Partner Webcast – Oracle Marketing Cloud: How Modern Marketing Works - 22 Aug 2013
Layered Security Why It Works Webcast
Transcript of Layered Security Why It Works Webcast
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 1/28
Layered Security:Why It Works
Sponsored by Symantec
© 2013 The SANS™ Institute – www.sans.org
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 2/28
Today’s Speakers
Jerry Shenk, SANS Analyst
Kat Pelak, Senior Product Marketing Mgr.,Symantec
© 2013 The SANS™ Institute – www.sans.org 2
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 3/28
Layered Security —Introduction
© 2013 The SANS™ Institute – www.sans.org 3
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 4/28
No Silver Bullet
Anti-virus: – On the mail server – At the workstation
Firewall: – Ingress filtering (inbound) –
Egress filtering (outbound)Traffic monitoring:
“The latest thing”
© 2013 The SANS™ Institute – www.sans.org 4
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 5/28
© 2013 The SANS™ Institute – www.sans.org 5
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 6/28
Defense In Depth
Risk analysis is the starting point:
– What data is important?
– Where does it reside?
–How could it be exploited?
© 2013 The SANS™ Institute – www.sans.org 6
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 7/28
Layered Security
Roots in military science: – Deep defense or “defense in depth”
Goals: – Slow an attacker –
Cause enemy casualties
© 2013 The SANS™ Institute – www.sans.org 7
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 8/28
Layered Security Defined
“Layered security” is a defensive strategy that
uses multiple technologies to block access to
confidential data long enough to discourage
attacks and allow for detection, followed by
defensive action.
© 2013 The SANS™ Institute – www.sans.org 8
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 9/28
Key Security Layers
© 2013 The SANS™ Institute – www.sans.org 9
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 10/28
Network Controls
Firewalls – Ingress restrictions
– Egress restrictions
Intrusion Detection System – IDS/IPS
Data Loss Prevention – DLP
© 2013 The SANS™ Institute – www.sans.org 10
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 11/28
Antivirus
– Commonly used as a single layer
– Attackers work to avoid detection
– Polymorphic code: Changing the executable
– Heuristics: Looking for hostile behavior
© 2013 The SANS™ Institute – www.sans.org 11
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 12/28
Reputation
File checksum: – Mathematical “fingerprint” – Known good – Known bad – Unknown
IP address or domain: – Countries – Addresses with detected hostile traffic
© 2013 The SANS™ Institute – www.sans.org 12
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 13/28
Behavioral Analysis
Prevention is best but detection is a must .
Baselining normal behavior with the help of: – Firewalls – Routers – Flow collectors – Network taps
© 2013 The SANS™ Institute – www.sans.org 13
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 14/28
Analyzing Unusual Activity
High-bandwidth trafficStealthy traffic
Web trafficDNS traffic
© 2013 The SANS™ Institute – www.sans.org 14
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 15/28
Detection and Remediation
Log monitoring:www.sans.edu/research/security-laboratory/article/sixtoplogcategories IDS/IPSBehavioral analysisEnd usersThird parties
© 2013 The SANS™ Institute – www.sans.org 15
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 16/28
The Human Layer
Perhaps the most critical point of aconcentrated defense!
Employee training: – If it’s too good to be true…
– Catch somebody doing right
© 2013 The SANS™ Institute – www.sans.org 16
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 17/28
Conclusion
– Attackers attack various layers! – Security must be multi-layered.
– There is no silver bullet. – Attackers look for easy targets. – Don’t assume you will stop everything.
– Slow attackers down and detect them. – Determine key assets and identify weaknesses.
© 2013 The SANS™ Institute – www.sans.org 17
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 18/28
Symantec Targeted Attack Protection 18
Stopping Tomorrow’s Targeted Attacks Today
Kat PelakSr. Regional Product Marketing Manager AMS
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 19/28
Symantec Targeted Attack Protection 19
66%
Breaches went undetected for30 days or more
243
Days before detected
4
Months to remediate
Organizations are NOT Stopping Targeted Attacks
42%Increase in Targeted
Attacks Last Year
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 20/28
Symantec IS Security Intelligence
Symantec Targeted Attack Protection 20
7 BillionFile, URL & IP Classifications
2.5 TrillionRows of Security Telemetry
1 Billion+Devices Protected
550Threat Researchers
240 Million+Contributing Users & Sensors
14Operations & Response Centers
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 21/28
Symantec Targeted Attack Protection 21
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 22/28
Symantec Stops Targeted Attacks
Symantec Targeted Attack Protection 22
Endpoint Gateway Data Center
Global Intelligence
NewNetwork Threat
Protection for MacDisarm forMessagingGateway
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 23/28
Proactive Endpoint Protection:Symantec Endpoint Protection
Symantec Targeted Attack Protection 23
IntrusionPrevention
Symantec’s patentedNetwork IntrusionPrevention System
blocks attackers from
connecting over thenetwork to your PCs andinjecting their attacks.
AdvancedScanning
Symantec’s next -generation scanningtechnology blocks
suspicious files – even
those with nofingerprint – beforethey can run and steal
your data.
InsightReputation
Our Insight Systemleverages the wisdom of
Symantec’s 100s ofmillions of users to
compute safety ratings forevery single software fileon the planet, and usesthis to block targeted
attacks.
SONARBehavior Blocking
Monitors softwareas it runs on your
endpoints andautomatically blocks
software with suspiciousbehaviors even if thatsoftware has never been
seen before.
SymantecMaximum RepairThe reality is that threats
occasionally get through…Our aggressive SMR
technology roots out such
entrenched infections andkills them in seconds.
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 24/28
Email Targeted Attack Trends
• Most targeted attacks are sent via email
• Burying Zero-Day Attacks inside of anattachment is a popular method
• Example: RSA Breach
• Secure Email Gateways will not block
• Other examples including malicious and/orshortened URLs
Symantec Targeted Attack Protection 24
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 25/28
Gateway: Proactive ProtectionEmail Security.cloud
Symantec Targeted Attack Protection 25
Skeptic Real Time Link Following
Detect Malware AtFinal Destination
Targeted Attacks, Spear Phishing,Phishing, Spam
Evasion Tactics
Understands short URLs, freewebs,delays, multi hops, multi destination
Anticipateevolution of
malwarePredictive heuristics
Identify anomaliesDelivery behavior, message attributes,social engineering tricks, attachment
method
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 26/28
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Symantec Targeted Attack Protection 26
Twitter: KatherynePelak
8/13/2019 Layered Security Why It Works Webcast
http://slidepdf.com/reader/full/layered-security-why-it-works-webcast 27/28
Q & A
Please use GoToWebinar’s Questions tool to submit
questions to our panel.
Send to “Organizers”
and tell us if it’s for
a specific panelist.
© 2013 The SANS™ Institute – www.sans.org 27