Unified Security, ATP and more

Transcription

1 SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC!

2 Unified Security 2

3 Symantec Enterprise Security Users Data Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Apps Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Cloud Gateways Advanced Threat Protection Across All Control Points Built-In Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads: On-Premise, Virtual, & Cloud Cloud-based Management for Endpoints, Datacenter, and Gateways Integrated Data and Identity Protection Cloud Security Broker for Cloud & Mobile Apps User and Behavioral Analytics Cloud-based Encryption and Key Management Unified Security Analytics Platform Endpoints Data Center Log and Telemetry Collection Integrated Threat and Behavioral Analysis Unified Incident Management and Customer Hub Inline Integrations for Closed-loop Actionable Intelligence Regional and Industry Benchmarking 3

4 Symantec Threat Protection Endpoints Advanced Threat Protection Across Control Points Built-in Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads across On-Premise, Virtual, and Cloud Advanced Threat Protection Cloud-based Management for Endpoints, Datacenter, and Gateways Network/ Gateways Data Center 4

5 Symantec Information Protection Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats Data Identities Cloud Security Broker Access

6 Cyber Security Services MANAGED SECURITY SERVICES DEEPSIGHT INTELLIGENCE Track and Analyze Security Events, Creating Actionable Intelligence DEEPSIGHT INTELLIGENCE CYBER NE INCIDENT RESPONSE MANAGED SECURITY SERVICES Protect Against Targeted Attacks, Advanced Threats and Campaigns SECURITY SIMULATION INCIDENT RESPONSE Respond Quickly and Effectively to Credible Security Threats and Incidents SECURITY SIMULATION Strengthen Cyber Readiness to Prevent Today s Sophisticated, Advanced Attacks World-class Security Expertise Reactive to Proactive Integrated, End-to-End Security 6

7 Unified Security Analytics Blueprint Unified Security Applications SYMC Unified Security offerings & apps 3 rd -party offerings & apps Managed Services (SYMC or 3 rd party) ATP: ATP: Endpoint Network ATP: SymGauge Attack Detection UIM/ UII Unified Security Platform PRESENTATION SERVICES LAYER DATA LAYER Customer Portal Collection & Enrichment Services CUSTOMER DATA (NON-ANONYMIZED) Reports & Dashboards Analytics Services (Batch & Real-Time) Interactive Visualizations Unified Incident Hub Integration Services (with Detect/Protect Engines) GLOBAL DATA (ANONYMIZED) Collectors and control APIs Telemetry & APIs 3 rd party clouds Cloud security (e.g. for AWS) SYMC hosted security (e.g. , Web) SYMC on-prem products (e.g. SEP, DLP, DCS) 3 rd party products (e.g. Firewalls)

8 Advanced Threat Protection 8

9 What are Advanced Threats? Targeted Stealthy Persistent Targets specific organizations and/or nations for business or political motives Uses previously unknown zero-day attacks, root kits, and evasive technologies Sophisticated command and control systems that continuously monitor and extract data from the specific target 9

10 How They Work: Advanced Threats 10

11 Prevention alone isn t enough IDENTIFY PREVENT DETECT RESPOND RECOVER Knowing where important data is Stopping incoming attacks Finding incursions Containing & remediating problems Restoring operations 11

12 Uncover Advanced Threats across Endpoints, Networks and Uncover attacks in under one hour. Search for any attack artifact across your entire infrastructure, by file hash, registry key, or the source IP address and URL, with a single click of a button. Uncover attacks across endpoints, networks, and , with one console, not three. 12

13 Prioritize what matter most with Symantec Synapse EFFECTIVE PRIORITIZATION Aggregate and correlate all suspicious activity across endpoints, networks, and Fuse with data from Symantec Global Intelligence Network A UNIFIED INVESTIGATION Single view of all attack activity across control points Visualize and remediate all related attack artifacts. e.g. files, addresses, or IP TANGIBLE RESULTS Reduce number of incidents security analysts need to examine No new agents to deploy or complex SIEM rules to write Streamlined security operations with Symantec ATP reduced up to 70% of our redundant and network security alerts. This saved us so much time. Large services provider 13

14 Detect and Prioritize advanced attacks faster with Symantec Cynic Advanced machine learning analysis combined with Symantec global intelligence Designed to draw out VMaware malware; executes and analyzes the results Cloud platform enables rapid updates as malware evolves to avoid detection Broad coverage: Office docs, PDF, Java, containers, portable executables Detects stealthy and persistent threats that traditional defenses miss Detect threats designed to evade VMs by using physical & virtual machines Conviction and intelligence always available within minutes not hours. Quick, accurate analysis of nearly all types of potential malicious content Symantec Cynic detected a targeted attack from a nation state as it came in and enabled our security operations team to respond to it quickly. international electric company Cynic detected a trojanized version of a legitimate software package that a member of my security team downloaded. It saved us from a massive security breach. leading food provider 14

15 Prevent, detect and respond across multiple control points to gain maximum benefit and protection Security.cloud + Advanced Threat Protection: Symantec Global Intelligence Symantec Cynic Symantec Synapse Symantec Advanced Threat Protection SEP Manager Real-time Inspection t BLACK LIST Blacklist Vantage Insight AV Mobile Insight SEP Endpoints Remote / Roaming SEP Endpoints Remote / Roaming SEP Endpoints UNCOVER PRIORITIZE REMEDIATE Physical & virtual detonation from cloudbased sandbox Correlate across endpoint, network, and Block, clean, and fix in real-time 15

16 ADVANCED THREAT PROTECTION MODULES 16

17 Symantec Advanced Threat Protection: Endpoint Add Endpoint Detection and Response (EDR) capabilities to Symantec Endpoint Protection No new agents required Virtual appliance or physical hardware appliance Search for suspicious events and new threats in real-time Sweep endpoints for Indicators of Compromise Respond and contain threats immediately Use Cynic sandboxing to detect advanced threats. Automatically correlates with ATP: Network and Security.cloud events INCLUDES THE CORE PLATFORM SYMANTEC CYNIC New cloud-based sandboxing and payload detonation service SYMANTEC SYNAPSE New event prioritization and correlation. 17

18 Symantec Advanced Threat Protection: Network Uncovers and prioritizes advanced attacks entering the organization through HTTP, FTP and other common network protocols Virtual appliance or physical hardware appliance Deploy into the core network switch Tap/Span port. Monitors internal inbound and outbound internet traffic Network visibility into all devices and all protocols Automated sandboxing with Symantec Cynic Automatically correlates with Symantec Endpoint Protection and Security.cloud events INCLUDES THE CORE PLATFORM SYMANTEC CYNIC New cloud-based sandboxing and payload detonation service SYMANTEC SYNAPSE New event prioritization and correlation. 18

19 Symantec Advanced Threat Protection: Enhance Symantec Security.cloud with advanced detection and reporting capabilities Cynic sandboxing detects advanced threats in attachments Identify targeted attacks against an organization or specific user Detailed reporting and severity levels for prioritization On-demand data export for SIEMs Easily managed via Symantec.cloud management portal Automatically correlates with Symantec Endpoint Protection and ATP: Network events INCLUDES THE CORE PLATFORM SYMANTEC CYNIC New cloud-based sandboxing and payload detonation service SYMANTEC SYNAPSE New event prioritization and correlation. 19

20 THANK YOU. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 20