Discover the Latest Innovations with Website Security Solutions Lee-Lin Thye Senior Product Marketing Manager Trust Services Vision USA 2013 1
Evolving Challenges and Standards Presentation Identifier Goes Here SYMANTEC VISION 2013 2
Algorithm Agility RSA The traditional HTTPS solution 2014 migration from 1024- to 2048-bit keys RSA remains a reliable encryption method DSA Mostly of interest to the public sector Same security, performance and key length as RSA, with different math Developed by the NSA (US Govt) ECC Serve more connections with less infrastructure, stronger security, New faster Shorter key length Scaling up to serve mobile demand w/ reduced load on infrastructure ECC 256 10x more secure than RSA 2048 More efficient at higher server load Faster connection speeds, especially at peak server loads Faster page loads, better end-user experience End-to-end ECC hierarchy ECC roots in all major browsers The only SSL that offers a choice Trust Services Vision USA 2013 SYMANTEC VISION 2013 3
ECC Delivers Increased Security 10k Times Harder to Break Than RSA Key Key Size (bits) 18000 16000 14000 12000 10000 8000 6000 4000 2000 0 Current Ind. Std. Current acceptable security Level [10^24 MIPS years] SYMC ECC SYMC ECC 1.00E+12 1.00E+24 1.00E+28 1.00E+47 1.00E+66 MIPS Years to break The longer the RSA key, the less applicable it becomes in the real world. ECC RSA ECC maintains very complex cryptography w/key lengths that meet demands of reality Source: Symantec Internal Research and Testing http://www.nsa.gov/business/programs/elliptic_curve.shtml Trust Services Vision USA 2013 SYMANTEC VISION 2013 4
ECC: Improved Server Performance Under Peak Loads Total server time (ms) 12 10 Web pages encrypted w/ecc load faster than those with RSA 8 6 4 2 0 ECC-256 RSA-2048 ECC-256 RSA-2048 ECC-256 RSA-2048 0k page 90k page 200k page Source: Symantec Internal Research and Testing ECC-256 / RSA-2048 with different page sizes Trust Services Vision USA 2013 SYMANTEC VISION 2013 5
SSL Certificate Management is Complex Average company manages almost 2,000 SSL certificates Most (82 percent) see rogue certificates Most use multiple methods to track SSL Yet, one third say their catalog is less than somewhat accurate How common are so-called rogue certificates in your organization? How do you keep track of these certificates so you know, for example, when they will expire, who owns the certificate, and so on? We don t have any 15% We don t use anything to manage SSL certificates 2% This is extremely rare We have a few here and there We have a moderate number We have a lot 13% 20% 25% 24% We wrote our own application for this We use a public domain software solution We use a commercial software solution 38% 43% 58% We don t know 3% We have all our certificates logged in a Word or Excel file 61% Trust Services Vision USA 2013 SYMANTEC VISION 2013 7
Stakes High with SSL Certificate Management Typical company lost $3.5M last year due to certificate mishaps Higher call volume Stolen intellectual property Damaged brand & reputation IT time, downtime Why? Biggest certificate issues: Unexpected expiration Rogue certificates Security breaches Misconfigured certificates What kinds of costs have you experienced as a resuly of certificate mishaps in the past year? Loss of stock value due to negative press arising from certificate mishaps 6% Loss of brand or reputation 10% Compliance related costs, including fines Loss of revenue due to an expired or compromised certificate which scared customers away Theft of intellectual property 21% 27% 33% Downtime due to a certificate-related security breach Higher call volume to customer or IT support 45% 47% IT management time spent remediating certificate mishaps 51% Trust Services Vision USA 2013 SYMANTEC VISION 2013 8
Companies in denial about expired certificates If a customer encounters an expired certificate while shopping, they will continue transaction or contact for help 57% Enterprise continue transaction or contact for help 27% the rest would abandon Consumers Trust Services Vision USA 2013 SYMANTEC VISION 2013 9
Common Certificate Issues Please characterize how common each of the following certificate issues is in your organization Somewhat / Extremely common Wrongly installed and misconfigured certificates 44% Security breaches related to certificates 45% Discovering rogue certificates 47% Unanticipated expiration of certificates We didn t know it was about to expire 56% Trust Services Vision USA 2013 SYMANTEC VISION 2013 10
Losses Due to Certificate Mishaps How much has each of these types of losses cost your company in the past 12 months? Medians shown Compliance-related costs, including fines Loss of revenue due to an expired or compromised certificate which scared customers away IT management time spent remediating certificate mishaps Downtime due to a certificate-related security breach $5,000 $6,000 $12,000 $19,740 Theft of intellectal property Loss of stock value due to negative press arising from certificate mishaps Loss of brand or reputation Higher call volume to customer or IT support $4,839 $8,424 $29,165 $26,302 Trust Services Vision USA 2013 SYMANTEC VISION 2013 11
We Break Down The Enterprise Issues Into 4 Objectives I don t really know what s in my network, and where! My teams have a hard time keeping our SSL installation inventory current and accurate. Certificate expiration presents a huge risk with revenue impact to my business and loss of productivity. Enforcing my SSL policies across the enterprise is not feasible with my tools today. Fines for not being compliant with regulations add up! Enabling my teams to spend their valuable time on items other than SSL installation and life cycle management would be ideal. Trust Services Vision USA 2013 SYMANTEC VISION 2013 12
We Break Down The Enterprise Issues Into 4 Objectives Increasing Asset VISIBILITY Maintaining CONTINUITY Meeting and Remaining COMPLIANT Increasing Operational EFFICIENCY Trust Services Vision USA 2013 SYMANTEC VISION 2013 13
CIC Helps Enterprises Address These Areas VISIBILITY COMPLIANCE Increasing Asset VISIBILITY Distributed and efficient discovery across networks Find unknown, misconfigured, and expired certificates from any CA Centralization and categorization of all data for indepth visibility, including key size and algorithm Meeting and Remaining COMPLIANT Enables user-customized reporting to assist with repeated evaluations of the network Assist with compliance-related activities and reports where historical proof is required Analytics to understand SSL state Vs. best practices CONTINUITY OPERATIONS Maintaining CONTINUITY Notifications and Alerting capabilities to provide early warnings on expirations and issues Advanced features like bounced email detection, tagging, notation, and digest notifications to assist with continuity efforts Increasing Operational EFFICIENCY Enable teams to be more proactive and efficient in planning to save time Reduce time taken to find trouble areas Ensure your operational processes are being followed and administered in your network Trust Services Vision USA 2013 SYMANTEC VISION 2013 14
Symantec Certificate Intelligence Center Discover, Track and Automate SSL Certificate lifecycle Automation Avoid painful, multi-step process to renew, transfer and install a certificate Consolidate to Symantec certificates Auto-discover supported applications Eliminate human error and installation overhead Discovery and Business Continuity Highly optimized discovery of SSL certificates Scheduled and on-demand discovery capabilities Rich reporting functionality Notification capabilities Trust Services Vision USA 2013 SYMANTEC VISION 2013 15
Symantec Certificate Intelligence Center Reduce time spent renewing certificates Reduce errors in certificate renewal
Features Dashboard & Reporting
Features Dashboard & Reporting
Features Automation Management
Features Symantec CIC for Mobile Trust Services Vision USA 2013 SYMANTEC VISION 2013 20
Trusted & Secure Website Trust Services Vision USA 2013 SYMANTEC VISION 2013 21
Symantec Recommends: Exercise your options on SSL deployment with algorithm agility Gain visibility and automate certificate lifecycle to reduce risk of business interruption and Increase operating efficiency Use value-add features like malware, vulnerability scanning & display trust seals to validate web site security and drive more visits Trust Services Vision USA 2013 SYMANTEC VISION 2013 22
Thank you! Lee-Lin Thye Lee-Lin_Thye@symantec.com 650-527-9474 SYMANTEC PROPRIETARY/CONFIDENTIAL INTERNAL USE ONLY Copyright 2013 Symantec Corporation. All rights reserved. Trust Services Vision USA 2013 23