ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones Web Security Deployment Options 1
1 The threat landscape 2 Why Symantec web security 3 Generic differences to consider when choosing a platform 4 Why there are functionality differences across platforms 5 Driving priorities to obtain feature parity where possible 2
Threat landscape continues to worsen Malware Attacks Rising Targeted Attacks Expand Mobile Threats Expose All Data Breaches Rising 3
Web malware continues to rise Attack tool kits continue to flourish Increase efficacy of known vulnerabilities 4
Which website is more dangerous? 5
Most harmful websites by categories Sites with poor security become easy targets for malware authors Some businesses understand customers will not visit sites that infect them 6
Social engineering is effective in social media Users willing to help infect themselves 7
Symantec is #1 Leader in Security Software Based on 2011 Gartner Estimate of Worldwide, Revenue Market Share Market Share Analysis: : Security Software, Worldwide, 2011, April 12, 2012, Ruggero Contu, Matthew Cheung, Gartner 8
Symantec Global Intelligence Network Turning intelligence into protection Global Intelligence Network 1 Power of the Cloud 2 Advanced Malware Detection 3 Strongest Email Security 4 Strongest Web Protection Real-time analysis of spam and malware traffic in the cloud with Skeptic Drives enhanced heuristic and signatures Drives global intelligence across products Malware intelligence from > 130M systems Heuristics examine file attributes and vulnerability exploit attempts Blocks new and unknown threats > 99.85% effectiveness < 1 in a million false positives 400 million IPs - known spam and safe senders Stop marketing email Machine learning & URL intelligence prevent phishing Insight protects against new, mutated, & targeted malware Insight is powered by 210M users, 3.1B files Botnet and infected client protection Block connections to Malicious IPs & URLs Web Security Deployment Options SYMANTEC VISION 2012 9 9
Symantec Global Intelligence Network Turning intelligence into protection Source: IDC, Worldwide and U.S. Security Service Threat Intelligence 2011-2014 Forecast: Out of the Basement and into the Clouds. 10
Many of the differences between cloudbased and on-premises web security platforms are generic and not vendor specific 11
Map your business requirements to your web security deployment platform Areas of consideration when choosing a web security deployment platform Flexibility and total cost of ownership Current and future IT environment Security and regulatory requirements Key functionality 12
Map your business requirements to your web security deployment platform Flexibility and total cost of ownership Organisation Requirement Hardware appliance Virtual appliance Cloud SaaS Capital or operational expenditure Capex Both Opex Predictable per-user costs Easily scales to accommodate additional load Fast implementation Easy to maintain Free up staff to focus on core business activities Minimal additional cost of HA and DR 13
Map your business requirements to your web security deployment platform IT environment Organisation Requirement Hardware appliance Virtual appliance Cloud SaaS Reduce organisation s data centre costs Distributed network with lots of branch offices Protect and enforce web AUP on roaming users Increase ROI of existing virtual infrastructure N/A N/A 14
Map your business requirements to your web security deployment platform Security and regulatory Organisation Requirement Hardware appliance Virtual appliance Cloud SaaS Quickly address all privacy concerns All data must be stored in a specified country Guarantee the security posture of the platform Enforce DLP policy before data leaves the network Service level agreements N/A N/A Provider has local legal jurisdiction N/A N/A 15
Products evolve to meet customer requirements 16
Broad messaging & web portfolio Email AntiSpam.cloud Email AntiVirus.cloud Email Image Control.cloud Email Content Control.cloud Email Boundary Encryption.cloud Policy Based Encryption.cloud Web Security.cloud Instant Messaging Security.cloud SMTP, HTTP Content Encryption PGP Universal Gateway Email Internet SMTP Messaging Gateway Hardware or virtual Mail Security for Groupware Data Loss Prevention Web Gateway Hardware or virtual HTTP / HTTPS and all other ports and protocols Web Security Deployment Options SYMANTEC VISION 2012 17
Map your business requirements to your web security deployment platform Functionality Symantec Web Gateway Application control Flexible deployment options Monitors the network for infections Scan and enforce policy on HTTPS Data loss prevention.cloud web security Common management platform for email and web Client to support roaming users 18
Web Gateway is more than URL filtering Symantec Web Gateway Appliance or VM HTTP HTTPS Symantec DLP Network Prevent for Web Web Botnet Detection Infected Client Detection Application Control Insight File Reputation Malware Content Scanning URL Content Filtering Domain and IP Reputation Client Web Security Deployment Options SYMANTEC VISION 2012 19
Web Gateway can be deployed standalone or to complement existing URL filters Port Span/Tap (Monitoring or Blocking) Inline (Monitoring or Blocking) Web Security Deployment Options SYMANTEC VISION 2012 20
Cloud-based web security presents some unique challenges that Symantec manages for our customers A summer of sports in the UK does it matter to me? 2012 Olympics 2012 Paralympics The Open 2012 Wimbledon 21
Summer of sports managing demand for online coverage Euro 2012 8 Jun 1 Jul Wimbledon 25 Jun 8 Jul Olympics 27 Jul 12 Aug every sport from every location... BBC Olympic Vision Predicted 2,500 hrs of online viewing 1,000 hrs of online exclusive footage (footage that will not be broadcast anywhere but online) UK Government advising of possible internet caps & general disruption Actions taken: Architecture hardened Additional capacity now on-line E-Level discussions with peering and technology partners Cross functional team in place to manage potential incidents 22
Development themes drive feature parity between.cloud and on-premises products Protection Attack toolkits continue to exploit existing vulnerabilities Web is a major attack vector 4595 blocked per day in 2011 Compromised PCs 3m bot zombies monitored in 2011 Control Web is a major vector for data loss Only 10% of organizations address outbound threats from wellmeaning or malicious insiders Management & Platform Visibility and control of the operating environment, configuration and reporting Compatibility with hardware/software components, network protocols, external product integrations, etc 23
Recent enhancements were driven by customer requirements and feature parity 24
Recent enhancements address customer requirements and drive feature parity Protection Symantec Web Gateway Insight file reputation SSL decryption Future Future Web Security.cloud 25
Symantec Insight Proactive Protection from New, Targeted Threats Leverages anonymous telemetry data from 210M+ machines to construct a massive nexus of files, machines and domains Tracks nearly every binary in the world 3.1 billion files, adding 37 million every week Uses age, prevalence, source and other attributes to assign a reputation rating to files Can accurately identify and block threats even if just a single Symantec user encounters them Bad Safety Rating File is blocked No Safety Rating Yet Can be blocked Good Safety Rating File is whitelisted Web Security Deployment Options SYMANTEC VISION 2012 26
Recent enhancements address customer requirements and drive feature parity Symantec Web Gateway Web Security.cloud Control Enterprise DLP integration Rulespace web categorisation Future native DLP Available already Added uncategorised site feedback Application control enhancements N/A 27
Web Gateway and data loss prevention Challenge: Customers want to enforce DLP policies over Web traffic Web traffic can be SSL encrypted Customers want a robust solution from a single vendor Solution: Connect SWG + DLP Network Prevent for Web Utilize SWG to decrypt SSL traffic and pass content to DLP SWG blocks/modifies content based upon DLP policies Web Security Deployment Options SYMANTEC VISION 2012 28
Application control and file leakage Inspects all internet bound traffic for popular web applications Signature Based Not reliant on ports Supports over 100 Applications and Protocols IM, P2P, DB Apps, Remote Access, VoIP, etc File transfer protocols, email protocols, network protocols, etc. Monitor / Control Application Usage Focus on Public IM Safety Antivirus scan on files transferred Can Allow Chat / Prevent Downloads File Leakage Control File Uploads/Downloads Monitor File Names Web Security Deployment Options SYMANTEC VISION 2012 29
Recent enhancements address customer requirements and drive feature parity Symantec Web Gateway Web Security.cloud Management and platform Virtual appliance deployment Proxy deployment and caching N/A N/A N/A N/A Regional geo location for Smartconnect Efficiency improvements to Client Site Proxy 30
Web Gateway virtual edition for easy deployment Deployment Types (Feb 2012) Easy to trial Costs less no additional hardware required Personalised deployment mix of virtual and physical to suit your IT infrastructure Quickly respond to increase in Web traffic dynamic capacity allocation 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Physical Virtual 31
Future priorities driven by customer requirements and feature parity Disclaimer Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions. Web Security Deployment Options SYMANTEC VISION 2012 32
Development themes drive feature parity between.cloud and on-premises products Symantec Web Gateway Web Security.cloud Protection Available already HTTPS decryption Control Available already Data loss prevention Management & Platform N/A Additional capacity 33
Web Security.cloud data loss prevention New DLP Add-on Pre-canned policies, leveraging Symantec DLP definitions Key resources shared between web and email offerings Create policies in test-mode prior to going live - TBC Reporting on matched content with surrounding content Enhanced granular policy configuration 34
Things to consider when choosing the right deployment platform for web security TCO Flexibility Opex or capex and budget constraints Resources to maintain and manage on-premises products Amount of change is happening within your organisation Environment Investment in virtualisation Numbers of Internet connections and branch offices Roaming users support Security Regulatory Regulatory compliance Importance of SLAs Functionality Choice of form factor map to your requirements Assess individual products to determine which meets your needs 35
Other sessions of interest ISB09 (114, tomorrow 9:00) SONAR, Insight, Skeptic and GIN - The Symantec secret sauce ISB14 (This room, next session) Are You Getting the Most From Symantec Protection Suite? ISB11 (114, tomorrow 11:45) Demo: integrating Symantec products to get the ultimate protection ISB07 (114, tomorrow 13:45) The roadmap for Symantec infrastructure protection products Web Security Deployment Options SYMANTEC VISION 2012 36
Thank you! Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Web Security Deployment Options 37