Unified Security, ATP and more

Similar documents
Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

You ll learn about our roadmap across the Symantec and gateway security offerings.

Symantec Advanced Threat Protection: Network

Integrating MSS, SEP and NGFW to catch targeted APTs

The Symantec Approach to Defeating Advanced Threats

Cisco Advanced Malware Protection for Endpoints

Analyzing HTTP/HTTPS Traffic Logs

Securing Office 365 with Symantec

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Cisco Advanced Malware Protection

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Enterprise Security: Markets, Strategy, Roadmap, Go to Market

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Cisco Advanced Malware Protection for Endpoints

Find the needle in the security haystack

Symantec Advanced Threat Protection: Network

IBM QRadar Security Intelligence April 2013

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Investor Presentation

On and off premises technologies Which is best for you?

Better Together: Microsoft Office 365 & Symantec Office 365

SPEAR PHISHING AN ENTRY POINT FOR APTS

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Symantec Cyber Security Services: DeepSight Intelligence

Advanced Threat Protection with Dell SecureWorks Security Services

End to End Security do Endpoint ao Datacenter

Carbon Black and Palo Alto Networks

Palo Alto Networks. October 6

#ITtrends #ITTRENDS SYMANTEC VISION

WildFire. Preparing for Modern Network Attacks

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Check Point: Sandblast Zero-Day protection

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Protecting the Infrastructure: Symantec Web Gateway

APPLICATION PROGRAMMING INTERFACE

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Cisco Cyber Threat Defense - Visibility and Network Prevention

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Securing the endpoint and your data

IBM Security IBM Corporation IBM Corporation

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Evolving Threat Landscape

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Comprehensive real-time protection against Advanced Threats and data theft

Requirements When Considering a Next- Generation Firewall

Content Security: Protect Your Network with Five Must-Haves

ENABLING FAST RESPONSES THREAT MONITORING

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

The Hillstone and Trend Micro Joint Solution

Introducing IBM s Advanced Threat Protection Platform

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

SANS Top 20 Critical Controls for Effective Cyber Defense

Cyber Security Services: Data Loss Prevention Monitoring Overview

Security strategies to stay off the Børsen front page

IBM Advanced Threat Protection Solution

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Risk and threats everywhere, all the time

Detect & Investigate Threats. OVERVIEW

Public, Private, Hybrid:

Combating a new generation of cybercriminal with in-depth security monitoring

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Practical Threat Intelligence. with Bromium LAVA

Safeguarding the cloud with IBM Dynamic Cloud Security

How To Sell Security Products To A Network Security Company

RSA Security Anatomy of an Attack Lessons learned

Endpoint Threat Detection without the Pain

RSA Security Analytics

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Improving Business Outcomes: Plug in to Security As A Service Adrian Covich

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

End-user Security Analytics Strengthens Protection with ArcSight

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Moving Beyond Proxies

Secure Your Mobile Workplace

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Fighting Advanced Threats

Under the Hood of the IBM Threat Protection System

Security.cloud Configuring DLP on to your flow and applying security to your hosted deployment

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

IBM SECURITY QRADAR INCIDENT FORENSICS

Symantec Endpoint Protection

Payment Card Industry Data Security Standard

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

A New Perspective on Protecting Critical Networks from Attack:

24/7 Visibility into Advanced Malware on Networks and Endpoints

Transcription:

SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016

Unified Security 2

Symantec Enterprise Security Users Data Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Apps Threat Protection Information Protection ENDPOINTS DATA CENTER GATEWAYS DATA IDENTITIES Cloud Gateways Advanced Threat Protection Across All Control Points Built-In Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads: On-Premise, Virtual, & Cloud Cloud-based Management for Endpoints, Datacenter, and Gateways Integrated Data and Identity Protection Cloud Security Broker for Cloud & Mobile Apps User and Behavioral Analytics Cloud-based Encryption and Key Management Unified Security Analytics Platform Endpoints Data Center Log and Telemetry Collection Integrated Threat and Behavioral Analysis Unified Incident Management and Customer Hub Inline Integrations for Closed-loop Actionable Intelligence Regional and Industry Benchmarking 3

Symantec Threat Protection Endpoints Advanced Threat Protection Across Control Points Built-in Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads across On-Premise, Virtual, and Cloud Advanced Threat Protection Cloud-based Management for Endpoints, Datacenter, and Gateways Network/ Gateways Data Center 4

Symantec Information Protection Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats Data Identities Cloud Security Broker Access

Cyber Security Services MANAGED SECURITY SERVICES DEEPSIGHT INTELLIGENCE Track and Analyze Security Events, Creating Actionable Intelligence DEEPSIGHT INTELLIGENCE CYBER NE INCIDENT RESPONSE MANAGED SECURITY SERVICES Protect Against Targeted Attacks, Advanced Threats and Campaigns SECURITY SIMULATION INCIDENT RESPONSE Respond Quickly and Effectively to Credible Security Threats and Incidents SECURITY SIMULATION Strengthen Cyber Readiness to Prevent Today s Sophisticated, Advanced Attacks World-class Security Expertise Reactive to Proactive Integrated, End-to-End Security 6

Unified Security Analytics Blueprint Unified Security Applications SYMC Unified Security offerings & apps 3 rd -party offerings & apps Managed Services (SYMC or 3 rd party) ATP: ATP: Endpoint Network ATP: Email SymGauge Attack Detection UIM/ UII Unified Security Platform PRESENTATION SERVICES LAYER DATA LAYER Customer Portal Collection & Enrichment Services CUSTOMER DATA (NON-ANONYMIZED) Reports & Dashboards Analytics Services (Batch & Real-Time) Interactive Visualizations Unified Incident Hub Integration Services (with Detect/Protect Engines) GLOBAL DATA (ANONYMIZED) Collectors and control APIs Telemetry & APIs 3 rd party clouds Cloud security (e.g. for AWS) SYMC hosted security (e.g. Email, Web) SYMC on-prem products (e.g. SEP, DLP, DCS) 3 rd party products (e.g. Firewalls)

Advanced Threat Protection 8

What are Advanced Threats? Targeted Stealthy Persistent Targets specific organizations and/or nations for business or political motives Uses previously unknown zero-day attacks, root kits, and evasive technologies Sophisticated command and control systems that continuously monitor and extract data from the specific target 9

How They Work: Advanced Threats 10

Prevention alone isn t enough IDENTIFY PREVENT DETECT RESPOND RECOVER Knowing where important data is Stopping incoming attacks Finding incursions Containing & remediating problems Restoring operations 11

Uncover Advanced Threats across Endpoints, Networks and Email Uncover attacks in under one hour. Search for any attack artifact across your entire infrastructure, by file hash, registry key, or the source IP address and URL, with a single click of a button. Uncover attacks across endpoints, networks, and email, with one console, not three. 12

Prioritize what matter most with Symantec Synapse EFFECTIVE PRIORITIZATION Aggregate and correlate all suspicious activity across endpoints, networks, and email Fuse with data from Symantec Global Intelligence Network A UNIFIED INVESTIGATION Single view of all attack activity across control points Visualize and remediate all related attack artifacts. e.g. files, email addresses, or IP TANGIBLE RESULTS Reduce number of incidents security analysts need to examine No new agents to deploy or complex SIEM rules to write Streamlined security operations with Symantec ATP reduced up to 70% of our redundant email and network security alerts. This saved us so much time. Large services provider 13

Detect and Prioritize advanced attacks faster with Symantec Cynic Advanced machine learning analysis combined with Symantec global intelligence Designed to draw out VMaware malware; executes and analyzes the results Cloud platform enables rapid updates as malware evolves to avoid detection Broad coverage: Office docs, PDF, Java, containers, portable executables Detects stealthy and persistent threats that traditional defenses miss Detect threats designed to evade VMs by using physical & virtual machines Conviction and intelligence always available within minutes not hours. Quick, accurate analysis of nearly all types of potential malicious content Symantec Cynic detected a targeted attack from a nation state as it came in and enabled our security operations team to respond to it quickly. international electric company Cynic detected a trojanized version of a legitimate software package that a member of my security team downloaded. It saved us from a massive security breach. leading food provider 14

Prevent, detect and respond across multiple control points to gain maximum benefit and protection Email Security.cloud + Advanced Threat Protection: Email Symantec Global Intelligence Symantec Cynic Symantec Synapse Symantec Advanced Threat Protection SEP Manager Real-time Inspection t BLACK LIST Blacklist Vantage Insight AV Mobile Insight SEP Endpoints Remote / Roaming SEP Endpoints Remote / Roaming SEP Endpoints UNCOVER PRIORITIZE REMEDIATE Physical & virtual detonation from cloudbased sandbox Correlate across endpoint, network, and email Block, clean, and fix in real-time 15

ADVANCED THREAT PROTECTION MODULES 16

Symantec Advanced Threat Protection: Endpoint Add Endpoint Detection and Response (EDR) capabilities to Symantec Endpoint Protection No new agents required Virtual appliance or physical hardware appliance Search for suspicious events and new threats in real-time Sweep endpoints for Indicators of Compromise Respond and contain threats immediately Use Cynic sandboxing to detect advanced threats. Automatically correlates with ATP: Network and Email Security.cloud events INCLUDES THE CORE PLATFORM SYMANTEC CYNIC New cloud-based sandboxing and payload detonation service SYMANTEC SYNAPSE New event prioritization and correlation. 17

Symantec Advanced Threat Protection: Network Uncovers and prioritizes advanced attacks entering the organization through HTTP, FTP and other common network protocols Virtual appliance or physical hardware appliance Deploy into the core network switch Tap/Span port. Monitors internal inbound and outbound internet traffic Network visibility into all devices and all protocols Automated sandboxing with Symantec Cynic Automatically correlates with Symantec Endpoint Protection and Email Security.cloud events INCLUDES THE CORE PLATFORM SYMANTEC CYNIC New cloud-based sandboxing and payload detonation service SYMANTEC SYNAPSE New event prioritization and correlation. 18

Symantec Advanced Threat Protection: Email Enhance Symantec Email Security.cloud with advanced detection and reporting capabilities Cynic sandboxing detects advanced threats in attachments Identify targeted attacks against an organization or specific user Detailed reporting and severity levels for prioritization On-demand data export for SIEMs Easily managed via Symantec.cloud management portal Automatically correlates with Symantec Endpoint Protection and ATP: Network events INCLUDES THE CORE PLATFORM SYMANTEC CYNIC New cloud-based sandboxing and payload detonation service SYMANTEC SYNAPSE New event prioritization and correlation. 19

THANK YOU. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information