Making Your Enterprise SSL Security Less of a Gamble

Transcription

1 Making Your Enterprise SSL Security Less of a Gamble Rob Glickman Sr. Director, Product Marketing Amar Doshi Sr. Manager, Product Management Symantec Vision 2012

2 The VeriSign Seal is Now the Norton Secured Seal Still the Most Recognized Trust Mark on the Internet Authentication Identity Validation Encryption Security Now even more powerful at inspiring consumer trust and confidence Help enterprises secure and protect their business Help SMBs grow their online business via our brand Assure businesses and consumers that the website is highly-trusted and secure 2

3 Cyber Attacks On The Rise Everyone Has a Part to Play To Help Combat These Frequency of cyber attacks experienced by enterprises* Viruses, worms, trojans Malware 96% 100% Botnets 82% Web-based attacks 64% Stolen devices Malicious code 44% 42% Malicious insiders Phishing & social engineering 30% 30% Denial of service 4% * Source: Ponemon Institute 2012

4 How We Play Our Part: A View of Website Security Strategy Web site Security End-to-End protection of user experience on web site Assurance of Persistent Protection

5 360 0 View: Step 1 Web site Security End-to-End protection of user experience on web site Assurance of Persistent Protection

6 Your Website: End-to-End User Protection Proves Critical

7 Always On SSL Deployment Persistent security across website from arrival to login to logout Proven, practical security measure for all websites where users share or view sensitive information High adoption rate in the financial industry and across major online properties Early Adopters

8 Alexa s Top Sites Are Also Implementing Always On SSL

9 360 0 View: Step 2 Web site Security End-to-End protection of user experience on web site Assurance of Persistent Protection

10 SSL Usage Across the Enterprise Is Driven By Trends

11 When an SSL Certificate Expires Chaos

12 INTERNAL APPLICATIONS Chaos Drives Costs, Losses & Brand Damage LOST PRODUCTIVITY MISSED SALES OPPORTUNITIES CALLS TO TECH SUPPORT EXTERNAL APPLICATIONS DEFECTION TO COMPETITORS DAMAGE TO BRAND AND CREDIBILITY USERS TRAINED TO IGNORE WARNINGS CALLS TO CUSTOMER SUPPORT

13 And The Most Common Reasons Provided INHERITED INFRASTRUCTURE GENERAL PROCESS ISSUES TRAINING CONSTRAINTS TOO MANY COOKS ADMIN LEFT THE COMPANY TOO MUCH VARIANCE Inherited a team or company through reorganization or acquisition, and was not aware the certificate existed No solid process or tooling in place to appropriately manage SSL holistically including EOL of services Constantly changing team with people unfamiliar with our process for requesting, installing and managing SSL Many teams that manage our combined infrastructure and each following a different informal process no controls The person responsible left the company and there was no way to identify and transition to someone new Every application follows a different SSL installation process; complexity and variance of approach causes mistakes

14 Enterprise Challenges with SSL Management I don t really know what s in my network, Increasing and where! Asset My teams have a hard time keeping our SSL installation VISIBILITY inventory current and accurate. Maintaining Certificate expiration presents a huge risk with revenue impact to my business and loss of productivity. CONTINUITY Enforcing my SSL policies across the enterprise Meeting is not and feasible Remaining with my tools today. Fines for not being compliant COMPLIANT with regulations add up! Enabling my teams to spend their valuable Increasing time on items Operational other than SSL installation and life cycle management EFFICIENCY would be ideal.

15 Discover the Power of: Symantec Certificate Intelligence Center Monitor and Manage your SSL Certificate enterprise environment SSL Certificate Discovery Reports and Audit User and Administration Management Alert and Notification Management Server Risk Assessment

16 What Customers Have Said About CIC I didn t realize we have these many CAs in our environment until CIC. We need to consolidate! - Telecom Operator Great reports and visibility into data to help us plan. We can t afford expirations in our business. - Social Networking Company The scans were easy to configure once the sensors were setup. Provided great results and some very useful insights into our SSL lay of the land. - Enterprise Software Company CIC did what it said it would do. We want to roll this out to all our BUs. - Hosting Provider

17

18

19

20

21 21

22 22

23 23

24 24

25 25

26 26

27 Symantec Certificate Intelligence Center for Mobile Discover and manage SSL certificates issued from any Certificate Authority. Anytime. Anyplace. Maintain business continuity: Minimize risks of unavailable or unknown website services across enterprise network Enhance Agility: Remediate out-of-status SSL certificates quickly Increase Operational Visibility: Provide up-to-date data and information on SSL certificate inventory for compliance and management control Releasing May 2012

28 360 0 View: Step 3 Web site Security End-to-End protection of user experience on web site Assurance of Persistent Protection

29 Cyber Attack Vectors Frequency of cyber attacks experienced by enterprises* Viruses, worms, trojans Malware 96% 100% Botnets 82% Web-based attacks 64% Stolen devices Malicious code 44% 42% Malicious insiders Phishing & social engineering 30% 30% Denial of service 4% * Source: Ponemon Institute

30 Today s Web Threat Lifecycle More Malware Variations signatures 13,300 created per day 61% of malicious websites are legitimate, but compromised sites Web 2.0 is the Catalyst 93% increase of Web-based Attacks Increasing Attack Success 1in156 Unique websites containing malware s are 1in298 Phishing Attack Target Users vs Machines Source: Symantec Research

31 Discover the Power of: Website Protection Malware Scanning Protect you from being blacklisted by search engines and reduce risk of propagating viruses to customers systems: Daily review for malicious code Immediate alert by warns of malware infection List of infected pages and problems help pinpoint and remove malware Vulnerability Assessment Easy way to identify the most critical vulnerabilities on your website most commonly exploited Check for SQL injection, Cross Site scripting and other vulnerabilities Weekly scan for the entry points frequently used for attacks Easy-to-read, actionable report

32 Symantec Recommends: Turn on Always-On SSL to protect customer s identities, enhance their experience, and strengthen your brand position Gain visibility and control of certificates using appropriate tools to reduce risk of business interruption and increase compliance Use value-add features like malware, vulnerability scanning & display of trust seals to validate web site security and drive more trusted customer interactions

33 Check out the 2012 Symantec ISTR Just Released 2012 ISTR: Always-On SSL: go.symantec.com/always-on-ssl/ Symantec Certificate Intelligence Center: go.symantec.com/certificateintelligence-center Symantec Website Security Solutions

34 Thank You! Q & A Rob Glickman Rob_Glickman@Symantec.com Amar Doshi Amar_Doshi@Symantec.com