#SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec... · 2016-07-04 · File...

#SymVisionEmea

#SymVisionEmea

Behind the Yellow Curtain Discover Symantec's Proactive Protection Technology

Hervé Doreau – Security Practice Manager France

Marcus Brownell – Regional Product Manager - SEP

SYMANTEC VISION SYMPOSIUM 2014

Disclaimer

Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.

3 Behind the Yellow Curtain 3


Agenda

Behind the Yellow Curtain 4

Changing Threat Landscape 1

Protecting Endpoints Today 2

Roadmap – Futures and Near Term 3


Increase in Targeted Attacks

5

Increase in targeted attack campaigns

+91% 2012

2013

Behind the Yellow Curtain


Targeted Attack Campaigns

6

2011 2012 2013

Email per Campaign

Recipient/Campaign

78

122

29

61

111

23

Duration of Campaign 4 days 3 days 8.3 days

Campaigns 165

408

779


#SymVisionEmea

Protecting Endpoints Today



SYMANTEC DATA ANALYTICS PLATFORM

Malware alerts

Behaviors

Web sites visited

Downloads

Crashes

File appearance

Intrusion alerts

Symantec Data Analytics Platform

1 0 0 2 0 0 0 0 0 0 0 0 0

55,000 rows added every second

File Insight

URL Insight

SONAR engine

Crash Ratings

Intelligence

Scam Insight

2.1 trillion rows of data

Examples:

Downloads

Web site visits

Intrusion alerts

Malware alerts

Behaviors

File appearance

Crashes

…

Raw features Big Data System Intelligence driven applications

File URL Crash Behavior Forms …



Symantec IS Security Intelligence


Monitors Threats in

157+ countries 550 Threat

Researchers

14 Data Centers

World Wide

7 Billion

1 Billion+

2.5 Trillion

File, URL & IP Classifications

Devices Protected

Rows of Security Telemetry

Capturing previously unseen threats and attack methods

Putting “big data” analytics to work for every end user

More visibility across devices creates better context and deeper insight

2B+ events logged daily Over 100,000 security alerts

generated annually 200,000 daily code

submissions


Security Technology and Response (STAR ) Layers of Protection


Reputation

File

Network

Behavioral Repair

S TA R P R O T E C T I O N


Star Protection


Network Stops malware as it travels over the network and tries to take up residence on a system

• Protocol aware IPS

• Browser Protection

File Looks for and eradicates malware that has already taken up residence on a system

• Antivirus Engine

• Auto Protect

• Malheur

Reputation Establishes information about entities e.g. websites, files, IP addresses to be used in effective security

• Domain Reputation

• File Reputation

Behavioral Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware

• SONAR

• Behavioral Signatures

Repair Aggressive tools for hard to remove infections

• Boot to a clean OS

• Power Eraser uses aggressive heuristics

• Threat-specific tools


Reputation

File

Network

Behavioral Repair

S TA R

P R O T E C T I O N

Network Threat Protection



Network Threat Protection blocks today’s most critical threats


Hundreds of Millions of threats are

stopped with this

technology

Protect Against Drive-by Downloads that install “APTs”

Prevent Social Engineering Attacks

Find Infected Systems with Post Infection Protection

Prevent Social Media Attacks

Protect Against Unpatched Vulnerabilities

SYMANTEC VISION SYMPOSIUM 2014 14

Reputation

File

Network

Behavioral Repair


S TA R

P R O T E C T I O N


File-based Protection

15 Behind the Yellow Curtain

• Malheur - Increased use of a new Artificial Intelligence engine

– Extracts 100’s of attributes from each file

– Looks for suspicious combinations of attributes

– Endpoint uses predictive classifiers or rules derived from them and corroborates with leverages Insight Reputation

• Backend uses complex attributes to identify malware and releases definitions for them

– These heuristics can detect many variants and are specifically effective at polymorphic malware families

• Benefits

– Proactive – catches new 0-day threats

– Proactive – blocks threats before they have a chance to run

File


Reputation

File

Network

Behavioral Repair


S TA R

P R O T E C T I O N


Reputation-based Security Insight - Reputation in a Nutshell

• Our Insight reputation system uses the wisdom of our hundreds of millions of users to automatically derive highly accurate safety ratings for every file on the internet

• It is an entirely different approach to that requires no traditional virus signatures


Data Collection

Opt in program to collect

anonymous file usage data

‘Reputation’ Engine

Patent pending algorithms to

compute safety reputations

> 210 Million

Contributing Users

>3 B unique program files,

growing continuously

It can accurately identify threats even if just a single Symantec user encounters them – and it blocks them without any signatures

17

File Attribute Database

World’s largest nexus of

data on executable content

File Safety Reputations

A measure of how good or

bad a file is

Updates every rating

every 4 – 6 hours

For all files, both

good and bad

Reputation


Superior Protection

Our reputation system improves protection in three ways:

18

It blocks entirely new malware that traditional fingerprints miss

It ratchets up the “resolution” of our heuristics and behavior blocking

Changes the game, killing mutated malware once and for all


SYMANTEC VISION SYMPOSIUM 2014 Behind the Yellow Curtain

Reputation

File

Network

Behavioral Repair

S T A R P R O T E C T I O N

19


SONAR Behavioral Protection

Build an engine that ignores what the threat

LOOKS LIKE

20 Behind the Yellow Curtain

But detects threats based on what the threat

DOES

SYMANTEC VISION SYMPOSIUM 2014 Behind the Yellow Curtain

SONAR Behavioral Protection SONAR (5th Generation) Behavioral Protection

New Behavioral-detection engine with significantly improved effectiveness

• Same Enterprise UI but totally redesigned behavioral protection under the hood

Proactively detects new threats based entirely on Behaviors

• Day-0 detection for Hydraq/Aurora and StuxNet

• Sophisticated Rootkits like TidServ

• Non-process Based Threats (NPT’s) are stopped

Behavioral Rules-based

• Customers get up-to-date protection automatically via Liveupdate

• Coverage for APT like Shamoon PoisonIvy

High-Performance real-time engine

• Behaviors are monitored and assessed as they happen

• Sandboxing to insulate system from threats

• No measurable impact on performance

Now with 1390 Behaviors

21


Reputation

File

Network

Behavioral Repair

S T A R P R O T E C T I O N



Repair Technology

23

Additional options to help fix the problem:

2. Bootable Recovery Tool A bootable recovery disk

with full detection and repair

capabilities

1. Symantec Power

Eraser standalone & integrated

3. Threat Specific Tools

Fix tools created for

specific threats available

from Security Response

Repair


#SymVisionEmea

Roadmap – Futures and Near Term



Near-term Roadmap

Ease of Use Enhanced Protection

Improved Performance

Extended Platform Support



Improved Performance

Client performance and content deltas

Reduce disk space on SEPM by 85-95%

Allow customers to cache more revisions

-Reduces the number of full

definitions delivered

Improve boot time by more than 10%



Extended Platform Support

Improved management of endpoints

Linux client management

-Single client package fully managed by SEPM

-Auto update

-Auto-compile kernels during install

Mac client management

-Client remote deployment

-Device control

-Firewall



IT Analytics



Enhanced Protection

Against advanced threats

Integrated Power Eraser

-Aggressively scan an infected endpoint to

locate APTs

-Reduce time to clean infected systems

-Mitigate false positive



Moving Beyond Protection to Detection and Response

“Help me block more attacks without false

positives”

Customers Demanding a New Approach

30 Behind the Yellow Curtain 30

“Help me discover new

targeted attacks”

“Minimize my time to respond

and protect”

“Help me distinguish

targeted attacks from other

security events”

SYMANTEC VISION SYMPOSIUM 2014 31 Behind the Yellow Curtain

New: Dynamic Malware Analysis Service Cynic with Cloud based Sandbox

Designed to draw out VM aware malware

Instrumented to simulate user behaviors to drive malware to execute

Ability to observe behaviors; SONAR behavioral scoring; API based clustering; Leverages global intelligence of behaviors , attack patterns, and campaigns

Cloud based service enables elastic, fast adoption to changing malware analysis demands & on demand queries

Portable Executables, PDF, Office docs, Java files, containers


Rapid Assessment of Advanced Threats


Network

Adv. Threat

Detection

Symantec Endpoint

Protection

Symantec Managed

Security Services

Virt Exec

Symantec Global

Intelligence Network

• File Reputation • Origin Intelligence

• Threat behaviour (VX) • Threat info (multi-source)

Outcome: Protected

• Mitigation guidance

INCIDENT

• Fingerprint

Billions of files (20 million new each week)

150 million endpoints

240,000 sensors across 200 countries

32


Customer Participation Opportunities


SEP 12.1.5 Program – Just released

• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization

SEP 12.1.6 Customer Previews – Q1, 2015

• Embedded client updates, VDI • System Lockdown enhancements • Symantec Endpoint Security : ATP integration


MDM Free for Symantec Customers

34

Help customers get started on their mobile strategy

Offer • Equivalent number of Mobility Device Management licenses • On premise, 12 month subscription

Eligibility • Any SEP/SPS, ITMS and CMS (as of 1-JUL-2014) - 1,000+ users • Current on maintenance

Availability • Oct 6, 2014*

Symantec™ Mobility: Suite

Mobility: Device Management

(MDM)

Mobility: Application

Management (MAM)

Incl. Secure Email and Secure Web

Mobility: Threat Protection powered

by Norton™


Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

#SymVisionEmea

Hervé Doreau Marcus Brownell [email protected] [email protected]


mailto:[email protected]

mailto:[email protected]

#SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec... · 2016-07-04 · File...

Documents

Transcript of #SymVisionEmea - VOXvox.veritas.com/legacyfs/online/veritasdata/Symantec... · 2016-07-04 · File...