageLabs hosted services offerings, organizations can virtually eliminate the need to manage on-site hardware and software, dramatically simplify administration, and lower total cost of ownership. Workers need only focus on policy administration, freeing time for other valuable tasks.Advantages of Hosted Services25Defense in depth with multiple scanning enginesMulti-protocol protection across email, Web, and IMEnforce Acceptable Use Policies and limit data lossAffordable, predictable costs managed as OPEXVirtually eliminates the need for hardware and softwareBlock threats before they reach your networkReduce RiskLower TCO and SimplifyManagementIncreaseConfidenceIndustry-leading Service Level Agreement (SLA)24 / 7 support delivered by dedicated specialistsHighly scalable, reliable, and energy efficient Leonard SimClient Services Manager South [email protected]