Gateway, Cloud and Targeted Attacks Our Vision, Strategy and Roadmap

Paul Murray and Lana Knop Product Management, Gateway Security Group

SYMANTEC VISION 2014 2

Disclaimer: Any information regarding pre-

release Symantec offerings, future updates or

other planned modifications is subject to ongoing

evaluation by Symantec and therefore subject to

change. This information is provided without

warranty of any kind, express or

implied. Customers who purchase Symantec

offerings should make their purchase decision

based upon features that are currently available.

SYMANTEC VISION 2014

Gateway, Cloud and Targeted Attacks

3

Key Challenges and Focus Areas

Advanced Threat Protection Roadmap

Recent and Near-term Releases

1

2

3

Advanced Threat Protection Preview 4

Roadmap Overview 4

PREVIEW

SYMANTEC VISION 2014

Key Challenges – Email and Web Security

4

Threat Protection Information Protection

End-User Productivity

“Reduce Risks and Stop Threats”

“Protect my confidential

information and help me to comply with

regulations”

“Protect and enhance the productivity of my

end-users”

SYMANTEC VISION 2014

Solving the Challenges – Focus Areas

5

Threat Protection Information Protection

End-User Productivity

Identify and stop targeted attacks

Provide visibility of advanced malware

with actionable intelligence

Provide granular policy controls to

help prevent loss of confidential data

Encrypt sensitive

information sent to third parties

Improve detection of fraudulent and

unwanted emails

Enhance the end-user quarantine experience

SYMANTEC VISION 2014 6

Solving the Challenges Advanced Threat Protection Roadmap

SYMANTEC VISION 2014

Solving the Challenges: Advanced Threat Protection Focused On Solving Customer Problems

7

Tell me about them faster & better than anyone else, across all ports and protocols,

whether blocked or detected

Tell me what it means to me: details on why it is malicious, what it did, how it got

in, what I can do about it, what it means in a global context

Don’t show me 100s of 1000s of events in a big list - Prioritize your detections so I can

maximize my time

Help me Protect, Detect and Respond

Incident Responder & Security Operations

Protection only

SYMANTEC VISION 2014

Solving the Challenges: Advanced Threat Protection New: Symantec Dynamic Malware Analysis Service

Designed to draw out VM aware malware

Instrumented to simulate user behaviors to drive malware to execute

Gateway, Cloud and Targeted Attacks 8

Ability to observe user mode and kernel mode behaviors (i.e. file tries to install a driver); SONAR behavioral scoring

Cloud based service enables elastic, fast adoption to changing malware analysis demands & on demand queries

Portable Executables, PDF, Office docs, Java files, containers

SYMANTEC VISION 2014

• Improved visibility into protection: when is a customer targeted, who is targeted, how are they targeted?

• Better detection via DMAS, leveraging Symantec’s global context

• A feed to the gateway for correlation means better response prioritization & lower cost

Solving the Challenges: Advanced Threat Protection Email Security.cloud: Targeted Attack Reporting

9

SYMANTEC VISION 2014

Solving the Challenges: Advanced Threat Protection Symantec Gateway Security Threat Defense

• Purpose built, on-prem appliance

• Detect and Protect on all available ports & protocols

• Protect against recurring infections with immediate local intelligence

• Post-breach detection

• End user education opportunity

10

DMAS

Symantec’s big data

intelligence

Context

Conviction, Actionable intelligence

Symantec Cloud

Threat Defense Gateway

Network Traffic

Programs, Office docs,

PDFs, Java files

Endpoints

Blacklist IPS Insight AV Mobile Insight

BLACKLIST

Real-time Protection

Email & Endpoint (ESS, SEPM)

Prioritize via Synapse

Correlation

SYMANTEC VISION 2014

Solving the Challenges: Advanced Threat Protection Synapse correlation of events across the solution

Vision 2014: Session 1483 11

Email.cloud

Gateway SEP

Symantec Cloud

Events

Events Events

• Provides meaningful prioritization for incident responders, saving time

• Closes the loop from network event to target machine or user

• Synapse supports:

– Event Context (Managed Endpoint or not, blocked on that endpoint or not, IOCs, other Email.cloud recipients, shared bad files, senders, URLs across the environment)

SYMANTEC VISION 2014

Solving the Challenges: Advanced Threat Protection Web Security.cloud

12

Purpose-built, with full network stream visibility

Full slate of technologies and DMAS for best detection

Time saving correlation , meaningful prioritization, actionable intelligence for fast response

Robust cloud infrastructure with unmatched SLAs

User based Policy enforcement and web content filtering

Seamless support of Data Protection over HTTPS & HTTP

Roaming Users protected & compliant

Integrating the ATP Gateway & Web Security means the best of both worlds No threat goes undetected No user or remote location is unprotected

SGS:TD Web Security.cloud Advanced Threat

Protection & AUP, Web content filtering, DP

SYMANTEC VISION 2014 13

Solving the Challenges Recent and Near-term Releases

SYMANTEC VISION 2014 14

• PDF and Office attachments

• Removes JavaScript from PDFs

• Replaces embedded objects

• Removes macros from Office docs

• Reconstructs embedded PDFs

• Remove EXEs

• Problem: Attacks use malicious documents attached to emails

– Contains malicious active content or exploits payloads targeting parser vulnerabilities

• Solution: Remove the attack vector completely and reconstruct the attachment before delivering

– Attachments sanitized in real-time

– Transparent to the end-user

Solving the Challenges: Threat Protection Symantec Disarm Technology (SMG)

SYMANTEC VISION 2014

Protects users from spoofed emails commonly used in targeted attacks

Accurate detection based on information from the genuine domain owner

SPF authentication checks

DKIM authentication checks

Apply DMARC Policy

Validate and Apply Sender DMARC Policy

Pass Quarantine Reject

Deployed by the largest internet brands and email senders

15

Solving the Challenges: Threat Protection DMARC Validation for Email Security.cloud (Domain-based Message Authentication, Reporting and Conformance)

SYMANTEC VISION 2014 16

Reports of suspicious email dropped by more than 70% (2013) “DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday buying season alone” 1

Reports of phishing by users of Outlook.com dropped by more than 50% in 2013) 1

DMARC protects more than 85% of the people who receive email from Facebook 1

The number of spoofed messages dropped to only a few thousand within days (from 110m+ per day at their peak) 1

Both Yahoo! and AOL recently changed their DMARC policies to ‘reject’ emails purporting to be sent from their domains

1) DMARC.org

SYMANTEC VISION 2014 17

Solving the Challenges Cloud Management Portal Access Controls

• New access control options for the Symantec cloud management portal

• Two-Factor Authentication Integrated with Symantec Validation and IP Protection

• IP restrictions Control the devices that can access your account

Activate 2FA in the management portal

Register VIP credential

Login now requires 6-digit VIP code

SYMANTEC VISION 2014 18

• Intuitive, powerful data protection functionality

• Common policy elements across Email and Web channels

• Leverages policy resources of SYMC DLP

Solving the Challenges: Information Protection Data Protection for Email and Web Security.cloud

SYMANTEC VISION 2014 19

Solving the Challenges: Information Protection Data Protection for Email and Web Security.cloud

NEW – HTTPS inspection

• Essential for Web Data Protection and general policy enforcement

• No-charge enhancement for Web Security.cloud

NEW – Enhanced Reporting

• Matched-content available

• Include surrounding content

• Choose to redact sensitive content on a per-policy basis

Web Data Protection provides control of:

• Messages posted to blogs, message boards and social networking sites

• Entering text into search engines

• Sending email using web-based email

Email Data Protection enhancements:

• New policy templates inc. HIPPA, PCI, ITAR

• Managed policy resources, over 100 lists

• Granular control – multiple rules in one policy

• Detect unique matches and set thresholds

NEW OFFERING

NEW FEATURES

SYMANTEC VISION 2014 20

Solving the Challenges: Information Protection Encryption enhancements for Email Security.cloud

TLS PGP S/MIME PDF Portal

Fall-back options e.g. deliver as encrypted PDF if TLS cannot be established

Hierarchy – try more transparent methods first (TLS, PGP) – pickup portal is the last resort

1 Enable customers to use their encryption method of choice

2 Minimize the number of encrypted emails that fail delivery

3 Maximize ‘transparent’ delivery of encrypted emails

“Help me ensure that our email is only read by the intended recipient”

ROADMAP

SYMANTEC VISION 2014 21

Solving the Challenges: Information Protection Mobility enhancements for Web Security.cloud

1 No user or remote location left unprotected

2 Reduce risks and protect data regardless of device

3 More deployment choice using Secure Tunnels

“Protect my end-users and my information, regardless of location”

Highly resilient global infrastructure backed by Service Level Agreements

Comprehensive protection and granular policy enforcement

Simple to deploy, proxy free method to redirect network traffic to the cloud

ROADMAP

SYMANTEC VISION 2014 22

Solving the Challenges Symantec Gateway Security: Threat Defense

PREVIEW

SYMANTEC VISION 2014 23

Solving the Challenges When can we get it?

SYMANTEC VISION 2014

Roadmap Overview

SGS:TD Release

Gat

eway

Sec

uri

ty

Emai

l Sec

uri

ty

Integrated Web Security

.cloud + SGS:TD

ATP Module ph1 (cloud)

24

1H CY 2014 2H CY 2014 1H CY 2015 2H CY 2015

SGS:TD Alpha

SGS:TD Beta

Web Security.cloud Release

DMARC

2-Factor Auth

Data Protection

Encryption Enhancements

Quarantine Enhancements

ATP Module ph2 (cloud)

Self-serve TLS Encryption

Thank you!

25

YOUR FEEDBACK IS VALUABLE TO US!

Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.

To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.