Protecting the Infrastructure: Symantec Web Gateway

Transcription

1 Protecting the Infrastructure: Symantec Web Gateway 1

2 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options Multiple deployment options Extensive portfolio of complementary products Multiple buying programs Technology Leadership Next generation, bidirectional scanning Largest, most applicable threat intelligence network STAR developed unique signatures 2

3 Web Threat Overview 33.6% of malicious domains were NEW in September 21.8% of web-based malware was NEW in September. 80% of malicious websites were compromised LEGITIMATE sites Proactive, up-to-the-minute intelligence is needed to meet this volume in real time Source: MessageLabs Intelligence September

4 Evolution of Web Security Pattern Matching Bidirectional Correlated Events Connection Based Protection First Generation URL Filtering IP Reputation Second Generation Inbound Anti Virus Scanning Application Control Third Generation Infected Client Detection Behavioral Analysis 4

5 Malware Domains & IPs URL Filtering Malware Content Scanning Application Control Infected Client Detection Botnet Detection Symantec Web Gateway is Challenges Unknown malware spreading via the web Cannot easily identify spyware infected computers Difficult controlling applications & internet usage Benefits Lower infection rates Significantly reduced cleanup, theft and lost data costs Increases end user productivity Core Functional Areas Identifies computers infected with viruses & spyware Controls application access to the Internet Blocks malicious websites Monitors and/or blocks access to inappropriate websites Symantec Web Gateway Inspects packets, IPs, URLs, files, active content, applications, behavior Web Client systems 5

6 Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland San Francisco, CA Mountain View, CA Culver City, CA Austin, TX Pune, India Chengdu, China Chennai, India Taipei, Taiwan Tokyo, Japan Worldwide Coverage Global Scope and Scale Rapid Detection 24x7 Event Logging Attack Activity 240,000 sensors 200+ countries and territories Malware Intelligence 133M client, server, gateways monitored Global coverage Vulnerabilities 35,000+ vulnerabilities 11,000 vendors 80,000 technologies Spam/Phishing 5M decoy accounts 8B+ messages/day 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions 6

7 Connection Reputation Provided from Symantec Global Intelligence Network Sources: 75M+ Norton Community Watch Users Symantec Honey pots Symantec Web Crawlers Symantec DeepSight Policy based blocking User/Group/IP Severity Category 7

8 Infected Client Detection Phone Home Signature Detection Multi Port Multi Protocol Behavioral Correlation Algorithm Accurately Identifies Bots on the network Automatic Quarantine Limits potential damage Notifies end users of risk Consolidated, Useful Reporting Specific Event Information Sort by Count, Severity, Type Identify and prevent compromised systems from harming the organization 8

9 Infected Client Detection Identify Installed Malware Actionable Reporting Malware Infection Installed software (often without user s notice or permission) Has a Call Home component Can range in severity Network Signature Based Any Port/Protocol Proactive Blocking Quarantine 9

10 Symantec Web Gateway - Botnet Detection Correlated Behavior Inspects all traffic in/out the network Detects patterns of typical Bot traffic Command & Control Communications IP scanning Spamming Etc Correlates Multiple Behaviors to determine Active Bot Single patterns are Suspect but may be false positives, so are not Blocked Active Bots are Blocked Dormant Bots are marked as Inactive 10

11 AV Protection of Web 2.0 File Transfer Channels Conventional Web Download and Upload Channels Native HTTP Human and Machine downloads FTP Native FTP and FTP over HTTP Controls IM Download and Upload Channels Blocking P2P 11

12 Malware Download Scanning Download scanning in progress: After download has finished: 12

13 Malware Download Block Page 13

14 Application Control and File Leakage Inspects all internet bound traffic for popular web applications Signature Based Not reliant on ports Supports over 100 Applications and Protocols IM, P2P, DB Apps, Remote Access, VoIP, etc File transfer protocols, protocols, network protocols, etc. Monitor / Control Application Usage Focus on Public IM Safety Antivirus scan on files transferred Can Allow Chat / Prevent Downloads File Leakage Control File Uploads/Downloads Monitor File Names 14

15 Web Gateway URL Filter Add On URL list gives Admin ability to monitor, block, or allow access to over 100+ million sites organized within 62 different categories 15

16 Web Gateway URL Filter Add On After hours setting can be enabled to apply different policies during non working hours 16

17 URL Block Page 17 17

18 Administration All management and administration done through secure Web GUI Interface separated into three main areas: Reporting Policies Configuration 18 18

19 Administration 19 19

20 Policy Configuration Flexible policy configuration allows policy creation based on: Subnet IP Range Numerous LDAP attributes, if integrated with Windows LDAP directory Ability to create templates to simplify policy creation 20 20

21 Customizable End User Pages Multiple sets of end user pages available and can be applied to different group policies Nineteen pre-built language options available Over ten run time variables available to use in block messages 21 21

22 Out-Of-The-Box Reporting Full set of reporting options Dashboard - quantifies all known threats Executive Summaries Flexible reporting workflow Scheduled report generation and export options Benefits Gain insight into performance Identify malware trends Track potential malware attacks 22

23 Thank you! Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 23