Enterprise SSL Security – Symantec Vision 2012
Making Your Enterprise SSL Security Less of a Gamble
Andrew Horbury
Sr. Manager, Product Marketing
Dave Corbett
Sr. Manager, Product Management
SYMANTEC VISION 2012
The VeriSign Seal is Now the Norton Secured Seal
Authentication | Identity Validation | Encryption | Security
Still the Most Recognised Trust Mark on the Internet
2 Enterprise SSL Security
Helps enterprises secure and protect their business
Helps SMBs grow their online business via our brand
Assure businesses and consumers that the website they are visiting is highly-trusted and secure.
Now even more powerful at inspiring consumer trust and confidence
SYMANTEC VISION 2012
Cyber Attacks On The Rise Everyone Has a Part to Play To Help Combat These
Enterprise SSL Security
Frequency of cyber attacks experienced by enterprises*
Viruses, worms, trojans
Malware
Botnets
Web-based attacks
Stolen devices
Malicious code
Malicious insiders
Phishing & social engineering
Denial of service
100%
96%
82%
64%
44%
42%
30%
30%
4%
* Source: Ponemon Institute 2012
SYMANTEC VISION 2012
How We Play Our Part: A 3600 View of Website Security Strategy
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
SYMANTEC VISION 2012
3600 View: Step 1
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
SYMANTEC VISION 2012
Your Website: End-to-End User Protection Proves Critical
Enterprise SSL Security
Read: http://www.wired.com/gadgetlab/2012/08/apple-
amazon-mat-honan-hacking/all/
SYMANTEC VISION 2012
‘Always On SSL’ Deployment
Enterprise SSL Security
Early Adopters
• Persistent security across website from arrival to login to logout
• Proven, practical security measure for all websites where users share or view
sensitive information
• High adoption rate in the financial industry and across major online properties
SYMANTEC VISION 2012
3600 View: Step 2
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
SYMANTEC VISION 2012
Chaos Drives Costs, Losses & Brand Damage
Enterprise SSL Security
CALLS TO TECH SUPPORT
USERS TRAINED TO IGNORE WARNINGS
LOST PRODUCTIVITY
MISSED SALES OPPORTUNITIES
DEFECTION TO COMPETITORS
DAMAGE TO BRAND AND CREDIBILITY
CALLS TO CUSTOMER SUPPORT
INTE
RN
AL
AP
PLI
CA
TIO
NS EX
TERN
AL
AP
PLIC
ATIO
NS
12
SYMANTEC VISION 2012
Many teams that manage our combined infrastructure and each following a different informal process – no controls
Constantly changing team with people unfamiliar with our process for requesting, installing and managing SSL
No solid process or tooling in place to appropriately manage SSL holistically including EOL of services
Inherited a team or company through reorganization or acquisition, and was not aware the certificate existed
And The Most Common Reasons Provided
Every application follows a different SSL installation process; complexity and variance of approach causes mistakes
The person responsible left the company and there was no way to identify and transition to someone new
Enterprise SSL Security
INHERITED INFRASTRUCTURE
GENERAL PROCESS ISSUES
TRAINING CONSTRAINTS
TOO MANY COOKS
ADMIN LEFT THE COMPANY
TOO MUCH VARIANCE
13
SYMANTEC VISION 2012
“I don’t really know what’s in my network, and where! My teams
have a hard time keeping our SSL installation inventory current and
accurate.”
“Certificate expiration presents a huge risk with revenue impact to my business
and loss of productivity.”
“Enforcing my SSL policies across the enterprise is not feasible with my tools
today. Fines for not being compliant with regulations add up!”
“Enabling my teams to spend their valuable time on items other than SSL installation and life cycle management
would be ideal.”
Increasing Asset
VISIBILITY Maintaining
CONTINUITY
Meeting and Remaining
COMPLIANT Increasing Operational
EFFICIENCY
Enterprise Challenges with SSL Management
Enterprise SSL Security 14
SYMANTEC VISION 2012
Discover the Power of: Symantec Certificate Intelligence Center
Monitor and Manage your SSL Certificate enterprise environment
Enterprise SSL Security
SSL Certificate Discovery
Reports and Audit
Alert and Notification
Management
User and Administration Management
Server Risk Assessment
15
SYMANTEC VISION 2012 Enterprise SSL Security 16
Telecom Operator
I didn’t realise we had this many CAs in our environment until CIC. We need to consolidate!
What Customers Have Said About CIC
Great reports and visibility into data to help us plan. We can’t afford expirations in our business. Social Networking Company
The scans were easy to configure once the sensors were setup. Provided great results and some very useful insights into our SSL lay of the land. Enterprise Software Company
CIC did what it said it would do. We want to roll this out to all our BUs. Hosting Provider
SYMANTEC VISION 2012
Symantec Certificate Intelligence Center for Mobile
Discover and manage SSL certificates issued from any Certificate Authority. Anytime. Anyplace.
Enterprise SSL Security
• Maintain business continuity:
• Minimise risks of unavailable or unknown website services across enterprise network
• Enhance Agility:
• Remediate out-of-status SSL certificates quickly
• Increase Operational Visibility:
• Provide up-to-date data and information on SSL certificate inventory for compliance and management control
27
SYMANTEC VISION 2012
3600 View: Step 3
Enterprise SSL Security
End-to-End protection of user
experience on web site
Assurance of Persistent Protection
Web site Security
SYMANTEC VISION 2012
Cyber Attack Vectors
Enterprise SSL Security
Frequency of cyber attacks experienced by enterprises*
44%
42%
30%
30%
4%
Stolen devices
Malicious code
Malicious insiders
Phishing & social engineering
Denial of service
100%
96%
82%
64%
Viruses, worms, trojans
Malware
Botnets
Web-based attacks
SYMANTEC VISION 2012
Today’s Web Threat Lifecycle
Source: 2010-2012 Symantec Research
Enterprise SSL Security
signatures created per day 13,300
emails are Phishing 1in298
More Malware Variations
Attack Target Users vs. Machines
Unique websites containing malware 1in156
Increasing Attack Success
of malicious websites are legitimate, but compromised sites 61%
Web 2.0 is the Catalyst
increase of Web-based
Attacks
93%
SYMANTEC VISION 2012
Easy way to identify the most critical vulnerabilities on your website most commonly exploited
• Check for SQL injection, Cross Site scripting and other vulnerabilities
• Weekly scan for the entry points frequently used for attacks
• Easy-to-read, actionable report
Vulnerability Assessment
Discover the Power of: Website Protection
Enterprise SSL Security
Protect you from being blacklisted by search engines and reduce risk of propagating viruses to customers’ systems:
• Daily review for malicious code
• Immediate alert by email warns of malware infection
• List of infected pages and problems help pinpoint and remove malware
Malware Scanning
SYMANTEC VISION 2012
Symantec Recommends:
Enterprise SSL Security
Gain visibility and control of certificates using appropriate tools to reduce risk of business interruption and increase compliance
Turn on ‘Always-On SSL’ to protect customer’s identities, enhance their experience, and strengthen your brand position
Use value-add features like malware, vulnerability scanning & display of trust seals to validate web site security and drive more trusted customer interactions
SYMANTEC VISION 2012
For more information
Enterprise SSL Security
2012 ISTR:
www.symantec.com/threatreport/
Always-On SSL:
go.symantec.com/always-on-ssl/
Symantec Certificate Intelligence Center:
go.symantec.com/certificate-intelligence-center
Symantec Website Security Solutions
www.symantec.com/ssl
Q & A Andrew Horbury
Dave Corbett
Enterprise SSL Security
Thank You!
Top Related