Transcript Symantec Stops Targeted Attacks

Stopping Tomorrow’s Targeted Attacks Today
iPuzzlebiz
[email protected]
Symantec Targeted Attack Protection
1
Organizations are NOT Stopping Targeted Attacks
4
66%
Months to remediate
Breaches went undetected for
30 days or more
243
Days before detected
Symantec Targeted Attack Protection
42%
Increase in Targeted
Attacks Last Year
2
Not Just Big Companies
50% 2,501+
50% 1 to 2,500
Employees
2,501+
9%
1,501 to 2,500
2%
3%
5%
1,001 to 1,500
501 to 1,000
251 to 500
50%
31%
1 to 250
18%
in 2011
Greatest growth in 2012 is at companies with <250 employees
Symantec Targeted Attack Protection
3
Symantec Stops Targeted Attacks TODAY
Global Intelligence
Endpoint
Symantec Targeted Attack Protection
Gateway
Data Center
4
Symantec IS Security Intelligence
7 Billion
1 Billion+
File, URL & IP Classifications
Devices Protected
2.5 Trillion
550
Rows of Security Telemetry
Threat Researchers
240 Million+
14
Contributing Users & Sensors
Operations & Response Centers
Symantec Targeted Attack Protection
5
Global Intelligence
Endpoint
Symantec Targeted Attack Protection
Gateway
Data Center
6
Proactive Endpoint Protection:
Symantec Endpoint Protection
Intrusion
Prevention
Advanced
Scanning
Symantec’s patented
Network Intrusion
Prevention System
blocks attackers from
connecting over the
network to your PCs and
injecting their attacks.
Symantec’s nextgeneration scanning
technology blocks
suspicious files – even
those with no
fingerprint – before
they can run and steal
your data.
Symantec Targeted Attack Protection
Insight
Reputation
SONAR
Symantec
Behavior Blocking Maximum Repair
Our Insight System
Monitors software
The reality is that threats
leverages the wisdom of
as it runs on your
occasionally get through…
Symantec’s 100s of
endpoints and
Our aggressive SMR
millions of users to
automatically blocks
technology roots out such
compute safety ratings for software with suspicious entrenched infections and
every single software file
behaviors even if that
kills them in seconds.
on the planet, and uses
software has never been
this to block targeted
seen before.
attacks.
7
New: Network Threat Protection for Mac
Protect against drive-by
downloads
Prevent social engineering attacks
Post infection
detection
Prevent
social media attacks
STOP threats
BEFORE they
can implant
on the
system, and
keep data in
Protect against unpatched
vulnerabilities
Symantec Targeted Attack Protection
8
Global Intelligence
Endpoint
Symantec Targeted Attack Protection
Gateway
Data Center
9
Proactive Gateway Protection
Symantec
Messaging
Gateway
Symantec Targeted Attack Protection
Symantec
Email
Security.cloud
Symantec
Web
Gateway
10
Email Targeted Attack Trends
• Most targeted attacks are sent via email
• Burying Zero-Day Attacks inside of an
attachment is a popular method
• Example: RSA Breach
• Secure Email Gateways will not block
• Other examples including malicious and/or
shortened URLs
Symantec Targeted Attack Protection
11
New: Gateway:
Disarm for Symantec Messaging Gateway
• Disarm removes all active content and
reconstructs a clean version
• Clean attachment is delivered in real-time
• User is never exposed to the attack
Blocked
Works with
of Zero Day Exploits in 2013
Attachments
98%
Innovation Made by Symantec Research Labs
Symantec Targeted Attack Protection
12
Gateway: Proactive Protection
Email Security.cloud
Skeptic
Real Time Link Following
Identify anomalies
Detect Malware At
Final Destination
Delivery behavior, message attributes,
social engineering tricks, attachment
method
Anticipate
evolution of
malware
Targeted Attacks, Spear Phishing,
Phishing, Spam
Evasion Tactics
Understands short URLs, freewebs,
delays, multi hops, multi destination
Predictive heuristics
Symantec Targeted Attack Protection
13
Gateway: Proactive Protection
Web Gateway
• Leverages anonymous telemetry data from hundreds of
machines to construct a massive nexus of files, machines and
domains
• Tracks nearly every binary in the world
– Billions of files, adding millions every week
– Uses age, prevalence, source and other attributes to assign a reputation
rating to files
• Can accurately identify and block threats even if just a single
Symantec user encounters them
Bad Safety Rating
No Safety Rating Yet
Good Safety Rating
File is blocked
Can be blocked
File is whitelisted
Symantec Targeted Attack Protection
14
Global Intelligence
Endpoint
Symantec Targeted Attack Protection
Gateway
Data Center
15
Data Center: The Real Target
97%
of stolen data is from
servers
Symantec Targeted Attack Protection
“ …. More often endpoints /
user devices simply provide
an initial “foothold” into the
organization, from which the
intruder stages the rest of
their attack.”
16
Data Center: Proactive Protection for Physical/Virtual
Least Privilege with Symantec Critical System Protection
Harden &
Protect
VMware
Infrastructure
Protect
Domain
Controllers
Symantec Targeted Attack Protection
Address PCI
Compliance
Requirements
Stop Zero Day
Attacks
Shield
Embedded
Systems
17
Symantec Stops Targeted Attacks
Global Intelligence
Endpoint
Gateway
Data Center
New
Network Threat
Protection for Mac
Symantec Targeted Attack Protection
Disarm for
Messaging
Gateway
18
Thank you!
Copyright © 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,
are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Symantec Targeted Attack Protection
19