Enterprise Security: Markets, Strategy, Roadmap, Go to Market

Transcription

1 Enterprise Security: Markets, Strategy, Roadmap, Go to Market Jeff Scheel, SVP, Corporate Development, Alliances, and Strategy Balaji Yelamanchili, EVP & GM, Enterprise Security Business Unit Amit Mital, EVP, CTO & Emerging Endpoints Forward Looking Statements This presentation contains statements regarding our projected financial and business results, which may be considered forwardlooking within the meaning of the U.S. federal securities laws, including statements regarding our financial guidance and targets (as a combined company and by business segment); our proposed separation into two publicly traded companies; the projected market growth rates and margin expansion opportunities for the security business and the information management business; statements regarding our competitive advantages in security and information management; statements with respect to the proposed timing of the separation; and statements with respect to proposed capital allocation strategies for both Symantec and Veritas. These statements are subject to known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to differ materially from results expressed or implied in this presentation. Such risk factors include those related to: risks related to the separation of the company into the security business and the information management business; general economic conditions; maintaining customer and partner relationships; the anticipated growth of certain market segments, particularly with regard to security and information management; the competitive environment in the industries in which we operate; changes to operating systems and product strategy by vendors of operating systems; fluctuations in currency exchange rates; the timing and market acceptance of new product releases and upgrades; the successful development of new products; and the degree to which these products and businesses gain market acceptance. Actual results may differ materially from those containedintheforward looking statements in this presentation. We assume no obligation, and do not intend, to update these forward looking statements as a result of future events or developments. Additional information concerning these and other risks factors is contained in the Risk Factors sections of our Form 10 K for the year ended March 28, 2014 and our Form 10 Q forthe quarter ended January 2, Any information regarding pre release of Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available. We assume no obligation to update any forward looking information contained in this presentation. 2 ENTERPRISE SECURITY 1

2 Use of GAAP and Non GAAP Financial Information Our results of operations have undergone significant change due to a series of acquisitions, the impact of stock based compensation, impairment charges and other corporate events. To help our readers understand our past financial performance and our future results, we supplement the financial results that we provide in accordance with generally accepted accounting principles, or GAAP, with non GAAP financial measures. The method we use to produce non GAAP results is not computed according to GAAP and may differ from the methods used by other companies. Our non GAAP results are not meant to be considered in isolation or as a substitute for comparable GAAP measures and should be read only in conjunction with our consolidated financial statements prepared in accordance with GAAP. Our management regularly uses our supplemental non GAAP financial measures internally to understand, manage and evaluate our business and make operating decisions. These non GAAP measures are among the primary factors management uses in planning for and forecasting future periods. Investors are encouraged to review the reconciliation of our non GAAP financial measures to the comparable GAAP results, which can be found, along with other financial information, on the investor relations page of our website at Reconciliations for our financial results and guidance can be found on Symantec s investor relations website. 3 Agenda 1 Market Opportunity 2 Product Strategy 3 Roadmap & Go To Market 4 ENTERPRISE SECURITY 2

3 Enterprise Threat Landscape Attackers Moving Faster Digital extortion on the rise Malware gets smarter 5 of 6 large companies attacked 317M new malware created 1M new threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45X more devices held hostage 28% of malware was Virtual Machine Aware Zero Day Threats Many Sectors Under Attack all time high Top 5 unpatched for 295 days Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report Key Trends Reshaping the Enterprise Security Market RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT DISAPPEARING PERIMETER Decreasingly relevant with fuzzy perimeter RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud SERVICES Security as a Service; box fatigue CYBERSECURITY Governments and regulators playing ever larger role 6 ENTERPRISE SECURITY 3

4 Symantec Enterprise Security STRONG FRANCHISES Endpoint Security #1 share; AAArating nine quarters in a row Data Protection #1 DLP share; 100% of Fortune 100 Security #1 share; 100% uptime with <0.0003% FPs 5 years in a row Trust Services #1 share 6B certificate lookups/day Authentication & Authorization 13B validations every day 100% uptime last 5 years Managed Security Services 12 Yrs Gartner MQ leader 30B logs analyzed/day 7 Symantec Enterprise Security UNIQUE VISIBILITY 175M endpoints 57M attack sensors in 157 countries 182M web attacks blocked last year 3.7T rows of telemetry 100 Billion more/month 30% of world s enterprise traffic scanned/day 1.8 Billion web requests 9 threat response centers 500+ rapid security response team 8 ENTERPRISE SECURITY 4

5 Symantec Enterprise Security GROWTH DRIVERS Addressable Market Size ($B) Symantec Opportunity 18.7 CAGR 9.6% Expanded Current Threat Protection With Advanced Threat Protection (ATP) and Cloud Workload Protection, our addressable market expands 50% by CY 2018 Information Protection With Cloud Information Protection and Identity as a Service, our addressable market expands 35% by CY 2018 Cyber Security Services With expanded Cyber Security Services offerings, our addressable market expands 50%+ by CY 2018 CY15 CY18 Source: IDC Security forecast, Gartner, Harbor Research, Ovum, and Symantec Analyses 9 Symantec Enterprise Security GROWTH DRIVERS Addressable Market Size ($B) Symantec Opportunity +50% TAM % TAM Expanded Current +50% TAM CY15 CY18 CY15 CY18 CY15 CY18 Threat Protection Information Protection Cyber Security Services Threat Protection With Advanced Threat Protection (ATP) and Cloud Workload Protection, our addressable market expands 50% by CY 2018 Information Protection With Cloud Information Protection and Identity as a Service, our addressable market expands 35% by CY 2018 Cyber Security Services With expanded Cyber Security Services offerings, our addressable market expands 50%+ by CY 2018 Source: IDC Security forecast, Gartner, Harbor Research, Ovum, and Symantec Analyses 10 ENTERPRISE SECURITY 5

6 Agenda 1 Market Opportunity 2 Product Strategy 3 Roadmap & Go To Market 11 Enterprise Security PRODUCT STRATEGY Users Data Apps Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Cloud Advanced Threat Protection Across All Control Points Built In Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads: On Premise, Virtual, and Cloud Cloud based Management for Endpoints, Datacenter, and Gateways Integrated Data and Identity Protection Cloud Security Broker for Cloud and Mobile Apps User and Behavioral Analytics Cloud based Encryption and Key Management Gateways Endpoints Unified Security Analytics Platform Data Center Log and Telemetry Collection Integrated Threat and Behavioral Analysis Unified Incident Management and Customer Hub Inline Integrations for Closed loop Actionable Intelligence Regional and Industry Benchmarking 12 ENTERPRISE SECURITY 6

7 THREAT PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform 13 Threat Protection Requirements FULL THREAT LIFE CYCLE PREDICT Proactive risk analysis Harden and isolate systems PREVENT Predict attacks Divert attackers Baseline systems Remediate/ Make change Advanced Threat Protection Prevent issues Detect issues Design/ Model change Confirm and prioritize risk RESPOND Investigate/ Forensics Contain issues DETECT Source: Gartner 14 ENTERPRISE SECURITY 7

8 Symantec Threat Protection STRATEGY Advanced Threat Protection Across Control Points Endpoints Built in Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads across On Premise, Virtual, and Cloud Cloud based Management for Endpoints, Datacenter, and Gateways Advanced Threat Protection Network/ Gateways Data Center 15 Symantec Threat Protection ADVANCED THREAT PROTECTION Global Intelligence Advanced Threat Protection Exported Data Advanced Threat Protection Cloud Sandbox Correlation Prioritization Single detection platform across endpoint, network, and Cross correlation and incident prioritization Cloud based payload detonation Closed loop remediation Unified incident management Key differentiator: high efficacy with least false positives and low TCO Endpoint Network 3 rd party offerings 16 ENTERPRISE SECURITY 8

9 Symantec Threat Protection FORENSICS & REMEDIATION Global Intelligence Flight Recorder Next Gen Forensics and Remediation Targeted Attack Visualization Endpoint Protection (SEP) IoC Search Repair and Remediation Extensions built within existing agent technology Granular flight recorder Fine grained remediation policies Common management console with centralized activity logs Known and unknown exploit detection Key differentiator: no new agent, easy to upgrade Proactive Exploit Protection 17 Symantec Threat Protection INTEGRATED SERVER WORKLOAD PROTECTION Server Workload Protection Integrated protection across on premise, virtualized, and cloud based workloads Consistent enforcement of app control, lockdown, and other hardening policies Common management and orchestration as workloads move to and from cloud Support for VMWare (NSX/ESX) and Amazon, Azure, and OpenStack Clouds Data Center Security (DCS) File Integrity Monitoring Application Hardening Control & Compliance 18 ENTERPRISE SECURITY 9

10 Symantec Threat Protection SUMMARY OF KEY CAPABILITIES Advanced Threat Protection Next Gen Forensics and Remediation Server Workload Protection Single platform Cloud based payload detonation Cross control point correlation and incident prioritization Closed loop remediation Unified incident management Granular flight recorder Fine grained remediation policies Known and unknown exploit detection Common management console with centralized activity logs Closed loop remediation No new agent (easy upgrade) Integrated protection across on premise, virtualized, and cloud based workloads Consistent application of lockdown, app control, and lockdown policies Common Management/orchestration as workloads move to and from cloud Support for VMWare (NSX/ESX) and Amazon, Azure, and OpenStack Cloud based management with single extendable agent technology, self service BYOD provisioning, and native encryption & key management 19 Symantec Threat Protection KEY REVENUE OPPORTUNITIES Installed Base Endpoint customers: Endpoint ATP and Forensics & Remediation add ons customers: ATP add on Both: Full ATP including Endpoint, , and Network Net New Customers ATP with cross correlation value proposition Replacement of manual IR projects with automated tools for Forensics and Remediation Customers moving to Cloud and BYOD Protection for Cloud workloads (e.g. Amazon, Azure) Cloud based management of endpoint, server, and BYOD devices with self service capabilities Expanded Current $11.7B CY15 +50% TAM $6.9B $13.8B CY18 Source: IDC Security forecast, Harbor Research, Ovum, and Symantec Analyses 20 ENTERPRISE SECURITY 10

11 INFORMATION PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform 21 Information Protection Requirements CLOUD AND MOBILE FOCUS USERS ARE MOVING With the advent of mobile and BYOD devices, more users are accessing and consuming information when outside the firewalls Historically data was created and consumed on premise; most users would create and consume this data from inside firewalls With more data in cloud and more mobile users, information protection across cloud and mobile, combined with behavioral analytics, is a critical imperative With more applications and workloads migrating to public clouds, more and more data is created and consumed on cloud DATA AND APPS ARE MOVING 22 ENTERPRISE SECURITY 11

12 Symantec Information Protection STRATEGY Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats Identities Cloud Security Broker Data Access 23 Symantec Information Protection CLOUD SECURITY BROKER Cloud Security Broker DLP Encryption MAM SSO Identity & Access Control Cloud Security Broker Visibility Compliance Control Compliance A new cloud based control point that integrates DLP, Identity, and Analytics Ensures identity and data protection between mobile users and cloud apps, independent of perimeter Highly contextual protection by connecting user, device, location, and data loss prevention policies Cloud based SSO with biometric authorization Scan and remediation of data already in cloud apps 24 ENTERPRISE SECURITY 12

13 Symantec Information Protection USER AND BEHAVIORAL ANALYTICS Global Intelligence Behavioral Analytics Integrated Threat Visualization & Modeling DLP Logs Identity Data Access Logs Integrated analytics to track and profile behaviors and data flow Content, Context, and Identity aware Pre built threat models and big data analytics to quickly detect and prevent incidents Prioritized incident management based on risk profile, risk timeline, and risk comparison Industry and global intel correlation to detect coordinated attacks 25 Symantec Information Protection SUMMARY OF KEY CAPABILITIES Cloud Security Broker Data and identity protection between mobile and cloud, with no perimeter Highly contextual protection by connecting user, device, location, and data loss prevention policies Cloud based SSO with biometric authorization Scan and remediation of data already in cloud apps User and Behavioral Analytics Integrated analytics to track and profile behaviors and data flow Prioritized incident management Pre built threat models and big data analytics to quickly flag and detect incidents Industry and global intel correlation to detect coordinated attacks 26 ENTERPRISE SECURITY 13

14 Symantec Information Protection KEY REVENUE OPPORTUNITIES Installed Base Cloud Security Broker combing identity, DLP, analytics (increasing ARPU ) Individuals add ons such as DLP for Cloud apps, Cloud SSO, and Behavioral Analytics Net New Customers moving to Cloud Cloud Security Broker combing identity, DLP, analytics Individual solutions: DLP for Cloud apps, Cloud SSO, and Behavioral Analytics Expanded Current +35% TAM $1.5B $4.3B $3.2B CY15 CY18 Source: IDC Security forecast and Symantec Analyses 27 CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform 28 ENTERPRISE SECURITY 14

15 Cyber Security Services Market PRIORITY ON FULL LIFECYCLE LIFECYCLE Reactive Ongoing Proactive TECHNOLOGY Collection Analytics Dissemination Incident Response Monitoring Intelligence PEOPLE Identify Interpret Manage SIMULATION 29 Symantec Cyber Security Services STRATEGY Expanded services Incident Response and Forensics services Security Simulation Services for security preparedness and overall health checks Scale up of existing and new services with core tech Big Data based streaming & batch analytics High speed ingestion of large and ever growing log data EXISTING SECURITY SERVICE NEED Monitor Threats & Campaigns Track & Analyze Key Events & Trends SYMANTEC OFFERING Security Monitoring Service Adversary Threat Intelligence Service Expanded global footprint Expansion of number of SOCs globally to address demand as well as regulatory requirements NEW Respond to Breaches Quickly & Effectively Assess Security Readiness Under Different Scenarios Incident Response and Forensics Service Security Simulation Service 30 ENTERPRISE SECURITY 15

16 Symantec Cyber Security Services SUMMARY OF KEY CAPABILITIES Security Monitoring Services IR and Simulation Services Threat Intelligence Services Key technology IP for log collection, analytics, and incident investigation Tailored to customer maturity/industry High touch 24x7 service model Integration with next gen security infrastructure to detect advanced threats Global team with extensive experience in forensics investigation Emergency/Retained/Managed options Integrated with SOCs to provide end to end service Realistic live fire training missions delivered as a SaaS solution Global Intelligence Network Early warning Portal Adversary threat intelligence Integrated IoCs from internal and external feeds Global team of 500+ threat and intel experts with unique knowledge of attack actors; Supported by Cloud based Big Data analytics infrastructure 31 Symantec Cyber Security Services KEY REVENUE OPPORTUNITIES Net New Customers Integrated suite of services covering monitoring, IR, threat intelligence, and security simulation Expanded Current Installed Base Cross selling of IR and Simulation Services into Monitoring service installed base +50% TAM $3.6B Specific opportunities within Public Sector Security best practices and solutions tailored for agencies Data residency and regulatory compliance enables expansion into new geographies $3.9B $6.5B CY15 CY18 Source: Gartner and Symantec Analyses 32 ENTERPRISE SECURITY 16

17 UNIFIED SECURITY ANALYTICS Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform 33 Security Platforms Market FOCUS SHIFTING TO ANALYTICS ATTACKS ARE INCREASINGLY SOPHISTICATED EXISTING TECHNOLOGY CAN T KEEP UP ANALYST FATIGUE IS RAMPANT Micro targeted New techniques and zero day attacks Stealthy to remain undetected Reactive methods Insufficient data to find subtle trends and patterns Isolated approaches without broader context Too many alerts and false positives Slow and manual detection, forensics, and remediation RISE OF SECURITY BIG DATA ANALYTICS Big data, analytics, and machine learning techniques needed to address these challenges 34 ENTERPRISE SECURITY 17

18 Symantec Unified Security in a Nutshell WHAT IT IS: 3 part ecosystem Unified Security Analytics Platform A comprehensive Big Data Analytics platform for collecting vast security telemetry, analyzing it for local and global threats and converting the insights into secure outcomes Unified Security Applications Data and analytic applications built on the platform by Symantec and 3rd party ecosystem for a variety of security use cases Telemetry & APIs Standard set of interfaces and APIs, supplied by Symantec and 3rd party security products, for contributing rich telemetry to the platform WHAT IT DOES: Brings in data and events from all sources Provides a platform to manage, store, and analyze the aggregated data Enables a new breed of applications that leverages the aggregated intelligence Creates a virtuous cycle 35 Unified Security Analytics Blueprint Unified Security Applications SYMC Unified Security offerings & apps 3 rd party offerings & apps Managed Services (SYMC or 3 rd party) ATP: ATP: Endpoint Network ATP: SymGauge Attack Detection UIM/ UII Unified Security Platform PRESENTATION SERVICES LAYER DATA LAYER Customer Portal Collection & Enrichment Services CUSTOMER DATA (NON ANONYMIZED) Reports & Dashboards Analytics Services (Batch & Real Time) Interactive Visualizations Unified Incident Hub Integration Services (with Detect/Protect Engines) GLOBAL DATA (ANONYMIZED) Collectors and control APIs Telemetry & APIs 3 rd party clouds Cloud security (e.g. for AWS) SYMC hosted security (e.g. , Web) SYMC on prem products (e.g. SEP, DLP, DCS) 3 rd party products (e.g. Firewalls) 36 ENTERPRISE SECURITY 18

19 Scale Drives Unified Security Analytics Enables solving a whole new class of customer use cases: Identify attacks through richer analytics and algorithms Increased visibility by connecting the dots across global telemetry Realization of better security outcomes Changes the basis of competition: Scale of security data we collect across endpoints, gateways, applications, and users Ecosystem that is difficult to replicate Uniquely differentiated offerings We already operate the largest civilian threat intelligence network on the planet Accelerant for continued innovation: Platform and telemetry Robust set of services with cloud scale architecture Enablement of 3 rd parties to innovate on our platform 37 Value Created Through Scale Unified Security Analytics Platform How We ll Monetize Access to the platform Additional Value We Capture Drive cross sell through increased value of all of our offerings Unified Security Analytics Applications Encourages new analytics applications built on our vast intelligence Revenue share from 3 rd parties Telemetry & APIs More effective detecting, blocking, and remediating of attacks than anyone else Increased telemetry from our product drives synergy across the ecosystem 38 ENTERPRISE SECURITY 19

20 Sample Unified Security Analytics Applications SymGauge Risk Advisor and Benchmarking App Measures and benchmarks security health, including risks arising from compromised end users Incident Investigation Drill into incidents to get all associated events across security control points, building out the full attack chain Ex: Discover when and how a threat first entered the environment Targeted Attack Detection Crawls through global telemetry to find targeted attack IOCs and detect brand new targeted attacks Ex: find all s sent from a given address, all files attached to those s, all events associated with those files, etc. Moneyball Correlate security outcomes across customers with differing security controls, policies, and settings Quantify ROI for potential new security investments 39 SymGauge ( Taste Test ) Application Validating Our Unified Security Hypothesis Three questions to answer How useful is our data? Can we analyze the data to find significant threats? What s the best way to monetize? Taste Test Experiment with a Large Bank Analyzed our global SEP telemetry Found targeted attack activity Provided analysis of exploits in use Calculated security ranking Analyzed our global Norton data Identified active phishing campaigns Found spoofed banking apps Showed hygiene of customers accessing the bank s site Result: Shocked CISO and landed multimillion dollar deal with a suite of offerings SymGauge Automated Taste Test Taste Test took 2 analysts > 6 weeks this doesn t scale Solution: automate! Now developing SymGauge, an automated Risk Advisor and Benchmarking application Narus acquisition accelerating implementation 40 ENTERPRISE SECURITY 20

21 Agenda 1 Market Opportunity 2 Product Strategy 3 Roadmap & Go To Market 41 Symantec Enterprise Security RAPID RELEASE CYCLES 18 MONTH ROADMAP THREAT PROTECTION ATP (Network) Security with DLP ATP ( , Endpoint) Endpoint Forensics Cloud Endpoint Management Endpoint Remediation Cloud Workload Protection Datacenter Security As a Service INFORMATION PROTECTION DLP/ Office365 Biometric Authentication DLP/ Box.Net Cloud Security Broker DLP/ SFDC & WDAY User Behavioral Analytics DLP As a Service Identity As a Service Cloud based Key Management CYBER SECURITY SERVICES IR Retainer Service ATP Monitoring Service Simulation Service MSS Self Service Admin Portal IR Readiness Assessment IR Managed Service MSS Log Mgmt As a Service UNIFIED SECURITY ANALYTICS SymGauge App (TasteTest) Analytics Platform Internal Preview Targeted Attack Detection App Analytics Platform Customer Preview Incident Investigation App Analytics Platform Gen. Availability Moneyball App Analytics Platform 3 rd Party SDK New Product Enhanced Product Preview Releases 42 ENTERPRISE SECURITY 21

22 Symantec Enterprise Security FOCUSED GO TO MARKET 1,750 Strong Enterprise Security Sales Team 40% More Quota Carrying Field Reps 3X More Solution Architects 3X Increase in Coverage for Global Key Accounts DEDICATED SALES MORE FEET ON THE STREET MORE SECURITY EXPERTS KEY ACCOUNT PROGRAM Complemented by Partner and Channel ecosystem with rewards re aligned to growth; Commercial growth through Inside Sales, with focus on SaaS, Subscriptions, and Renewals 43 Symantec Enterprise Security Large market with 35% 50% increase in TAM driven by new product pipeline targeting growth segments Increasing momentum through dedicated sales focus and more quota carrying reps Unrivalled threat intelligence and telemetry drives innovative platform, products, and services Leverage from large installed base in key segments will accelerate growth 44 ENTERPRISE SECURITY 22

23 Q&A Jeff Scheel, SVP, Corporate Development, Alliances and Strategy Balaji Yelamanchili, EVP & GM, Enterprise Security Business Unit Amit Mital, EVP, CTO & Emerging Endpoints 45 Appendix ENTERPRISE SECURITY 23

24 Symantec Threat Protection PROVEN AND INNOVATIVE TECHNOLOGIES Detection Engines Protection Engines Detonation Cynic Cloud based sandboxing and detonation engine for malware analysis Correlation Synapse Correlates security events across the control points Blocking Exploits PEP Blocks exploits of known & unknown vulnerabilities Behavior Analysis SONAR Finely tuned and highly performant engine that enables flight recorder like system monitoring Predictive Analysis Skeptic Uses predictive analysis, heuristics, and link following to find targeted threats Reputational Insight Determines the safety of files & websites using the wisdom of the crowd 47 Symantec Info Protection PROVEN AND INNOVATIVE TECHNOLOGIES Content Engines Validation Engines Indexed Data Matching Exact Data Matching Vector Machine Learning Crypto Cloud Cert Validation Engine Virtualized Identity Fuzzy matching of indexed files (office, PDF, etc..) based on templates Precise detection technology with high precision match and eliminate all FPs Supervised learning classifier; zero day protection for confidential data Cloud vault for all types of crypto keys (asymmetric and symmetric) Verifies wide range of digital identities, including website identities (SSL) and user credentials (PKI, VIP) Maps identities from any directory, database, or user store to create a virtual identity 48 ENTERPRISE SECURITY 24