Jeff Warson, GCIH, SCPS, CISSP, CCSK Sr. Principal Security Strategist Symantec Corpora5on
Agenda 1 2 3 4 5 Sources of a Breach Key IT Security Trends How is DLP Implemented Symantec's Strategy and Recent Acquisitions How Symantec can help
Sources of a Breach Organized Criminal Well Meaning Insider Malicious Insider 3
More Sophis5cated AAacks Complex Heterogeneous Infrastructure Key IT Security Trends Explosion of Informa5on Increased Cost of Incidents
Data Loss Preven;on Is Impera;ve Insiders and partners cause most breaches Insiders make mistakes handling data Broken business processes increase risk Compliance mandates data protec5on Increased focus on data privacy Need to demonstrate data controls 76% of breaches 81% of companies breached were not PCI compliant More complex threats to your data External threats target high value data Limited visibility of where data is $6.7 million average cost of a breach
How is DLP implemented?
Con;nuous Risk Reduc;on Visibility 1000 Remedia;on 800 No;fica;on 600 400 Incidents Per Week Preven;on 200 0 Risk Reduc;on Over Time
Successful DLP Workflow 8
Customer Example Reduce risk by another Reduce risk by Additional 20-25%, increased risk reduction by 25%+, visibility to coverage 30%+, increased of exposed coverage all network traffic confidential of exposed Tighter data, controls confidential when and exposed increased data, policies increased endpoint violated, endpoint full confidential data coverage, coverage automation employee and robust education response via Notifications rules, increased risk reduction
Symantec Named as a Leader in 2010 Gartner Magic Quadrant for Content- Aware Data Loss Preven;on challengers leaders ability to execute niche players Trustwave Verdasys Fidelis Security Systems Palisade Systems Trend Micro GTB Technologies CA visionaries Symantec McAfee Websense RSA (EMC) Code Green Networks Source: Gartner, Inc., Magic Quadrant for Content- Aware Data Loss Prevention, Paul Proctor, Eric Ouellet, June 2, 2010. The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. completeness of vision As of June2010 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Symantec.
Symantec s Strategy and Recent Acquisi;ons
Symantec s Security Strategy and Recent Acquisi;ons Security Need Offering Protect Iden55es VeriSign Iden,ty & Authen,ca,on Protect Devices Protect Informa5on Develop and Enforce IT Policies Manage Systems Symantec Protec,on Suite DLP & Encryp,on Suite Control Compliance Suite IT Management Suite Symantec will be able to sell you the pieces or provide the whole enchilada If this isn t an exci5ng security business model, nothing is. Jon Oltsik, Enterprise Strategy Group, May 2010 Symantec has agreed to acquire VeriSign s iden5ty and authen5ca5on business and plans to use the circle check mark logo aaer closing.
How can Symantec Help? Risk Assessments: Free 2-3 week engagement Monitor Network Traffic Scan Storage Execu5ve Level delivery of results Advisory Services: Paid Engagements Informa5on Exposure Assessments PCI Assessments Penetra5on Tes5ng Secure Code and Network Design Security Program Assessments