Building Resilience in the Age of Cyber Warfare. Antonio Forzieri EMEA Cyber Security Practice Lead

Transcription

1 Building Resilience in the Age of Cyber Warfare Antonio Forzieri EMEA Cyber Security Practice Lead

2 Symantec better focus through split We make the world a safer place by helping people, businesses, and governments protect and manage their information so they can focus on achieving their goals. To enable organizations to harness the power of information. Symantec values your business, and as a result of separation you will benefit from ourincreased focusandinnovationin a rapidly changing market coupled with faster support and animproved engagement experience.

3 Enterprise Threat Landscape, based on recent ISTR Attackers Moving Faster Digital extortion on the rise Malware gets smarter 5 of 6 large companies attacked 317Mnew malware created 1Mnew threats daily 60% of attacks targeted SMEs 113% increase in ransomware 45Xmore devices held hostage 28% of malware was Virtual Machine Aware Zero-Day Threats Many Sectors Under Attack all-time high Top 5 unpatched for 295 days Healthcare + 37% Retail +11% Education +10% Government +8% Financial +6% Source: Symantec Internet Security Threat Report

4 Symantec Enterprise Security UNIQUE VISIBILITY 175M endpoints 57M attack sensors in 157 countries 182M web attacks blocked last year 3.7T rows of telemetry 100 Billion more/month 30%of world s enterprise traffic scanned/day 1.8 Billion web requests 9 threat response centers 500+ rapid security response team 4

5 Symantec Enterprise Security PRODUCT STRATEGY Users Data Apps Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Cloud Advanced Threat Protection Across All Control Points Built-In Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud Cloud-based Management for Endpoints, Datacenter, and Gateways Integrated Data and Identity Protection Cloud Security Broker for Cloud and Mobile Apps User and Behavioral Analytics Cloud-based Encryption and Key Management Gateways Endpoints Unified Security Analytics Platform Data Center Log and Telemetry Collection Integrated Threat and Behavioral Analysis Unified Incident Management and Customer Hub Inline Integrations for Closed-loop Actionable Intelligence Regional and Industry Benchmarking 5

6 Symantec Threat Protection KEY CAPABILITIES THREAT PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Advanced Threat Protection Next Gen Forensics and Remediation Server Workload Protection Single platform Cloud-based payload detonation Cross-control point correlation and incident prioritization Closed-loop remediation Unified incident management Granular flight recorder Fine-grained remediation policies Known and unknown exploit detection Common management console with centralized activity logs Closed-loop remediation No new agent (easy upgrade) Integrated protection across on premise, virtualized, and cloud-based workloads Consistent application of lockdown, app control, and lockdown policies Common Management/orchestration as workloads move to and from cloud Support for VMWare (NSX/ESX) and Amazon, Azure, and OpenStack Cloud-based management with single extendable agent technology, self-service BYOD provisioning, and native encryption & key management 6

7 Symantec Information Protection KEY CAPABILITIES INFORMATION PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Cloud Security Broker Data and identity protection between mobile and cloud, with no perimeter Highly contextual protection by connecting user, device, location, and data loss prevention policies Cloud-based SSO with biometric authorization Scan and remediation of data already in cloud apps User and Behavioral Analytics Integrated analytics to track and profile behaviors and data flow Prioritized incident management Pre-built threat models and big-data analytics to quickly flag and detect incidents Industry and global intel correlation to detect coordinated attacks 7

8 CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform 8

9 What risks?

10 WEF 2015 Report 2015 differs markedly from the past, with rising technological risks, notably cyber attacks, and new economic realities, which remind us thatgeopolitical tensions present themselves in a very different world from before. Information flows instantly around the globe and emerging technologies have boosted the influence of new players and new types of warfare. Revelations about data fraud and leaks andcyber espionage have critically undermined global trust, running the risk of complicating the search for solutions to other global governance challenges as well. Global interconnectedness and the rising speed of information transmission have reinforced the interdependence between geopolitics and economics, with cyberspace representing an important new front in the geopolitical equation as cyber attacks have the growing potential to inflict economic damage. In the coming decades, technological advancements, greater access to scientific knowledge and the increased vulnerability of classified information to cyber threats enhance the risk of WMDs proliferation, particularly in fragile areas. Copyright 2014 Symantec Corporation 10

11 On the morning of 7 December 1941, a radar station in Oahu, Hawaii, operated by the U.S. Army, picked up a huge blip on its instruments. Carson Zimmerman Ten Strategies of a World-Class CyberSecurity Operations Center Copyright 2014 Symantec Corporation 11

12 NO: IPS, Firewall and AV are not enough Security you are doing it wrong

13 Hacker takesover the command of a plain Copyright 2014 Symantec Corporation 13

14 CYBER SECURITY PROTECTION Cyber Security Services Requirements FULL SERVICE LIFECYCLE Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Reactive LIFECYCLE Ongoing Proactive TECHNOLOGY Collection Analytics Dissemination Incident Response Monitoring Intelligence PEOPLE Identify Interpret Manage SIMULATION 14

15 Symantec Cyber Security Services STRATEGY CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Expanded services Incident Response and Forensics services Security Simulation Services for security preparedness and overall health checks Scale up of existing and new services with core tech Big Data-based streaming & batch analytics High speed ingestion of large and ever growing log data EXISTING SECURITY SERVICE NEED Monitor Threats & Campaigns Track & Analyze Key Events & Trends SYMANTEC OFFERING Security Monitoring Service Adversary Threat Intelligence Service Expanded global footprint Expansion of number of SOCs globally to address demand as well as regulatory requirements NEW Respond to Breaches Quickly & Effectively Incident Response and Forensics Service Assess Security Readiness Under Different Scenarios Security Simulation Service 15

16 Security Platforms Market FOCUS SHIFTING TO ANALYTICS CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform ATTACKS ARE INCREASINGLY SOPHISTICATED Micro-targeted New techniques and zero day attacks Stealthy to remain undetected EXISTING TECHNOLOGY CAN T KEEP UP ANALYST FATIGUE IS RAMPANT Reactive methods Insufficient data to find subtle trends and patterns Isolated approaches without broader context Too many alerts and false positives Slow and manual detection, forensics, and remediation RISE OF SECURITY BIG DATA ANALYTICS Big data, analytics, and machine learning techniques needed to address these challenges 16

17 Symantec Cyber Security Services KEY CAPABILITIES CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Security Monitoring Services IR and Simulation Services Threat Intelligence Services Key technology IP for log collection, analytics, and incident investigation Tailored to customer maturity/industry High-touch 24x7 service model Integration with next gen security infrastructure to detect advanced threats Global team with extensive experience in forensics investigation Emergency/Retained/Managed options Integrated with SOCs to provide end to end service Realistic live fire training missions delivered as a SaaS solution Global Intelligence Network Early warning Portal Adversary threat intelligence Integrated IoCsfrom internal and external feeds Global team of 500+ threat and intel experts with unique knowledge of attack actors; Supported by Cloud-based Big Data analytics infrastructure 17

18 The Core IT Security Challenges Intelligent Vigilant Responsive Ready CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Track and Analyze Security Events, Creating Actionable Intelligence Cyber Intelligent DeepSight Intelligence Services Protect Against Targeted Attacks, Advanced Threats and Campaigns Cyber Vigilant Managed Security Services Respond Quickly and Effectively to Credible Security Threats & Incidents Cyber Responsive Incident Response Services Strengthen Cyber Readiness to Prevent Today s Advanced Attacks Cyber Ready Security Simulation Services 18

19 The Core IT Security Challenges Intelligent Vigilant Responsive Ready CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Track and Analyze Security Events, Creating Actionable Intelligence Cyber Intelligent DeepSight Intelligence Services Protect Against Targeted Attacks, Advanced Threats and Campaigns Cyber Vigilant Managed Security Services Respond Quickly and Effectively to Credible Security Threats & Incidents Cyber Responsive Incident Response Services Strengthen Cyber Readiness to Prevent Today s Advanced Attacks Cyber Ready Security Simulation Services 19

20 The Core IT Security Challenges Intelligent Vigilant Responsive Ready CYBER SECURITY PROTECTION Cyber Security Services Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Unified Security Analytics Platform Track and Analyze Security Events, Creating Actionable Intelligence Cyber Intelligent DeepSight Intelligence Services Protect Against Targeted Attacks, Advanced Threats and Campaigns Cyber Vigilant Managed Security Services Respond Quickly and Effectively to Credible Security Threats & Incidents Cyber Responsive Incident Response Services Strengthen Cyber Readiness to Prevent Today s Advanced Attacks Cyber Ready Security Simulation Services 20

21 DeepSight Services: Portal, Data Feeds and Adversary Intelligence Track and Analyze Security Events, Creating Actionable Intelligence Understand, prevent and respond to current and emerging cyber threats Create informed countermeasures for current and future threats Obtain timely insight into current vulnerabilities and threats and prioritize resources Reduce the time and effort for SOC and IR teams to investigate incidents and vulnerabilities and improve efficiency Gain situational awareness to drive security decisions and manage risk 21

22 Managed Security Services: Global Security Operation Centers Protect Against Targeted Attacks, Advanced Threats and Campaigns Extend staff with dedicated, world class security experts Leverage industry leading threat intelligence for better detection Reduce security data management and audit challenges with centralized log collection, retention and reporting Utilize resources to respond to organizations most critical incidents 22

23 Managed Security Services: Global Security Operation Centers Monitor Monitor Monitor EMEA APAC Security Analysts AMS Symantec SOC Technology Platform Customer Portal Severe Incident Escalation 23

24 MSS Service Management and SLA s Named Service Manager Service Desk SLA s Responsible for Day-to-Day service 24x7 Escalations Quarterly Service Review cycle Assign Regional Service Desk Logging outage remediation Log Collection Platform configuration Severe Event Notification SOC Infrastructure Up-time 10 min 99.90% Reporting Portal Training Service Tuning Organisational Hierarchy MSS Web Portal Analyst availability to respond to inbound customer request Service Manager availability for Escalation 30 min 24x7 Intimacy with customer environment Major Incident Response Co-ordination Device Registration Warranty (From the point all reasonable technical information is received) 15 days Transition Manager Device Log outage notification 30 min MSS Transition Project Management Log Collection Platform architecture design, configuration Project plan, artefacts, schedule Connectivity Sign-off devices to BAU Service Governance Shared Service Delivery Model ISO27001 PCI-DSS On-line Raw Log retention Off-line Raw Log retention On-line Incident Data Retention 92 days 12 months Contract SSAE 16 SOC 1 Type II Attestation ITIL based operating model Availability of Customer Monthly Report By 5 th day Cyber Security Services :Security Monitoring 24

25 Incident Response Services: Emergency Response & Retainer Services Respond Quickly and Effectively to Credible Security Incidents Respond quickly to incidents before they become a full blown crises Resolve incidents faster with skilled, experienced response resources through well-defined SLAs Build an effective response program that is proactive Leverage threat intelligence in response efforts to quickly eradicate attacks 25

26 Symantec s Incident Readiness & Response Services Readiness Services Retainer Services Emergency Response Prepare/Assess Incident Response Program Development APT Hunting DeepSightManaged Adversary Threat Intelligence and Directed Research Simulation Platform IR Tabletop Exercises Assess/Respond Incident Readiness Assessment Pre-buyfly to site capacity with SLA Option to use pre-paid hours for: IR Plan Assessment Response Training Tabletop Exercises APT Hunting Respond Advanced on-demand fly to site service Incident identification, investigation and containment Integrated Intelligence Global Expansion and Operations Advanced Malware Analysis

27 Security Simulation: Cloud, Hosted & Onsite Cyber Security Exercises Strengthen Cyber Readiness to Prevent Today s Sophisticated Attacks Assess and develop skills via real-world simulated attack scenarios Leverage real world security training that is engaging, interactive and relevant Learn latest adversary techniques through multi-stage scenarios in virtual environment Identify skills gaps and build training plans to address security goals 27

28 The Cyber Security Services Difference BETTER SECURITY GLOBAL COVERAGE OPTIMIZED TIME Integrated Offerings 365x24x7 Time to Identify Threats Leading Security Intelligence 5 Security Operation Centers Global Threat Detection > 500 Security Professionals Follow the Sun Model Rapid Streaming Analytics Certified Security Experts Global Cyber Centers Real Time Intelligence Demonstrate Value and Security Spend 28

29 Cyber Security Services Leadership Only company to offer the combination of Security Monitoring, Threat Intelligence, Incident Response and Security Simulation Powered by Largest Global Intelligence Network Gartner MQ Leader, 14 consecutive years 500+World Class certified and Experienced security professionals 29

30 Cyber Security Services Ecosystem at Work 5 6 Indicators found in IR investigations tied to adversary data and enhance research Real-world Investigation scenarios modeled in simulation platform for customer training DeepSight Analysis Global Intelligence Network Security Simulation 7 Security Response Malware samples used to enhance protection against future advanced threats Customer Premise 4 Indicators learned in investigations enhance detection and correlation 2 Access to intelligence on adversary, campaign, and TTP related to incident 3 Access to telemetry data and global advanced Reverse Engineering expertise MSS Operations Incident Response Automated Collection Transfer Aggregated log Correlation and Analytics 1 Leverage of Log analysis, verticalspecific and customer context and customer incident history 30

31 Cyber Security Services - An Extension of Your Team EXPERIENCE EXPERTISE 15 years delivering security monitoring and log management 248 total years of forensic investigation Average experience of 15 years in-field active investigation Hand picked security professionals from government agencies and organisations around the world 500+ certified cyber security professionals Leading experts in incident response, security monitoring and intelligence Worlds largest cyberwar games program Skilled in cyber security, forensic investigation, hacking, analysis, data science, and research 31

32 Thank you! Copyright 2014 Symantec Corporation. All rights reserved.symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. andother countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 32