#SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec... · 2016-07-04 · File...
Transcript of #SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec... · 2016-07-04 · File...
#SymVisionEmea
#SymVisionEmea
Behind the Yellow Curtain Discover Symantec's Proactive Protection Technology
Hervé Doreau – Security Practice Manager France
Marcus Brownell – Regional Product Manager - SEP
SYMANTEC VISION SYMPOSIUM 2014
Disclaimer
Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
3 Behind the Yellow Curtain 3
SYMANTEC VISION SYMPOSIUM 2014
Agenda
Behind the Yellow Curtain 4
Changing Threat Landscape 1
Protecting Endpoints Today 2
Roadmap – Futures and Near Term 3
SYMANTEC VISION SYMPOSIUM 2014
Increase in Targeted Attacks
5
Increase in targeted attack campaigns
+91% 2012
2013
Behind the Yellow Curtain
SYMANTEC VISION SYMPOSIUM 2014
Targeted Attack Campaigns
6
2011 2012 2013
Email per Campaign
Recipient/Campaign
78
122
29
61
111
23
Duration of Campaign 4 days 3 days 8.3 days
Campaigns 165
408
779
Behind the Yellow Curtain
#SymVisionEmea
Protecting Endpoints Today
Behind the Yellow Curtain 7
SYMANTEC VISION SYMPOSIUM 2014
SYMANTEC DATA ANALYTICS PLATFORM
Malware alerts
Behaviors
Web sites visited
Downloads
Crashes
File appearance
Intrusion alerts
Symantec Data Analytics Platform
1 0 0 2 0 0 0 0 0 0 0 0 0
55,000 rows added every second
File Insight
URL Insight
SONAR engine
Crash Ratings
Intelligence
Scam Insight
2.1 trillion rows of data
Examples:
Downloads
Web site visits
Intrusion alerts
Malware alerts
Behaviors
File appearance
Crashes
…
Raw features Big Data System Intelligence driven applications
File URL Crash Behavior Forms …
Behind the Yellow Curtain 8
SYMANTEC VISION SYMPOSIUM 2014
Symantec IS Security Intelligence
Behind the Yellow Curtain 9
Monitors Threats in
157+ countries 550 Threat
Researchers
14 Data Centers
World Wide
7 Billion
1 Billion+
2.5 Trillion
File, URL & IP Classifications
Devices Protected
Rows of Security Telemetry
Capturing previously unseen threats and attack methods
Putting “big data” analytics to work for every end user
More visibility across devices creates better context and deeper insight
2B+ events logged daily Over 100,000 security alerts
generated annually 200,000 daily code
submissions
SYMANTEC VISION SYMPOSIUM 2014
Security Technology and Response (STAR ) Layers of Protection
Behind the Yellow Curtain 10
Reputation
File
Network
Behavioral Repair
S TA R P R O T E C T I O N
SYMANTEC VISION SYMPOSIUM 2014
Star Protection
Behind the Yellow Curtain 11
Network Stops malware as it travels over the network and tries to take up residence on a system
• Protocol aware IPS
• Browser Protection
File Looks for and eradicates malware that has already taken up residence on a system
• Antivirus Engine
• Auto Protect
• Malheur
Reputation Establishes information about entities e.g. websites, files, IP addresses to be used in effective security
• Domain Reputation
• File Reputation
Behavioral Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware
• SONAR
• Behavioral Signatures
Repair Aggressive tools for hard to remove infections
• Boot to a clean OS
• Power Eraser uses aggressive heuristics
• Threat-specific tools
SYMANTEC VISION SYMPOSIUM 2014
Reputation
File
Network
Behavioral Repair
S TA R
P R O T E C T I O N
Network Threat Protection
Behind the Yellow Curtain 12
SYMANTEC VISION SYMPOSIUM 2014
Network Threat Protection blocks today’s most critical threats
Behind the Yellow Curtain 13
Hundreds of Millions of threats are
stopped with this
technology
Protect Against Drive-by Downloads that install “APTs”
Prevent Social Engineering Attacks
Find Infected Systems with Post Infection Protection
Prevent Social Media Attacks
Protect Against Unpatched Vulnerabilities
SYMANTEC VISION SYMPOSIUM 2014 14
Reputation
File
Network
Behavioral Repair
Behind the Yellow Curtain
S TA R
P R O T E C T I O N
SYMANTEC VISION SYMPOSIUM 2014
File-based Protection
15 Behind the Yellow Curtain
• Malheur - Increased use of a new Artificial Intelligence engine
– Extracts 100’s of attributes from each file
– Looks for suspicious combinations of attributes
– Endpoint uses predictive classifiers or rules derived from them and corroborates with leverages Insight Reputation
• Backend uses complex attributes to identify malware and releases definitions for them
– These heuristics can detect many variants and are specifically effective at polymorphic malware families
• Benefits
– Proactive – catches new 0-day threats
– Proactive – blocks threats before they have a chance to run
File
SYMANTEC VISION SYMPOSIUM 2014 16
Reputation
File
Network
Behavioral Repair
Behind the Yellow Curtain
S TA R
P R O T E C T I O N
SYMANTEC VISION SYMPOSIUM 2014
Reputation-based Security Insight - Reputation in a Nutshell
• Our Insight reputation system uses the wisdom of our hundreds of millions of users to automatically derive highly accurate safety ratings for every file on the internet
• It is an entirely different approach to that requires no traditional virus signatures
Behind the Yellow Curtain
Data Collection
Opt in program to collect
anonymous file usage data
‘Reputation’ Engine
Patent pending algorithms to
compute safety reputations
> 210 Million
Contributing Users
>3 B unique program files,
growing continuously
It can accurately identify threats even if just a single Symantec user encounters them – and it blocks them without any signatures
17
File Attribute Database
World’s largest nexus of
data on executable content
File Safety Reputations
A measure of how good or
bad a file is
Updates every rating
every 4 – 6 hours
For all files, both
good and bad
Reputation
SYMANTEC VISION SYMPOSIUM 2014
Superior Protection
Our reputation system improves protection in three ways:
18
It blocks entirely new malware that traditional fingerprints miss
It ratchets up the “resolution” of our heuristics and behavior blocking
Changes the game, killing mutated malware once and for all
Behind the Yellow Curtain
SYMANTEC VISION SYMPOSIUM 2014 Behind the Yellow Curtain
Reputation
File
Network
Behavioral Repair
S T A R P R O T E C T I O N
19
SYMANTEC VISION SYMPOSIUM 2014
SONAR Behavioral Protection
Build an engine that ignores what the threat
LOOKS LIKE
20 Behind the Yellow Curtain
But detects threats based on what the threat
DOES
SYMANTEC VISION SYMPOSIUM 2014 Behind the Yellow Curtain
SONAR Behavioral Protection SONAR (5th Generation) Behavioral Protection
New Behavioral-detection engine with significantly improved effectiveness
• Same Enterprise UI but totally redesigned behavioral protection under the hood
Proactively detects new threats based entirely on Behaviors
• Day-0 detection for Hydraq/Aurora and StuxNet
• Sophisticated Rootkits like TidServ
• Non-process Based Threats (NPT’s) are stopped
Behavioral Rules-based
• Customers get up-to-date protection automatically via Liveupdate
• Coverage for APT like Shamoon PoisonIvy
High-Performance real-time engine
• Behaviors are monitored and assessed as they happen
• Sandboxing to insulate system from threats
• No measurable impact on performance
Now with 1390 Behaviors
21
SYMANTEC VISION SYMPOSIUM 2014 22
Reputation
File
Network
Behavioral Repair
S T A R P R O T E C T I O N
Behind the Yellow Curtain
SYMANTEC VISION SYMPOSIUM 2014
Repair Technology
23
Additional options to help fix the problem:
2. Bootable Recovery Tool A bootable recovery disk
with full detection and repair
capabilities
1. Symantec Power
Eraser standalone & integrated
3. Threat Specific Tools
Fix tools created for
specific threats available
from Security Response
Repair
Behind the Yellow Curtain
#SymVisionEmea
Roadmap – Futures and Near Term
Behind the Yellow Curtain 24
SYMANTEC VISION SYMPOSIUM 2014
Near-term Roadmap
Ease of Use Enhanced Protection
Improved Performance
Extended Platform Support
Behind the Yellow Curtain 25
SYMANTEC VISION SYMPOSIUM 2014
Improved Performance
Client performance and content deltas
Reduce disk space on SEPM by 85-95%
Allow customers to cache more revisions
-Reduces the number of full
definitions delivered
Improve boot time by more than 10%
Behind the Yellow Curtain 26
SYMANTEC VISION SYMPOSIUM 2014
Extended Platform Support
Improved management of endpoints
Linux client management
-Single client package fully managed by SEPM
-Auto update
-Auto-compile kernels during install
Mac client management
-Client remote deployment
-Device control
-Firewall
Behind the Yellow Curtain 27
SYMANTEC VISION SYMPOSIUM 2014
IT Analytics
Behind the Yellow Curtain 28
SYMANTEC VISION SYMPOSIUM 2014
Enhanced Protection
Against advanced threats
Integrated Power Eraser
-Aggressively scan an infected endpoint to
locate APTs
-Reduce time to clean infected systems
-Mitigate false positive
Behind the Yellow Curtain 29
SYMANTEC VISION SYMPOSIUM 2014
Moving Beyond Protection to Detection and Response
“Help me block more attacks without false
positives”
Customers Demanding a New Approach
30 Behind the Yellow Curtain 30
“Help me discover new
targeted attacks”
“Minimize my time to respond
and protect”
“Help me distinguish
targeted attacks from other
security events”
SYMANTEC VISION SYMPOSIUM 2014 31 Behind the Yellow Curtain
New: Dynamic Malware Analysis Service Cynic with Cloud based Sandbox
Designed to draw out VM aware malware
Instrumented to simulate user behaviors to drive malware to execute
Ability to observe behaviors; SONAR behavioral scoring; API based clustering; Leverages global intelligence of behaviors , attack patterns, and campaigns
Cloud based service enables elastic, fast adoption to changing malware analysis demands & on demand queries
Portable Executables, PDF, Office docs, Java files, containers
SYMANTEC VISION SYMPOSIUM 2014
Rapid Assessment of Advanced Threats
Behind the Yellow Curtain
Network
Adv. Threat
Detection
Symantec Endpoint
Protection
Symantec Managed
Security Services
Virt Exec
Symantec Global
Intelligence Network
• File Reputation • Origin Intelligence
• Threat behaviour (VX) • Threat info (multi-source)
Outcome: Protected
• Mitigation guidance
INCIDENT
• Fingerprint
Billions of files (20 million new each week)
150 million endpoints
240,000 sensors across 200 countries
32
SYMANTEC VISION SYMPOSIUM 2014
Customer Participation Opportunities
Behind the Yellow Curtain 33
SEP 12.1.5 Program – Just released
• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization
SEP 12.1.6 Customer Previews – Q1, 2015
• Embedded client updates, VDI • System Lockdown enhancements • Symantec Endpoint Security : ATP integration
SYMANTEC VISION SYMPOSIUM 2014
MDM Free for Symantec Customers
34
Help customers get started on their mobile strategy
Offer • Equivalent number of Mobility Device Management licenses • On premise, 12 month subscription
Eligibility • Any SEP/SPS, ITMS and CMS (as of 1-JUL-2014) - 1,000+ users • Current on maintenance
Availability • Oct 6, 2014*
Symantec™ Mobility: Suite
Mobility: Device Management
(MDM)
Mobility: Application
Management (MAM)
Incl. Secure Email and Secure Web
Mobility: Threat Protection powered
by Norton™
Behind the Yellow Curtain
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
#SymVisionEmea
Hervé Doreau Marcus Brownell [email protected] [email protected]
Behind the Yellow Curtain 35