Symantec: čas přítomný a budoucí

„Nový“ SYMANTEC: čas prítomný a budúci

Ján Kvasnička

Senior Pre-Sales Consultant, Czech Republic and Slovakia

O čom bude dnes reč

1 ISTR č.21 – IT bezpečnosť v r. 2015

2 Stratégia Symantec

3 Roadmapy (produktové plány)

4 Otázky

Copyright © 2014 Symantec Corporation2

Internet Security Threat Report č. 21

Copyright © 2014 Symantec Corporation 3

Copyright 2016, Symantec Corporation

V r. 2009 bolo vytvorených

2,361,414nových škodlivých kódov.

to znamená

1 milión 179 tisícdenne.

v r. 2015 tento počet vzrástol na

430,555,582

2016 Internet Security Threat Report Volume 21 4


2006

14

2007 2008 2009 2010 2011 20120

2

4

6

8

10

12

14

16

13

15

9

12

14

8

Zraniteľnosti nulového dňa

2013 2014

2423

2015

54



2012 2013 2014

• Počet adresátov• na kampaň

• Priemerný počet• emailových útokov• na kampaň

• Počet kampaní


2015

Kampane cielených útokov

300

600

900

1,200

1,500150

120

90

60

30

12

2529

122

111

2318

11

1,305

841779

408

55% nárast

Copyright 2016, Symantec Corporation 2016 Internet Security Threat Report Volume 21 7

Industry Detail Distribution Attacks per Org % Risk in Group*

1 Finance, Insurance, & Real Estate 34.9% 4.1 8.7%

2 Services 21.6% 2.1 2.5%

3 Manufacturing 13.9% 1.8 8.0%

4 Transportation & Public Utilities 12.5% 2.7 10.7%

5 Wholesale Trade 8.6% 1.9 6.9%

6 Retail Trade 2.5% 2.1 2.4%

7 Public Administration 2.0% 4.7 3.2%

8 Non-Classifiable Establishments 1.6% 1.7 3.4%

9 Mining 1.4% 3.0 10.3%

10 Construction 0.7% 1.7 1.1%

11 Agriculture, Forestry, & Fishing 0.2% 1.4 2.0%

Non SIC Related Industries

Energy 1.8% 2.0 8.4%

Healthcare 0.7% 2.0 1.1%

Najčastejšie priemyselné odvetvia cielených spear-phishing útokov

*NB: The Risk in Group figure is a measure of the likelihood of an organization in that industry being attacked at least once during the year. For example, if there are 100 customers in a group and 10 of them were targeted, that would indicate a risk of 10 percent.


ŠIFROVANÝ RANSOMWARE

“ZAPLAŤ A MY TI ODŠIFRUJEME DISK”

ZÁMOK

„POKUTA”

FALOŠNÝ ANTIVÍRUS

“ZAPLAŤ ZA VYČISTENIE POČÍTAČA“

APLIKÁCIE

“ZAPLAŤ A MY APLIKÁCIU OPRAVÍME“

2014-20152012-20132010-2011

Ransomware - vývoj v čase

2005-2009



Rodiny ransomware

• Android• Linux• OSX


Blokované podvodné linky na technickú podporu

16 miliónov


Dridex Gang – počet známych spamových útokov za deň



Keď kybekriminálnici

pracujú v call centrách, vytvárajú dokumentáciu a majú voľné víkendy,

potom viete, že je to profesia

122016 Internet Security Threat Report Volume 21


5 podstatných informácií pre pamäť:

1 V r. 2015 bol v priemere zistený jeden útok nulového dňa týždenne

2 Viac ako pol miliardy osobných údajov stratených v dôsledku útokov

3 Tri z každých štyroch webových stránok vás vystavujú riziku

4 Šifrovanie je teraz používané ako kybernetická zbraň na držanie kritických dát spoločností a jednotlivcov ako rukojemníkov

5 Nevolajte nám, my vám zavoláme: kybernetickí podvodníci vám teraz zavolajú, aby ste im zaplatili


Stratégie Symantec


SYMANTEC PODNIKOVÁ BEZPEČNOSŤ | PRODUKTOVÁ STRATÉGIA

Users

Data

Apps

Cloud

Endpoints

Gateways

Data Center

Platforma Unified Security Analytics

Log andTelemetryCollection

Unified IncidentManagement and Customer Hub

Inline Integrationsfor Closed-loopActionable Intelligence

Regional and Industry Benchmarking

Integrated Threatand BehavioralAnalysis

Ochrana proti hrozbám

KONCOVÉ BODY DÁTOVÉ CENTRÁ BRÁNY

• Advanced Threat Protection Across All Control Points• Built-In Forensics and Remediation Within Each Control Point• Integrated Protection of Server Workloads: On-Premise, Virtual, & Cloud• Cloud-based Management for Endpoints, Datacenter, and Gateways

Ochrana informácií

DÁTA IDENTITY

• Integrated Data and Identity Protection• Cloud Security Broker for Cloud & Mobile Apps• User and Behavioral Analytics• Cloud-based Encryption and Key Management

Služby kybernetickej bezpečnostiMonitoring, Incident Response, Simulation, Adversary Threat Intelligence

STRATÉGIA OCHRANY PRED HROZBAMI

SIEŤ/ BRÁNY DÁTOVÉ CENTRÁ

ATP

KONCOVÉ BODY• Pokročilá ochrana proti hrozbám na kontrolných bodoch (ATP)

• Vstavaná forenzná analýza a náprava v rámci každého kontrolného bodu

• Integrovaná ochrana serverov fyzických, virtuálnych a v cloude

• Riadene pre koncové body, dátové centra a brány v cloude

STRATÉGIA OCHRANY INFORMÁCIÍ

DÁTA PRÍSTUP

Cloud Security Broker

IDENTITIY• Rozšírená ochrana dát a identít bez ohľadu na to, kde sídlia: lokálne, na mobilných zariadeniach či v cloude

• Jednotné SSO a riadenie prístupu bez ohľadu na to, kde aplikácia sídli: lokálne, na mobilných zariadeniach, či v cloude

• Integrovaná analýza správania sa použivateľa a aplikácií, detekcia a prevencia vnútorných a vonkajších pokročilých perzistentných hrozieb

OCHRANA PROTI HROZBÁM: OSVEDČENÉ A INOVATÍVNE TECHNOLÓGIE

DETEKČNÉ NÁSTROJE OCHRANNÉ NÁSTROJE

Detonácia

Cynic

Cloud based sandboxing and

detonation engine for

malware analysis

Korelácia

Synapse

Correlates security events

across the control points

Blokovanie hrozieb

PEP

Blocks exploits of known & unknown

vulnerabilities

Behaviorálna analýza

SONAR

Finely tuned engine that enables flight

recorder-like system monitoring

Prediktívnaanalýza

Skeptic

Uses predictive analysis,

heuristics, and link following

to find targeted threats

Reputačná analýza

Insight

Determines the safety of files & websites using the “wisdom of

crowds”

SLUŽBY KYBERNETICKEJ BEZPEČNOSTI: PREHĽAD KĽÚČOVÝCH MOŽNOSTÍ

SLUŽBBY MONITOROVANIA BEZPEČNOSTI

ODPOVEĎ NA INCIDENTY & SIMULÁCIE

SLUŽBY BEZPEČNOSTNEJ INTELIGENCIE

• Key technology IP for log collection, analytics, and incident investigation

• Tailored to customer maturity/industry

• High-touch 24x7 service model

• Integration with next gen security infrastructure to detect advanced threats

• Global team with extensive experience in forensics investigation

• Emergency/Retained/Managed options

• Integrated with SOCs to provide end to end service

• Realistic live fire training missions delivered as a SaaS solution

• Global Intelligence Network

• Early warning Portal

• Adversary threat intelligence

• Integrated IoCs from internal and external feeds

Global team of 500+ threat and intel experts with unique knowledge of attack actors;Supported by Cloud-based Big Data analytics infrastructure

Služby DeepSight – reálny portál

https://sso.trm.symantec.com/SSO

Roadmapy (produktové plány)


Legal Disclaimer


• Please note that this information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.

• This version is only valid up to May 31, 2016

Symantec Endpoint Protection 12.1.6 MP4

22

Release Objective• Fix Customer defects• Provide incremental functionality improvements

Value Proposition• Address short term customer pain points

Target• New and existing SEP customers

GUP throttling

• Improves Performance

SEP for Public Clouds – Phase 1

• SEP deployed in the Amazon Apps Market Place

Ship Date: March 2016

Release Highlights

Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution

Symantec Endpoint Protection 12.1.6 MP5

23

Release Objective• Fix Customer defects• Provide incremental functionality improvements

Value Proposition• Address short term customer pain points


• Customer Defect Fixes

• AWS – FCP licensing

• ESX 6.0 Support

• RSA 8.1 Support

• Support for additional Kernels of Linux for Bosh and IBM

• Compatibility with Windows Server 2016

• Compatibility with Windows 10 Redstone

Planned GA: June 2016

Release Highlights


Symantec Endpoint Protection 14.0

24

Release Objective• Enhanced EDR/ATP integration, system lock down

capability.

Value Proposition• Enhanced EDR & ATP integration


Extended Mac Support• Mac Device Control

Total Cloud Protection - Patented technique: all of our cloud intelligence

available to every scan, reduced def size on disk

EDR/ATP Integration

• Move from heartbeat driven trigger to event driven trigger (improves search, quarantine, remediation)

• Enhanced client side data collection via SONAR

SEP Visibility Framework

Planned GA: 2H CY 2016

Release Highlights


Symantec Unified Endpoint Protection v1.0/CA

25

Release Objective• Initial release of a cross device cloud-based

security and management that delivers easy to use sophistication

Value Proposition• Single Cloud Console• Security and Basic Management across platforms• User Centric Policy

Target• Initial focus on small to medium sized

organizations with a generalist IT admin• Fulfill enterprise security and basic management

for BYOD use cases

Release Highlights

End-User Self-service • Device self enrollment

• Auto-config for email

• End user un-enrollment

Endpoint Management• Endpoint protection (Win, Mac, Android)

• Centralized monitoring and alerting

• Basic Management and Configuration

• Dashboards and KPI

• Azure Directory Services Integration

• Device and application Inventory

Platforms: Mac, Win 7/8/10, iOS, Android

Ship Date: December 2015


Symantec Unified Endpoint Protection v2.0

26

Release Objective• Enhanced release of a cross device cloud-based

security and management that delivers easy to use sophistication in addition to Endpoint Management/Security for the Enterprise

Value Proposition• Single Cloud Console• Security and Basic Management across platforms• User Centric Policy• Endpoint Management + Security for the

Enterprise

Target• Initial focus on small to medium sized

organizations with a generalist IT admin• Fulfill enterprise security and basic management

for BYOD use cases

Release Highlights

Endpoint Management + Security• Native encryption key management add-on

(Mac & Windows)• Improved enterprise capabilities

• Protection – Server support, scheduled scans

• Security Management –

• v2 - Remote actions, ITMS connector, W10 MDM v2.5 – Wifi, Unified Android Agent, Apple DEP, security-only mode

• Custom Alerts

Order Management Integration• API for online/auto-provisioning

Uptime Availability at 99.5

• Multi Data Center support

• EMEA Data center

• Multi Partition Support (Scalability)

Platforms: Mac, Win 7/8/10/10 Phone, iOS, Android

Planned GA: June/July 2016 (U.S.); 2H 2016 (Global)


Symantec Advanced Threat Protection v2.0 (General Availability)

27

Release Objective• Provides an integrated platform

that ties the endpoint presence to network detections and callback for faster, easier, and more powerful detection, investigation and response

Value Proposition• Symantec ATP enables customers

with network to endpoint visibility, to prioritize & focus on what is important, investigate efficiently, contain easily and remediate without calling desktop ops

Target• Initial focus on SEP or ESS

customers, struggling with manual correlation, investigation and response

Platform

• Unified network and endpoint console

• Incident management, investigation, visualization

• Common search, event list, & shared blacklisting

• Basic Search capability (reg key, file hash, URL etc)

• User context event enrichment (for SEP managed only)

• Deepsight intelligence context enrichment

Endpoint, Network & Email

• Virtual appliance leverages SEP agent

• Investigation / hunting for IoCs

• Get a file from an endpoint for additional inspection

• Endpoint quarantine

• Remediation – file removal by hash, file blacklist

• support (Network and Endpoint)

• Identification of suspicious files on endpoints

• Improved visibility into all endpoint convictions

http://www.symantec.com/atp-network/


Release Highlights

Release StatusCopyright © 2015 Symantec CorporationRelease Status Shipped Execution

http://www.symantec.com/atp-network/

Symantec Advanced Threat Protection v2.0.1

28

Release Objectives• Increase the value of endpoint to

network correlation by enhancing features at both control points

Value Proposition• Symantec ATP is leveraging existing

investments in security that customers have already made

Target• SEP and ESS customers that have a

need for powerful visibility across their environment, without deploying a new agent

Q1 – March RTM (Shipped)

• Support release for in field customer deployments

Q2 – May RTM

• Reporting capabilities, Executive summary

• Network Inline deployment modes (Monitoring and inline block)

• MoPS certification of all appliance form factors

• Enhanced EDR Abilities:

• Output of behavioral actions observed on the machine

• STIX import, search

Ship Date: March &Planned GA: May 2016

Release Highlights

Release Status PlanningRelease Status Shipped ExecutionCopyright © 2015 Symantec Corporation

Symantec Advanced Threat Protection (Versionless)

29

Release Objectives• Open up and share ATP event data

as a platform to leverage a customer’s existing investments in security, and enhance Endpoint IR investigations with flight recorder

Value Proposition• Symantec ATP powers the ability to

“work with” your other security investments, drive your IR investigations, and auto-handle high fidelity incidents built on the security expertise that s Symantec

Target• SEP and ESS customers that have a

need for powerful visibility, detection, and response across their environment

Q3 – Sep RTM

• ATP Platform APIs

• Integration with Splunk

• Integration with Service Now

• Support for >100K endpoints

• Data storage scaleout

• Integrate Web.cloud into ATP Platform (coverage for roaming endpoints, HTTPS, etc)

• TAA identification and IOC feed with endpoint query enhancing STIX (URL, IP, reg key)

• Versionless SKU

Planned GA: CY Q3 2016

Release Highlights

Release Status PlanningRelease Status Shipped ExecutionCopyright © 2015 Symantec Corporation

Symantec Mobility Suite v5.4 & v5.4.1

30

Release Objective• Enhance Enterprise capabilities• Deliver latest mobile platform support

Value Proposition• Broader Platform support – including iOS 9,

Windows Phone 10 Beta and Android M Beta • Wider Marketplace availability

Target• Enterprise mobile admin• MSP’s/ Teclo’s

Release Highlights

Mobile Management (5.4)

• Localized Admin Console (JP)

• Platform support: iOS 9

• Parallels/ODIN Integration

• Granular Device Policy Targeting

Mobile Management (5.4.1)

• Android M Support

• Customer Issues

End-User Experience

• Workforce Apps:

• Platform Support: Android L

• customer issues and minor enhancements

• Touchdown: Venus (Android Redesign) Alpha

Ship Date: September 2015 (5.4) & October 2015 (5.4.1)


Symantec Mobility Suite v5.5: Last Feature Release

31

Release Objective• Enhance Enterprise capabilities• Deliver latest mobile platform support

Value Proposition• Broader Platform support (Enterprise)

Target• Enterprise mobile admin

Release Highlights

Mobile Management

• Platform support: Windows Phone 10

• Apple DEP (Work-hub less enrollment)

• Compliance alert and actions

• Restore Content Center

• Customer Issues/Enhancements

End-User Experience

• Workforce Apps:

• Updated Platform Support (iOS9.x, Android M)

• Customer issues and minor enhancements



Symantec Touchdown 9.0: Android UX Re-design

32

Release Objective• Limited rollout of redesigned UX based on latest

android guidelines

Value Proposition• Consumer Appeal, Enterprise Security, Desktop

Functionality

Target• Enterprise, Commercial and Consumer

Release Highlights

iOS

• Customer Issues and Enhancements

• Integrated MAPS w/SYMC telemetry and opt-out options

Android

• UX re-design for modules:

• Email

• Calendar

• Contacts

• Tasks

• Notes

• Integrated MAPS w/SYMC telemetry and opt-out options

Ship Date: April 2016


Symantec Touchdown 9.x: Android UX Re-design

33

Release Objective• Android UX redesign generally available• Distribute and manage without MDM/ MAM

Value Proposition• Consumer Appeal, Enterprise Security, Desktop

Functionality• Lower TCO for email access on mobile

Target• Enterprise and Commercial

Release Highlights

Touchdown App

• Incorporate feedback for Android Re-Design

• Android Re-Design Ph-2



Mobile App Protection v1.1 Remediation/CA

34

Release Objective• Risk Detection SDK• Dynamic Policy Settings

Value Proposition• Provide protection and visibility to Enterprise

mobile applications

Target• Enterprise who creates mobile apps for their

customers/employees

Release Highlights

Risk Detection SDK

• Dynamic Policy Updates

• Plug-Ins to Simplify Developer Use

Console & Back End

• Dynamic Policy Settings

Ship Date/CA: February 2016


Mobile App Protection v2.0: Common Cloud

35

Release Objective• On Common Cloud platform, Remediation &

Control

Value Proposition• On Common Cloud Platform; dynamic policy

updates

Target• Enterprise who creates mobile apps for their

customers/employees

Release Highlights

Console & Back-End

•On Common Cloud platform

•UX:“Cloud Stratus Style”

•Dynamic policy settings

•New data visualizations per customer feedback

•Possibly: Licensing integration via OLP

Risk Detection SDK•Dynamic policy updates

• iOS: Malware

Planned GA: Summer 2016


Symantec Messaging Gateway 10.6

36

Release Objective• Enhanced effectiveness for bulk mail containing

URLs.• Refreshing Operating System to latest standard

and transition to native 64bit

Value Proposition• Enhanced effectiveness• Better performance• Supporting the latest platforms

Target• All current Symantec Messaging Gateway

customers • All segments requiring an on-premise secure

messaging gateway solution.

• Enhanced effectiveness for spam and bulk mail: Scans emails for URLs and performs lookups to Symantec’s URL reputation intelligence

• Provides the capability to send the Control Center administrative events to a remote logging facility

• Adding support for TLS 1.1 and 1.2

• Operating System refreshes to maintain a secure platform and transition applications to native 64 bit

• Performance improvements

• Support for VMWare ESXi/vSphere 6

Platforms:

SMG 8340/8380

VMware ESXi/vSpher

Microsoft Hyper-V


Release Highlights


Symantec Messaging Gateway 10.6.1

37

Release Objective• This releases fixes known defects

Value Proposition• Stability improvements• Better performance

Target• All current Symantec Messaging Gateway

customers • All segments requiring an on-premise secure

messaging gateway solution.

• Hardware refresh: New SMG 8340 (R230)

• This release fixes known defects

Platforms:

SMG 8340/8380

VMware ESXi/vSphere

Microsoft Hyper-V



Release Highlights

38

Release Objective• Accurately Baseline normal operation of the

communication bus of a vehicle• Automatically detect anomalies without

requiring vehicle manufacturer to set rules• Ability to detect sophisticated attacks to a vehicle• Comply with low footprint and compute

requirements and can be deployed in head unit or via OBD – II dongle in a car

TargetCustomers in the Automotive space

o Vehicle Manufacturers and Tier I Supplierso After-market telematics players

Automatic Anomaly Detection• Bus parameter based statistical baselines• Ability to provide anomaly detection without

having to set rules or create policies.

Ability to detect and infer sophisticated attacks• Characterize State transitions in CAN BUS• Deep Packet Inspection

Low compute and RAM footprint

Planned GA: CY Q2 2016 ( MAY 2016 )

Release Highlights

Release Status ExecutionCopyright © 2016 Symantec Corporation -- Valid through 31MAY2016

Value PropositionAutomatically provide customers complete visibility to threats in their automotive networks on the CAN Bus

Anomaly Detection for Automotive V1.0

Anomaly Detection for Industrial Control Systems v1.0

Solution Objective• Automatically detect and map assets in customers’

industrial control systems• Detect anomalies in real-time without requiring

customer to set rules or policies• Form factor: software deployed on gateway or

other device on subnet, <500MB RAM required• Passive, no disruption of ongoing operations• UI maps system topology, provides relevant data

for anomalies

Target CustomerCustomers operating Industrial Control Systems

o Manufacturerso Oil & Gaso Utilitieso Critical Infrastructure

Asset Detection • Identify assets based on IP address, MAC address, additional

device specs (where possible)• Map network topology based on message flow

Anomaly Detection• Establish baseline activity by statistical analysis of network

parameters• Detect anomalous behavior (relative to baseline) without

having to set rules or create policies• Accept feedback from users over time to improve detection

accuracy and reduce false positives• Generate alerts and prioritize based on criticality in real-

time

ICS Protocol Parsing• Hybrid approach to protocol parsing:

• Protocol aware parser addresses specifics of top ICS protocols (e.g.: CIP, Modbus)

• Protocol agnostic parser uses machine-learning methods to characterize long tail of proprietary protocols

Easy to use UI• Visualize network topology• Present key forensic data for investigating anomalies• 2 UI’s: Edge (subnet specific) and backend (aggregated)

Feature Highlights - v1.0

Copyright © 2016 Symantec Corporation – Valid through 31MAY2016

Value PropositionICS systems contain a wide range of devices (age, complexity, function) and protocols, and are the target of new, sophisticated attacks. Securing ICS systems requires a proactive, analytics-based approach that understands a system’s topology and baseline activity to detect anomalous behavior that may indicate an attack.

Planned GA: September 2016

PlanningRelease Status Shipped Execution

40

Otázkyhow?

Date post:	21-Feb-2017
Category:	Technology
Upload:	marketingarrowecscz
View:	178 times
Download:	4 times

Symantec: čas přítomný a budoucí

Technology