Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz...
-
Upload
homer-campbell -
Category
Documents
-
view
218 -
download
3
Transcript of Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz...
Symantec Targeted Attack Protection 2
66%Breaches went undetected for
30 days or more
243
Days before detected
4Months to remediate
Organizations are NOT Stopping Targeted Attacks
42%
Increase in Targeted Attacks Last Year
Not Just Big Companies
Symantec Targeted Attack Protection 3
Greatest growth in 2012 is at companies with <250 employees
Employees2,501+
50% 2,501+ 50% 1 to 2,500
50%
1,501 to 2,500
1,001 to 1,500501 to 1,000251 to 500
1 to 250
18%in 2011
9%
2%3%5%
31%
Symantec Stops Targeted Attacks TODAY
Symantec Targeted Attack Protection 4
Endpoint Gateway Data Center
Global Intelligence
Symantec IS Security Intelligence
Symantec Targeted Attack Protection 5
7 BillionFile, URL & IP Classifications
2.5 TrillionRows of Security Telemetry
1 Billion+Devices Protected
550Threat Researchers
240 Million+Contributing Users & Sensors
14Operations & Response Centers
Symantec Targeted Attack Protection 6
Endpoint Gateway Data Center
Global Intelligence
Proactive Endpoint Protection:Symantec Endpoint Protection
Symantec Targeted Attack Protection 7
Intrusion Prevention
Symantec’s patented Network Intrusion Prevention System
blocks attackers from connecting over the
network to your PCs and injecting their attacks.
Advanced Scanning
Symantec’s next-generation scanning
technology blocks suspicious files – even
those with no fingerprint – before
they can run and steal your data.
InsightReputation
Our Insight System leverages the wisdom of
Symantec’s 100s of millions of users to
compute safety ratings for every single software file on the planet, and uses
this to block targeted attacks.
SONARBehavior Blocking
Monitors softwareas it runs on your
endpoints and automatically blocks
software with suspicious behaviors even if that
software has never been seen before.
Symantec Maximum RepairThe reality is that threats occasionally get through…
Our aggressive SMR technology roots out such entrenched infections and
kills them in seconds.
New: Network Threat Protection for Mac
Symantec Targeted Attack Protection 8
STOP threats BEFORE they can implant
on the system, and keep data in
Protect against drive-by downloads
Prevent social engineering attacks
Post infection detection
Prevent social media attacks
Protect against unpatched vulnerabilities
Symantec Targeted Attack Protection 9
Endpoint Gateway Data Center
Global Intelligence
Symantec Web
Gateway
Proactive Gateway Protection
Symantec Targeted Attack Protection 10
Symantec Messaging Gateway
Symantec Email
Security.cloud
Email Targeted Attack Trends
• Most targeted attacks are sent via email• Burying Zero-Day Attacks inside of an
attachment is a popular method• Example: RSA Breach• Secure Email Gateways will not block• Other examples including malicious and/or
shortened URLs
Symantec Targeted Attack Protection 11
New: Gateway:Disarm for Symantec Messaging Gateway
• Disarm removes all active content and reconstructs a clean version
• Clean attachment is delivered in real-time• User is never exposed to the attack
Symantec Targeted Attack Protection 12
98%of Zero Day Exploits in 2013
Blocked Works with
Attachments
Innovation Made by Symantec Research Labs
Gateway: Proactive ProtectionEmail Security.cloud
Symantec Targeted Attack Protection 13
Skeptic Real Time Link Following
Detect Malware At Final Destination
Targeted Attacks, Spear Phishing, Phishing, Spam
Evasion TacticsUnderstands short URLs, freewebs,
delays, multi hops, multi destination
Anticipate evolution of
malwarePredictive heuristics
Identify anomaliesDelivery behavior, message attributes, social engineering tricks, attachment
method
Gateway: Proactive ProtectionWeb Gateway
• Leverages anonymous telemetry data from hundreds of machines to construct a massive nexus of files, machines and domains
• Tracks nearly every binary in the world– Billions of files, adding millions every week
– Uses age, prevalence, source and other attributes to assign a reputation rating to files
• Can accurately identify and block threats even if just a single Symantec user encounters them
14
Bad Safety RatingFile is blocked
Good Safety RatingFile is whitelisted
No Safety Rating YetCan be blocked
Symantec Targeted Attack Protection
Symantec Targeted Attack Protection 15
Endpoint Gateway Data Center
Global Intelligence
Data Center: The Real Target
Symantec Targeted Attack Protection 16
“ …. More often endpoints / user devices simply provide an initial “foothold” into the organization, from which the
intruder stages the rest of their attack.”
97%of stolen data is from
servers
Data Center: Proactive Protection for Physical/VirtualLeast Privilege with Symantec Critical System Protection
Symantec Targeted Attack Protection 17
17
Harden & Protect
VMware Infrastructure
Protect Domain
Controllers
Address PCI Compliance
Requirements
Stop Zero Day Attacks
Shield Embedded
Systems
Symantec Stops Targeted Attacks
Symantec Targeted Attack Protection 18
Endpoint Gateway Data Center
Global Intelligence
NewNetwork Threat
Protection for MacDisarm forMessagingGateway
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Symantec Targeted Attack Protection 19