Symantec Managed Security Services The Power To Protect

Transcription

1 Symantec Managed Security Services The Power To Protect Peter Sparkes Senior Director, Cyber Security Services Asia Pacific & Japan Symantec Managed Security Services Cyber Security Services 1

2 Expanding Boundaries Create Risk Everywhere Hackers Cloud Remote Offices/ Workers Authentication & Encryption Mobile Devices Virtualization Malicious & Well-meaning Users Cyber Threats Social Media Compliance Advanced Persistent Attacks Symantec Managed Security Services Cyber Security Services 2

3 Requirements For Security Bank CEO Thwarts Breach Campaign A record number of security breaches is costing UK firms billions of pounds, according to a new survey. An average security breach costs a large UK firm in the range of 280,000 and 690,000, according to a biennial survey.. This is a massive jump from between 90,000 to 170,000 in 2008, when the survey was last conducted. Protect against Targeted Attacks, Advanced Threats and Campaigns Respond Quickly and Effectively to Credible Security Threats & Incidents Demonstrate Value of Security Spend and Improved Risk Posture Track Key Trends & Events and Analyze for Actionable Intelligence Symantec Managed Security Services Cyber Security Services

4 Managed Security Services Expert Security on a Global Scale Big Data Security Analytics 10 Trillion Log Lines (per year) Over 21K new events identified (per day) 13 million behavioral patterns analyzed to identify new emerging threats Security Intelligence 69M attack sensors 5M decoy accounts 8B+ messages (Per day) 1B web requests (per day) World-Class Expertise 5 SOCs globally Over 1000 security experts on a global scale 100% GIAC certified SOC analysts Symantec Managed Security Services Cyber Security Services 7

5 Symantec BIG DATA Platform Tracks more than 13.8 Billion files Tracks more than 21.3 billion URLs FILES + MACHINES + URLs are viewed as a huge graph comprising of 152 billion nodes that expresses relations between them that drives our unique hygiene based ability to rate files and URLs Advanced machine learned predictive models (using this data) rates files and URLs We respond to more than 1 terabyte of queries per day to protect users from security risks Billions of metadata Tracked or Analyzed in real time We aggregate malware metadata information on our analytics platform from various internal and external sources that helps us accurately rate files and URLs. This is currently 150 Terabyte loaded into our DB. We have loaded a total of 2.1 trillion rows, growing monthly at the rate of 100+ billion rows Symantec Managed Security Services Cyber Security Services 5

6 Collection & Analysis Architecture DeepSight Global Threat Intelligence Security Analysts Customer Premise Log Collection Agent Data Warehouse Correlation Symantec SOC Customer Portal Symantec Managed Security Services Cyber Security Services 6

7 What did the SOC see in 2014 From major vulnerabilities to cyber espionage, Symantec MSS looks at what the past year has brought and what it means for the future. From large-scale data breaches to vulnerabilities in the very core foundation of the web, which threats are remnants from the past and which are indicators for what the future holds? - Discovery of Heartbleed and ShellShock Bash Vulnerabilities. - Co-ordinated Cyber Espionage and Potential Cyber Sabotage. - The lucrative business of stolen Credit or Debit cards, high profile POS attacks. - Ransomware & Cryptolocker Symantec Managed Security Services Cyber Security Services

8 SOC Statistics: Heartbleed Detection Spike First Heartbleed Detection was released on 8 th April 2014, by SNORT. Heartbleed CVE was classified on 7 th of April Snort Relea se on 8th From this point on, detections for Heartbleed started on the 4 th and spiked on the 12 th. This continued on for the next several months Copyright 2014 Symantec Corporation 8

9 First Heartbleed attacks recorded within 4-hours of disclosure 9

10 SOC Statistics - Attack on Media Industry 200 Threat Landscape -Attacks Against Media Industry Symantec MSS noticed a sudden spike on attacks against the Media industry just before the G20 Summit G20 ( Media outlets suggested that this was carried out by a state-sponsored group in China. 0 June July August September October November December January February Total Copyright 2014 Symantec Corporation 10

11 11% of incidents resulted in 59% of identities exposed (Retail) 37% of incidents resulted in 2% of identities exposed (Healthcare) 11

12 Ransomware / Cryptowall Current Variants CBT Locker Cryptowall 3.0 Delivered via campaigns as: Fake Postal Office Package Notification Fake Speeding Fine Fake Notice Upatre/Ponik Difference in C2 Methods CBT: Utilizes TOR Cryptowall 3.0: Hard-coded and obfuscated URLs Copyright 2014 Symantec Corporation Copyright 2014 Symantec 12 Co

13 SOC Statistics: Ransomware / Cryptowall MSS SOC have observed Ransomware campaigns frequently run between Monday to Wednesday of the week. Copyright 2014 Symantec Co 13

14 Thank you! Copyright 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Symantec Managed Security Services Cyber Security Services 14