Securing the endpoint and your data

(1)

(2)

#SymVisionEmea

Securing the endpoint and your data

(3)

Safe harbor disclaimer

(4)

SYMANTEC VISION SYMPOSIUM 2014

Agenda

Changing Threat Landscape

1

Protecting Endpoints Today

2

Protecting Data on Endpoints with Encryption

(5)

Increase in targeted attacks

Increase in targeted attack campaigns

+

91

%

2012

(6)

Targeted attack campaigns

2011

2012

2013

Email per campaign Recipient/campaign 78 122 29 61 111 23

Duration of campaign _{4 days} _{3 days} _{8.3 days}

Campaigns 165

408

(7)

(8)

Symantec data analytics platform

Malware alerts Behaviors

Web sites visited Downloads

Crashes

File appearance Intrusion alerts

Symantec

Data Analytics Platform

1 0 0

2 0 0 0 0 0 0 0 0 0

55,000 rows

added every second

File Insight URL Insight SONAR engine Crash Ratings Intelligence Scam Insight

2.1 trillion rows of data Examples:

Downloads Web site visits Intrusion alerts Malware alerts Behaviors File appearance Crashes …

Raw features Big Data System Intelligence driven applications

File URL Crash Behavior Forms

(9)

Symantec

IS

Security Intelligence

Monitors Threats in 157+ countries 550 Threat Researchers 14 Data Centers World Wide 7 Billion 1 Billion+ 2.5 Trillion

File, URL & IP

Classifications

Devices Protected Rows of Security

Telemetry

Capturing previously unseen threats and attack methods

Putting “big data” analytics to work for every end user More visibility across devices creates better context and deeper insight

2B+ events logged daily Over 100,000 security alerts generated annually

(10)

Security Technology and Response (STAR )

(11)

Star protection

Network

Stops malware as it travels over the network and tries to take up residence on a system

• Protocol aware IPS • Browser Protection

File

Looks for and eradicates malware that has already taken up residence on a system • Antivirus Engine • Auto Protect • Malheur Reputation Establishes information about entities e.g. websites, files, IP addresses to be used in effective security • Domain Reputation • File Reputation Behavioral Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware

• SONAR

• Behavioral Signatures

Repair Aggressive tools for hard to remove infections

• Boot to a clean OS • Power Eraser uses

aggressive heuristics

(12)

SYMANTEC VISION SYMPOSIUM 2014 Reputation File Network Behavioral Repair S T A R P R O T E C T I O N

(13)

Network Threat Protection blocks todays most critical

threats

Hundreds

of Millions

of threats are

stopped

with this

technology

Protect Against Drive-by

Downloads that install “APTs” Prevent Social Engineering Attacks

Find Infected Systems with Post Infection Protection Prevent

Social Media Attacks

(14)

(15)

File-based protection

• Malheur - Increased use of a new Artificial

Intelligence engine

– Extracts 100’s of attributes from each file

– Looks for suspicious combinations of attributes

– Endpoint uses predictive classifiers or rules derived from them and corroborates with leverages Insight Reputation

• Backend uses complex attributes to identify malware and releases definitions for them

– These heuristics can detect many variants and are

specifically effective at polymorphic malware families

• Benefits

– Proactive – catches new 0-day threats

– Proactive – blocks threats before they have a chance to run

(16)

(17)

Reputation-based Security

Insight - Reputation in a Nutshell

• Our Insight reputation system uses the wisdom of our hundreds of millions of users to automatically derive highly accurate safety ratings for every file on the internet • It is an entirely different approach to that requires no traditional virus signatures

Data Collection

Opt in program to collect anonymous file usage data

‘Reputation’ Engine

Patent pending algorithms to compute safety reputations

> 210 Million Contributing Users

>3 B unique program files, growing continuously

 It can accurately identify threats even if just a single Symantec user encounters them – and it blocks them without any signatures

File Attribute Database

World’s largest nexus of data on executable content

File Safety Reputations

A measure of how good or bad a file is

Updates every rating every 4 – 6 hours

For all files, both good and bad

(18)

Superior Protection

Our reputation system improves protection in three ways:

 It blocks entirely new malware that

traditional fingerprints miss

 It ratchets up the “resolution” of our

heuristics and behavior blocking

(19)

(20)

SYMANTEC VISION SYMPOSIUM 2014 SONAR Behavioral Protection

Build an engine that ignores what the threat

LOOKS LIKE

20

Securing the Endpoint and Your Data

But detects threats based on what the threat

DOES

(21)

SONAR Behavioral Protection

SONAR (5

th

_{Generation) Behavioral Protection}

New Behavioral-detection engine with significantly improved effectiveness

• Same Enterprise UI but totally redesigned behavioral protection under the hood

Proactively detects new threats based entirely on Behaviors

• Day-0 detection for

Hydraq/Aurora and StuxNet • Sophisticated Rootkits like

TidServ

• Non-process Based Threats (NPT’s) are stopped

Behavioral Rules-based

• Customers get up-to-date protection automatically via Liveupdate

• Coverage for APT like

High-Performance real-time engine

• Behaviors are monitored and assessed as they happen

• Sandboxing to insulate system from threats • No measurable impact on performance

Now with

1390

(22)

(23)

Repair technology

Additional options to help fix the problem:

2. Bootable Recovery Tool

A bootable recovery disk with full detection and repair capabilities

1. Symantec Power Eraser

standalone & integrated

3. Threat Specific Tools

Fix tools created for

specific threats available from Security Response

(24)

(25)

(26)

Improved performance

Client performance and content deltas

Reduce disk space on SEPM

by

85-95%

Allow customers to cache

more revisions

-Reduces the number of full definitions delivered

(27)

Extended platform support

Improved management of endpoints

Linux client management

-Single client package fully managed by SEPM

-Auto update

-Auto-compile kernels during install

Mac client management

-Client remote deployment

(28)

(29)

Enhanced protection

Against advanced threats

Integrated Power Eraser

-Aggressively scan an infected endpoint to locate APTs

-Reduce time to clean infected systems -Mitigate false positive

(30)

Customer participation opportunities

SEP 12.1.5 Program – Just released

• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization

SEP 12.1.6 Customer Previews – Q1, 2015

• Embedded client updates, VDI • System Lockdown enhancements

(31)

(32)

Causes of breaches

Top Causes of Data Breach, 2013

Source: Symantec Hackers Accidentally Made Public Theft or Loss of Computer or Drive Insider Theft Unknown Fraud

34%

29%

27%

6%

2%

87 72 69 15 6 4

253

TOTAL Number of Incidents Average number of

identities exposed per data breach for hacking incidents was approximately

4.7 million

Theft or loss + accidental breaches accounted for

56%

of data breach

(33)

Protects individual files in transit and at-rest from unauthorized parties, allowing

secure collaboration Protects email in transit

and at-rest from unauthorized parties Renders data-at-rest inaccessible

to unauthorized parties on devices such as laptops, desktops and

removable media

Email Encryption File & Folder Encryption Endpoint Encryption

Manage individual and group keys, create and set up encryption policies and report on encryption status

Endpoint Encryption Management Server

Symantec encryption portfolio

(34)

Symantec endpoint encryption

Disk Encryption

- Also known as Full-Disk or Whole Disk Encryption - Used on laptops and desktops

Additional benefits such as:

• Initial encryption happens in the background allowing users to keep working like normal

• Self-Recovery capabilities as well as Help Desk recovery • Single Sign-On capability

• No end user interaction required

Removable Media Encryption

(35)

Single Endpoint Encryption Offering 3rd Party Encryption Management Encryption Center of Excellence Next Generation Encryption

Encryption strategy

Enable customers to seamlessly protect sensitive

information,

wherever

it resides, with Symantec Encryption

E N C R Y P T I O N

E N C R Y P T I O N E N C R Y P T I O N

(36)

Thank you!

the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.