Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Similar documents
How Shared Security Intelligence Can Better Stop Targeted Attacks

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Securing the endpoint and your data

Secure Your Mobile Workplace

Integrating MSS, SEP and NGFW to catch targeted APTs

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo

You ll learn about our roadmap across the Symantec and gateway security offerings.

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner

UP L13: Leveraging the full protection of SEP 12.1.x

Symantec Managed Security Services The Power To Protect

On and off premises technologies Which is best for you?

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Find the needle in the security haystack

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Better Together: Microsoft Office 365 & Symantec Office 365

Unified Security. Stephen Trilling Senior Vice President of Product Management, Symantec

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

End to End Security do Endpoint ao Datacenter

Protecting the Infrastructure: Symantec Web Gateway

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Unified Security, ATP and more

Mobile App Reputation

/Endpoint Security and More Rondi Jamison

#ITtrends #ITTRENDS SYMANTEC VISION

Countering Insider Threats Jeremy Ho

IBM Advanced Threat Protection Solution

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

Symantec Protection Center Enterprise 3.0. Release Notes

SPEAR PHISHING AN ENTRY POINT FOR APTS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

How we keep harmful apps out of Google Play and keep your Android device safe

Cyber intelligence in an online world

Best Practices for a BYOD World

Walter Bogorad, Lead Architect Aman Manik, Principal Product Manager. Secure File Sharing Using Norton Zone powered by Symantec

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Introducing IBM s Advanced Threat Protection Platform

Security Business Intelligence Big Data for Faster Detection/Response

Norton Mobile Privacy Notice

Chief Security Strategist Symantec Public Sector

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

To Catch A Thief: Preventing the Next Fortune 500 Data Breach

Cyber and Mobile Landscape, Challenges, & Best Practices

McAfee Network Security Platform Administration Course

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Insight. Security Response. Deployment Best Practices

Billion Dollar Botnets:

SR B10: Improving Antispam Effectiveness and Protecting Against Threats with Submissions 2.0

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking


INFORMATION PROTECTION

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Symantec Advanced Threat Protection: Network

Palo Alto Networks. October 6

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Deciphering and Mitigating Blackhole Spam from -borne Threats

How To Get A Cloud Service For A Small Business

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

The Symantec Approach to Defeating Advanced Threats

Symantec Cyber Security Services: DeepSight Intelligence

Zscaler Internet Security Frequently Asked Questions

Correlation and Phishing

IBM Security X-Force Threat Intelligence

Reputation based Security. Vijay Seshadri Zulfikar Ramzan Carey Nachenberg

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

IBM QRadar Security Intelligence April 2013

Cisco Security Intelligence Operations

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

The webinar will begin shortly

End-user Security Analytics Strengthens Protection with ArcSight

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Webroot Security Intelligence. The World s Most Powerful Real-Time Network Security Services

Symantec Endpoint Protection

Cisco Advanced Malware Protection

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Symantec Endpoint Security Management Solutions Presentation and Demo for:

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Practical Threat Intelligence. with Bromium LAVA

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Comprehensive real-time protection against Advanced Threats and data theft

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Under the Hood of the IBM Threat Protection System

The Incident Response Playbook for Android and ios

Symantec Endpoint Protection Analyzer Report

Securing OS Legacy Systems Alexander Rau

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Symantec Endpoint Protection

IBM Security IBM Corporation IBM Corporation

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Streamlining Web and Security

Websense Web Security Solutions

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Security A to Z the most important terms

All about Threat Central

Transcription:

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data in Action 1

Agenda Symantec s Data Analytics Platform Creating Powerful Big Data Applications Big Data Enabling Targeted Attack Detection Symantec Vision 2014 - Big Data in Action 2

Symantec Data Analytics Platform Symantec Vision 2014 - Big Data in Action 3

SYMANTEC DATA ANALYTICS PLATFORM A generic platform for converting data into intelligence High volume loading Analytics Data mart Massively-parallel data store Symantec Vision 2014 - Big Data in Action 4

All Security Telemetry in One Place File/user/site associations File heuristics Behavior heuristics Industry feeds Email Traffic Hygiene Parent program File name/path Instruction use File structure Digital signature Has a GUI Settings changes In program menu Vendor A sent us this file IP address Y sends spam Email has malicious URL File hash File hash File hash File hash IP/URL IP/URL IP/URL Machine ID Machine ID Machine ID Network traffic IP source IP destination Vulnerability ID SSL certification Domain Level of VeriSign SSL certification Honeypot sensors Suspicious traffic from IP address X Web site details Popularity PII fields Site age Hundreds of additional features File hash File hash IP/URL IP/URL IP/URL IP/URL Machine ID Machine ID Machine ID Symantec Vision 2014 - Big Data in Action 5

SYMANTEC DATA ANALYTICS PLATFORM Raw features Big Data System Intelligence driven applications Examples: Downloads Web site visits Intrusion alerts Malware alerts Behaviors File appearance Crashes Symantec Data Analytics Platform 2 1 0 0 0 0 0 0 0 0 0 0 0 2.1 trillion rows of data 55,000 rows added every second File URL Crash Behavior Forms SONAR engine File Insight Scam Insight URL Insight Crash Ratings Intelligence Symantec Vision 2014 - Big Data in Action 6

Symantec BIG DATA Platform Tracks more than 13.8 Billion files Tracks more than 21.3 billion URLs FILES + MACHINES + URLs are viewed as a huge graph comprising of 152 billion nodes that expresses relations between them that drives our unique hygiene based ability to rate files and URLs Advanced machine learned predictive models (using this data) rates files and URLs We respond to more than ~10Billiion queries per day to protect users from security risks Billions of artifacts Tracked or Analyzed Per Day We aggregate malware metadata information on our analytics platform from various internal and external sources that helps us accurately rate files and URLs. This is currently 150 TB loaded into our DB. We have loaded a total of 2.1 trillion rows, growing monthly at the rate of 100+ billion rows Symantec Confidential - Features for CY2013 Releases Symantec Vision 2014 - Big Data in Action 7

Big Data Applications Symantec Vision 2014 - Big Data in Action 8

Symantec Big Data Applications 1. File & URL Insight blocks malicious files and URLs based on the wisdom of the crowd 2. File & Behavioral Heuristics predicts risk about files and processes using classifiers 3. Scam Insight predicts if a web site might steal your personal information (e.g. CC) 4. Mobile Insight predicts security, privacy, and performance of mobile apps 5. Fraud Detection Services uses endpoint reputation for intelligent authentication and fraud detection 6. Synapse - Endpoint, Email, and Network correlation - correlates events across control points 7. Stability Ratings predicts if a program will crash your machine Symantec Vision 2014 - Big Data in Action 9

File Insight Overview File X just arrived on computer Y 1 Collect data 2 Place data in a central store File X has a low reputation 4 3 Deliver reputation scores Analyze relationships to calculate reputations Symantec Vision 2014 - Big Data in Action 10

Insight makes decisions based on who downloads what from where 150+ Billion associations Symantec Vision 2014 - Big Data in Action 11

File and Behavioral Heuristics Collects millions of programs Community Watch File & behavior profiles Over 500 million profiles, hundreds of attributes 1 2 3 Machine learning engine Analyzes patterns of good and bad programs Changes DNS settings Modifies browser homepage Disables UAC Changes security settings Adds desktop shortcut Is signed by good CA Distributed to our products LiveUpdate Symantec Vision 2014 - Big Data in Action 6 5 4 Symantec Security Response Classification rules undergo rigorous certification Classification rules Creates rules for classifying files as good or bad 12

Scam Insight Detects sites that try to steal key information like your credit card number or cell phone number These sites aren t traditional phishing - Counterfeit products - Small banks - Easy cash/loans/awards We found one that tricks users into signing up for a premium SMS service at $10/month now we block this, protecting over 10k potential victims per day We know about every web site (traffic volume, age, SSL, referrals) We see which sites ask for credit cards, passwords, etc. We warn users about new sites asking for this data Symantec Vision 2014 - Big Data in Action 13

STAR MOBILE INSIGHT App automation Advanced static analysis & heuristics Symantec Data Analytics Platform Machine learning and rules create new insight Collect Inspect Safe? From mobile devices, app stores, and partners Run Attributes Trustworthy? Privacy leak? Battery drain? Rapid forced runtime analysis in a VM Insight Telemetry and feeds already in SDAP & more Symantec Vision 2014 - Big Data in Action 14

Solving the Challenges: Advanced Threat Protection Synapse correlation of events across control points Email.cloud Events Provides meaningful prioritization for incident responders, saving time Closes the loop from network event to target machine or user Symantec Cloud Events Events Gateway SEP Symantec Vision 2014 - Big Data in Action 15

INTELLIGENCE ANALYSIS April 12, 2012 May 7, 2012 July 10, 2012 Symantec Vision 2014 - Big Data in Action 16

INTELLIGENCE ANALYSIS Symantec Vision 2014 - Big Data in Action 17

INTELLIGENCE ANALYSIS Symantec Vision 2014 - Big Data in Action 18

INTELLIGENCE ANALYSIS Symantec Vision 2014 - Big Data in Action 19

INTELLIGENCE ANALYSIS Symantec Vision 2014 - Big Data in Action 20

INTELLIGENCE ANALYSIS Symantec Vision 2014 - Big Data in Action 21

INTELLIGENCE ANALYSIS Symantec Vision 2014 - Big Data in Action 22

Thank you! Please take a few minutes to fill out the short session survey available on the mobile app the survey will be available in the mobile app shortly after the session ends. And then watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference. To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the itunes or Android stores. 23

Thank you! Patrick Gardner pgardner@symantec.com Sourabh Satish ssatish@symantec.com Copyright 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Symantec Vision 2014 - Big Data in Action 24

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information