Our Vision, Strategy and Roadmap - Home -...
Transcript of Our Vision, Strategy and Roadmap - Home -...
Gateway, Cloud and Targeted Attacks Our Vision, Strategy and Roadmap
Paul Murray and Lana Knop Product Management, Gateway Security Group
SYMANTEC VISION 2014 2
Disclaimer: Any information regarding pre-
release Symantec offerings, future updates or
other planned modifications is subject to ongoing
evaluation by Symantec and therefore subject to
change. This information is provided without
warranty of any kind, express or
implied. Customers who purchase Symantec
offerings should make their purchase decision
based upon features that are currently available.
SYMANTEC VISION 2014
Gateway, Cloud and Targeted Attacks
3
Key Challenges and Focus Areas
Advanced Threat Protection Roadmap
Recent and Near-term Releases
1
2
3
Advanced Threat Protection Preview 4
Roadmap Overview 4
PREVIEW
SYMANTEC VISION 2014
Key Challenges – Email and Web Security
4
Threat Protection Information Protection
End-User Productivity
“Reduce Risks and Stop Threats”
“Protect my confidential
information and help me to comply with
regulations”
“Protect and enhance the productivity of my
end-users”
SYMANTEC VISION 2014
Solving the Challenges – Focus Areas
5
Threat Protection Information Protection
End-User Productivity
Identify and stop targeted attacks
Provide visibility of advanced malware
with actionable intelligence
Provide granular policy controls to
help prevent loss of confidential data
Encrypt sensitive
information sent to third parties
Improve detection of fraudulent and
unwanted emails
Enhance the end-user quarantine experience
SYMANTEC VISION 2014 6
Solving the Challenges Advanced Threat Protection Roadmap
SYMANTEC VISION 2014
Solving the Challenges: Advanced Threat Protection Focused On Solving Customer Problems
7
Tell me about them faster & better than anyone else, across all ports and protocols,
whether blocked or detected
Tell me what it means to me: details on why it is malicious, what it did, how it got
in, what I can do about it, what it means in a global context
Don’t show me 100s of 1000s of events in a big list - Prioritize your detections so I can
maximize my time
Help me Protect, Detect and Respond
Incident Responder & Security Operations
Protection only
SYMANTEC VISION 2014
Solving the Challenges: Advanced Threat Protection New: Symantec Dynamic Malware Analysis Service
Designed to draw out VM aware malware
Instrumented to simulate user behaviors to drive malware to execute
Gateway, Cloud and Targeted Attacks 8
Ability to observe user mode and kernel mode behaviors (i.e. file tries to install a driver); SONAR behavioral scoring
Cloud based service enables elastic, fast adoption to changing malware analysis demands & on demand queries
Portable Executables, PDF, Office docs, Java files, containers
SYMANTEC VISION 2014
• Improved visibility into protection: when is a customer targeted, who is targeted, how are they targeted?
• Better detection via DMAS, leveraging Symantec’s global context
• A feed to the gateway for correlation means better response prioritization & lower cost
Solving the Challenges: Advanced Threat Protection Email Security.cloud: Targeted Attack Reporting
9
SYMANTEC VISION 2014
Solving the Challenges: Advanced Threat Protection Symantec Gateway Security Threat Defense
• Purpose built, on-prem appliance
• Detect and Protect on all available ports & protocols
• Protect against recurring infections with immediate local intelligence
• Post-breach detection
• End user education opportunity
10
DMAS
Symantec’s big data
intelligence
Context
Conviction, Actionable intelligence
Symantec Cloud
Threat Defense Gateway
Network Traffic
Programs, Office docs,
PDFs, Java files
Endpoints
Blacklist IPS Insight AV Mobile Insight
BLACKLIST
Real-time Protection
Email & Endpoint (ESS, SEPM)
Prioritize via Synapse
Correlation
SYMANTEC VISION 2014
Solving the Challenges: Advanced Threat Protection Synapse correlation of events across the solution
Vision 2014: Session 1483 11
Email.cloud
Gateway SEP
Symantec Cloud
Events
Events Events
• Provides meaningful prioritization for incident responders, saving time
• Closes the loop from network event to target machine or user
• Synapse supports:
– Event Context (Managed Endpoint or not, blocked on that endpoint or not, IOCs, other Email.cloud recipients, shared bad files, senders, URLs across the environment)
SYMANTEC VISION 2014
Solving the Challenges: Advanced Threat Protection Web Security.cloud
12
Purpose-built, with full network stream visibility
Full slate of technologies and DMAS for best detection
Time saving correlation , meaningful prioritization, actionable intelligence for fast response
Robust cloud infrastructure with unmatched SLAs
User based Policy enforcement and web content filtering
Seamless support of Data Protection over HTTPS & HTTP
Roaming Users protected & compliant
Integrating the ATP Gateway & Web Security means the best of both worlds No threat goes undetected No user or remote location is unprotected
SGS:TD Web Security.cloud Advanced Threat
Protection & AUP, Web content filtering, DP
SYMANTEC VISION 2014 13
Solving the Challenges Recent and Near-term Releases
SYMANTEC VISION 2014 14
• PDF and Office attachments
• Removes JavaScript from PDFs
• Replaces embedded objects
• Removes macros from Office docs
• Reconstructs embedded PDFs
• Remove EXEs
• Problem: Attacks use malicious documents attached to emails
– Contains malicious active content or exploits payloads targeting parser vulnerabilities
• Solution: Remove the attack vector completely and reconstruct the attachment before delivering
– Attachments sanitized in real-time
– Transparent to the end-user
Solving the Challenges: Threat Protection Symantec Disarm Technology (SMG)
SYMANTEC VISION 2014
Protects users from spoofed emails commonly used in targeted attacks
Accurate detection based on information from the genuine domain owner
SPF authentication checks
DKIM authentication checks
Apply DMARC Policy
Validate and Apply Sender DMARC Policy
Pass Quarantine Reject
Deployed by the largest internet brands and email senders
15
Solving the Challenges: Threat Protection DMARC Validation for Email Security.cloud (Domain-based Message Authentication, Reporting and Conformance)
SYMANTEC VISION 2014 16
Reports of suspicious email dropped by more than 70% (2013) “DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday buying season alone” 1
Reports of phishing by users of Outlook.com dropped by more than 50% in 2013) 1
DMARC protects more than 85% of the people who receive email from Facebook 1
The number of spoofed messages dropped to only a few thousand within days (from 110m+ per day at their peak) 1
Both Yahoo! and AOL recently changed their DMARC policies to ‘reject’ emails purporting to be sent from their domains
1) DMARC.org
SYMANTEC VISION 2014 17
Solving the Challenges Cloud Management Portal Access Controls
• New access control options for the Symantec cloud management portal
• Two-Factor Authentication Integrated with Symantec Validation and IP Protection
• IP restrictions Control the devices that can access your account
Activate 2FA in the management portal
Register VIP credential
Login now requires 6-digit VIP code
SYMANTEC VISION 2014 18
• Intuitive, powerful data protection functionality
• Common policy elements across Email and Web channels
• Leverages policy resources of SYMC DLP
Solving the Challenges: Information Protection Data Protection for Email and Web Security.cloud
SYMANTEC VISION 2014 19
Solving the Challenges: Information Protection Data Protection for Email and Web Security.cloud
NEW – HTTPS inspection
• Essential for Web Data Protection and general policy enforcement
• No-charge enhancement for Web Security.cloud
NEW – Enhanced Reporting
• Matched-content available
• Include surrounding content
• Choose to redact sensitive content on a per-policy basis
Web Data Protection provides control of:
• Messages posted to blogs, message boards and social networking sites
• Entering text into search engines
• Sending email using web-based email
Email Data Protection enhancements:
• New policy templates inc. HIPPA, PCI, ITAR
• Managed policy resources, over 100 lists
• Granular control – multiple rules in one policy
• Detect unique matches and set thresholds
NEW OFFERING
NEW FEATURES
SYMANTEC VISION 2014 20
Solving the Challenges: Information Protection Encryption enhancements for Email Security.cloud
TLS PGP S/MIME PDF Portal
Fall-back options e.g. deliver as encrypted PDF if TLS cannot be established
Hierarchy – try more transparent methods first (TLS, PGP) – pickup portal is the last resort
1 Enable customers to use their encryption method of choice
2 Minimize the number of encrypted emails that fail delivery
3 Maximize ‘transparent’ delivery of encrypted emails
“Help me ensure that our email is only read by the intended recipient”
ROADMAP
SYMANTEC VISION 2014 21
Solving the Challenges: Information Protection Mobility enhancements for Web Security.cloud
1 No user or remote location left unprotected
2 Reduce risks and protect data regardless of device
3 More deployment choice using Secure Tunnels
“Protect my end-users and my information, regardless of location”
Highly resilient global infrastructure backed by Service Level Agreements
Comprehensive protection and granular policy enforcement
Simple to deploy, proxy free method to redirect network traffic to the cloud
ROADMAP
SYMANTEC VISION 2014 22
Solving the Challenges Symantec Gateway Security: Threat Defense
PREVIEW
SYMANTEC VISION 2014 23
Solving the Challenges When can we get it?
SYMANTEC VISION 2014
Roadmap Overview
SGS:TD Release
Gat
eway
Sec
uri
ty
Emai
l Sec
uri
ty
Integrated Web Security
.cloud + SGS:TD
ATP Module ph1 (cloud)
24
1H CY 2014 2H CY 2014 1H CY 2015 2H CY 2015
SGS:TD Alpha
SGS:TD Beta
Web Security.cloud Release
DMARC
2-Factor Auth
Data Protection
Encryption Enhancements
Quarantine Enhancements
ATP Module ph2 (cloud)
Self-serve TLS Encryption
Thank you!
25
YOUR FEEDBACK IS VALUABLE TO US!
Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.
To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.