Finding Email Security in the Cloud



Similar documents
Securing Office 365 with Symantec

Symantec Messaging Gateway 10.6

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Cyber Security Services: Data Loss Prevention Monitoring Overview

Symantec Endpoint Protection

Symantec Messaging Gateway 10.5

The Symantec Approach to Defeating Advanced Threats

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Web Protection for Your Business, Customers and Data

Host-based Protection for ATM's

How to Unlock Agility by Backing up to, from, and in the Cloud

Top 5 Reasons to Choose User-Friendly Strong Authentication

Symantec Cyber Security Services: DeepSight Intelligence

Symantec Protection Suite Add-On for Hosted and Web Security

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Symantec Mobile Security

Symantec Messaging Gateway powered by Brightmail

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

Symantec Endpoint Protection

SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5

Payment Card Industry Data Security Standard

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

2012 Endpoint Security Best Practices Survey

Symantec Endpoint Protection

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Spear Phishing Attacks Why They are Successful and How to Stop Them

INFORMATION PROTECTED

Achieving Business Agility Through An Agile Data Center

Fighting Advanced Threats

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

TRITON APX. Websense TRITON APX

Symantec Security.cloud - Skeptic Whitepaper

Symantec Control Compliance Suite Standards Manager

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Symantec RuleSpace Data Sheet

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

ENABLING FAST RESPONSES THREAT MONITORING

Endpoint Protection Small Business Edition 2013?

Symantec Enterprise Vault for Microsoft Exchange Server

WEBSENSE SECURITY SOLUTIONS OVERVIEW

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Content Security: Protect Your Network with Five Must-Haves

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

isheriff CLOUD SECURITY

Symantec Endpoint Protection

Securing Mobile App Data - Comparing Containers and App Wrappers

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Cisco Security Intelligence Operations

Realizing the True Potential of Software-Defined Storage

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Microsoft Office 365 Migrations with Symantec Enterprise Vault.cloud

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Comprehensive real-time protection against Advanced Threats and data theft

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1

Simplify Your Windows Server Migration

OVERVIEW. Enterprise Security Solutions

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

INTRODUCING isheriff CLOUD SECURITY

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Symantec Advanced Threat Protection: Network

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

SIZE DOESN T MATTER IN CYBERSECURITY

Unified Security, ATP and more

Backup Exec 15: Protecting Microsoft SQL

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Symantec Mobile Management for Configuration Manager 7.2

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Symantec Endpoint Protection Datasheet

Backup Exec 2014: Protecting Microsoft SharePoint

End-to-End Application Security from the Cloud

Integrating MSS, SEP and NGFW to catch targeted APTs

Managing Web Security in an Increasingly Challenging Threat Landscape

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Backup Exec 2014: Protecting Microsoft SQL

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Transcription:

WHITE PAPER: FINDING EMAIL SECURITY IN THE CLOUD Finding Email Security in the Cloud

CONTENTS Introduction 3 I. Why Good Enough Security is Never Good Enough 3 Mind your security gaps 4 II. Symantec Email Security.cloud: Comprehensive Security for Cloud-based Email 4 Intelligent, real-time protection against targeted threats and zero-day attacks 4 Superior protection against malicious email links 5 DLP and Encryption with policy-based controls 5 Bringing all the pieces together with a unified management portal 6 Industry-leading SLAs with guaranteed results 7 Complete protection through every step of your transition to the cloud 7 III. Transition to the Cloud with Confidence 7 2

Introduction How can you embrace the benefits of cloud-based email and productivity solutions without compromising security or adding risk? Microsoft Office 365, Google Apps, and other cloud-based productivity solutions are clearly transforming the way IT departments deliver apps and services to their users. In February of 2014, Microsoft reported that over the course of one year more than 15 percent of its Exchange installed base had moved to Office 365, which represented a shift of around 40 million business mailboxes 1. Gartner also predicts that by 2018, cloud office systems will achieve a total market penetration of 60% 2. This rapid and fairly dramatic move to cloud-based productivity solutions makes sense. These hosted offerings provide users with new flexibility and more efficient ways to collaborate, and they offer businesses and IT departments significant cost savings and lower administrative overhead compared to traditional on-premise applications. But what about security? Exactly how much protection do these next-generation cloud-based email and productivity solutions provide? Microsoft, Google, and other cloud vendors are quick to point out that their cloud-based email offerings include free antimalware and DLP protection. But how complete and effective are these built-in capabilities? And what else should you consider from a security standpoint as you contemplate the transition to cloud-based solutions like Microsoft Office 365? Organizations obviously need solid answers to these questions before they can fully embrace cloud-based email and productivity apps. And finding those answers means clearly understanding what today s biggest email security threats are, accurately assessing how much protection today s cloud-based email and productivity solutions can realistically provide, and knowing when and where to turn for additional security capabilities that can enhance and protect cloud-based mailbox solutions. The average total cost of a data breach is $3.5 million* Consider the Costs What kind of impact can malicious emails have on your organization? The costs go far beyond isolation and cleanup: IP theft Regulatory fines Litigation costs Lost revenue Damaged reputation *Source: Ponemon Institute; 2014 Cost of a Data Breach Study Why Good Enough Security is Never Good Enough Smart, comprehensive email security whether your email system is on-premise, cloud-based, or both begins with a clear, realistic understanding of what you re up against. Email is still the most popular and pervasive tool cybercriminals use to launch and distribute threats. According to the 2014 Symantec Internet Security Threat Report (ISTR), one out of every 392 emails in 2013 was a phishing attack and 25 percent of all email messages contained links to known malware. This high volume of email threats is certainly nothing new, but the nature of these attacks has also changed dramatically. The 2014 ISTR documented a 91 percent increase in targeted attacks compared to the previous year, many of which were introduced through email systems. These advanced targeted and zero-day threats are much more difficult to detect and stop than traditional malware, and standard signature-based anti-malware tools have proven to be largely ineffective against them. In addition to these elusive and dangerous targeted attacks, cybercriminals are using increasingly sophisticated methods to disguise malicious URL links embedded in email messages. This includes randomly redirecting links to a sequence of different destinations around the world and adding programmed time delays. These new techniques are highly effective at disguising malicious links and fooling traditional link scanning tools. Finally, it s important to remember that targeted attacks, malicious link redirects, and other malware-related threats aren t the only email security dangers you have to worry about. Data loss through email is another serious issue, so you need to proactively enforce your security and compliance policies and protect employees when they share sensitive information and attachments over email. And of course, you have to determine how much of your email content you need to encrypt and then have a reliable solution in place for monitoring and managing those encryption policies. 1 Source: Bott, Ed. Office 365: After One Year, How s Microsoft Doing? ZDNet. Feb. 21, 2014. 2 Source: New Developments in the Cloud Office System Market. Gartner. 2013 3

Mind your security gaps When you look at today s broad security landscape and how it applies specifically to email it quickly becomes apparent that the baseline security capabilities included with Microsoft Office 365, Google Apps, and other cloud-based email and productivity solutions simply aren t fully up to the task of keeping your organization safe. For example, Microsoft Office 365 only includes basic, signature-based anti-malware capabilities, which can t detect or block most of today s sophisticated targeted and zero-day attacks. The phishing link protection in Office 365 is limited to a list of known bad domains, so it doesn t offer much protection against the sophisticated redirect and time delay techniques cybercriminals use to disguise malicious links. And the built-in data loss prevention and encryption capabilities in Office 365 only offer limited policy management capabilities. Fortunately, you re not limited to these baseline security capabilities when you make the move to cloud-based productivity and email solutions. Symantec offers a security solution Symantec Email Security.cloud that integrates with, complements, and enhances the built-in security that s included with cloud-based email and productivity solutions like Office 365, Google Apps, and others. Symantec Email Security.cloud: Comprehensive Security for Cloud-based Email Symantec Email Security.cloud starts with the same multi-layered approach to blocking malware and elusive targeted attacks that has made Symantec the industry leader in security. This includes multiple analysis engines that are continually updated to scan emails and accurately detect and eliminate known spam and malware threats. This is similar to the anti-malware and anti-spam capabilities you get with Office 365 and other cloud-based productivity tools, but with Symantec, it s just the beginning. The Symantec Email Security.cloud Difference Multiple advanced analysis engines Skeptic heuristic technology Symantec Global Intelligence Network Large, experienced research team dedicated to identifying and analyzing advanced malware Intelligent, real-time protection against targeted threats and zero-day attacks In addition to the industry s most proven and trusted signature-based protection, Email Security.cloud leverages Symantec s advanced heuristic technology called Skeptic to guard against new and advanced targeted attacks. Unlike the anti-malware protection that s included with Office 365 and other cloud-based email solutions, Skeptic interprets and analyzes more than 8.4 billion email messages and 1.7 billion web requests that are collected by Symantec s global intelligence network every day to detect and block new forms of malware. This makes it possible to catch and help stop zero-day attacks and targeted threats that traditional anti-malware solutions typically miss. It also creates an intelligent, adaptable layer of protection that can stop malware as it evolves and changes. In the very unlikely event that any malware manages to slip through all of these advanced protection technologies, a team of experienced security analysts is always working tirelessly behind-the-scenes to analyze and identify potential new threats and dangers. If they catch something, you ll be notified immediately and provided with fast, effective remediation steps. Other vendors claim to leverage this kind of global security intelligence. But when you look at the numbers, it s obvious that no other email security company can match the size and scope of Symantec s Global Intelligence Network which constantly collects massive amounts of data from more than 41.5 million attack sensors around the world and analyzes it using a global team of live security researchers and analysts. 4

Superior protection against malicious email links Symantec Email Security.cloud offers equally advanced protection against malicious email links. The link scanning capabilities in Office 365 and other cloud-based email offerings are limited to blacklists of known bad URLs, which cybercriminals often avoid by using shortened links that get redirected multiple times before reaching their final destinations. Symantec Email Security.cloud overcomes these advanced evasion tactics with intelligent Real-Time Link Following that traces full or shortened redirect links all the way back to their final destinations, analyzes the content in real-time, and prevents emails with bogus links from ever showing up in your users inboxes. Track Down Elusive Links with Real-Time Link Following REDIRECTS TO REDIRECTS TO LINK ANALYZED! MALICIOUS CONTENT IDENTIFIED INTELLIGENCE UPDATED Real-Time LInk Following Gets Big-Time Results Last year, attackers launched an extensive campaign that consisted of 39 different attacks over a six-week period. These attacks targeted a wide range of different industries, including education, finance, and government, and they all featured emails that contained malicious URL links with multiple redirects. With its advanced Real-Time Link Following capabilities, Symantec Email Security.cloud followed the link redirects back to their sources, identified them as malicious, and proactively blocked the emails all in real-time. DLP and Encryption with policy-based controls Symantec Email Security.cloud goes far beyond the basic signature-based security capabilities in Office 365 to keep your organization safe from targeted malware, zero-day attacks, and elusive email links. But it also enhances your ability to prevent private or sensitive data from leaving your network through email messages or attachments whether you re working to protect your own intellectual property, comply with government regulations, or both. Powerpoint with a Vengeance When a major broadcasting corporation produced a news story on a controversial topic, activist hackers expressed their displeasure by launching a spear phishing attack that featured executable malware embedded inside a PowerPoint email attachment. Fortunately, the advanced heuristic security capabilities in Symantec Email Security.cloud working together with a team of live analysts proactively detected the threat and prevented emails with the malicious file from ever reaching their intended recipients. With Symantec Email Security.cloud Data Protection, you can define and enforce granular policies for controlling email-related data loss. This includes leveraging proven libraries and templates based on Symantec s market-leading data loss prevention technology. These flexible policies give you total, customizable control over what types of content and attachments users can email to people outside your organization. Then, you can use this same policy-based approach to define which emails should be encrypted based on message attributes or message content and trigger an automatic, seamless encryption process that is totally transparent to the sender. Office 365 also includes basic email encryption, but it s linked to the email recipient s password, which means your intellectual property may only be as secure as a contractor s weak password. Finally, it s important to note that Microsoft has no contingency plan if an attacker steals an Office 365 user s login credentials to compromise an account, which actually opens up a totally new attack vector. The Symantec Email Security.cloud approach to encryption eliminates both of these potentially serious weaknesses. 5

Bringing all the pieces together with a unified management portal Symantec Email Security.cloud provides all of the advanced security, data loss prevention, and encryption capabilities you need to embrace new cloud-based email and productivity solutions without compromising security. But Symantec is also working to make sure these pieces work seamlessly together and support other aspects of your cloud security infrastructure. This starts with a unified portal for managing all of your Symantec Email Security.cloud services and capabilities from one location, including security, data protection, and encryption settings and policies. Then, you can extend this same intuitive interface to Symantec Web Security.cloud. This gives you a single, convenient way to configure, manage, and report across all of your communication vehicles, which saves time and gives you a more comprehensive view of your overall security posture. No Patch, No Problem To exploit a new zero-day software vulnerability before it could be patched, a group of attackers emailed a bogus Word document that contained an embedded malformed TIFF image designed to trigger remote and local code execution. To make this threat even more elusive, the attackers targeted a relatively small number of recipients and sent emails with different subject lines and attachment filenames. Symantec Email Security.cloud again supported by a team of analysts proactively identified all of the malicious emails and blocked them before they appeared in their intended targets inboxes. 6

Industry-leading SLAs with guaranteed results It s easy to talk about the advanced security capabilities in Symantec Email Security.cloud. But Symantec also backs these claims with one of the industry s most stringent and aggressive service level agreements (SLAs). Symantec Email Security.cloud is delivered through highly available, top-tier data centers located around the globe. These data centers are highly available, fully redundant, and designed to leave ample headroom for spikes in traffic or unexpected failure conditions. This makes it possible to offer SLAs that include certain money back remedies if world-class performance levels are not met. Complete protection through every step of your transition to the cloud For most organizations, the transition from on-premise to cloud-based email is a gradual one. That s why Symantec Email Security. cloud is built to protect all of the email solutions currently running in your environment, including Microsoft Office 365, Google Apps, other hosted mailboxes, and traditional on-premise email systems like Microsoft Exchange. With Symantec, you can wrap a cohesive, unified, and comprehensive layer of protection around all of these different systems, so nothing slips through the cracks as your email environment changes and evolves. Transition to the Cloud with Confidence As your business explores the advantages of moving to a new generation of cloud-based email and productivity solutions, Symantec is ready to help you make that transition confidently and without making any security compromises. With Symantec Email Security. cloud, you can tap into all of the advanced security technology, global resources, and proven expertise you need to keep your organization safe from today s most advanced and sophisticated email threats and stay a step ahead as those threats continue to evolve. 7

Learn more about Symantec Email Security.cloud Visit our website www.symantec.com/email To speak with a Product Specialist in the U.S. Call toll-free 1 (800) 745 6054 To speak with a Product Specialist outside the U.S. For specific country offices and contact numbers, please visit our website. About Symantec Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments seeking the freedom to unlock the opportunities technology brings anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company operating one of the largest global data-intelligence networks, has provided leading security, backup, and availability solutions for where vital information is stored, accessed, and shared. The company s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/ socialmedia. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 21344128 12/14 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information