Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Similar documents
Payment Card Industry Data Security Standard

Symantec Mobile Security

The Symantec Approach to Defeating Advanced Threats

INFORMATION PROTECTED

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Finding Security in the Cloud

Symantec Messaging Gateway 10.5

Stop advanced targeted attacks, identify high risk users and control Insider Threats

2012 Endpoint Security Best Practices Survey

Symantec Consulting Services

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Web Protection for Your Business, Customers and Data

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

Symantec Endpoint Protection

Cyber Security Services: Data Loss Prevention Monitoring Overview

Symantec Endpoint Protection

Symantec Messaging Gateway 10.6

Symantec Cyber Security Services: DeepSight Intelligence

North American Electric Reliability Corporation (NERC) Cyber Security Standard

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

How To Manage Security On A Networked Computer System

Symantec Endpoint Protection

Unified Security, ATP and more

Symantec Protection Suite Add-On for Hosted and Web Security

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Fighting Advanced Threats

Symantec Encryption Solutions for , Powered by PGP Technology

The Impact of HIPAA and HITECH

You ll learn about our roadmap across the Symantec and gateway security offerings.

Symantec Advanced Threat Protection: Network

#ITtrends #ITTRENDS SYMANTEC VISION

Symantec Messaging Gateway powered by Brightmail

Host-based Protection for ATM's

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

I D C A N A L Y S T C O N N E C T I O N

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

The Cloud App Visibility Blindspot

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Microsoft s cybersecurity commitment

INTRODUCING isheriff CLOUD SECURITY

End to End Security do Endpoint ao Datacenter

Securing Office 365 with Symantec

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Symantec Endpoint Protection Datasheet

The Hillstone and Trend Micro Joint Solution

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Endpoint Protection Small Business Edition 2013?

Comprehensive real-time protection against Advanced Threats and data theft

Breaking the Cyber Attack Lifecycle

Cisco Advanced Services for Network Security

Is Your Vendor CJIS-Certified?

Leveraging a Maturity Model to Achieve Proactive Compliance

Teradata and Protegrity High-Value Protection for High-Value Data

Under the Hood of the IBM Threat Protection System

Integrating MSS, SEP and NGFW to catch targeted APTs

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Top five strategies for combating modern threats Is anti-virus dead?

Symantec Control Compliance Suite. Overview

Protect Your Business and Customers from Online Fraud

Extreme Networks Security Analytics G2 Vulnerability Manager

Safeguarding the cloud with IBM Dynamic Cloud Security

SANS Top 20 Critical Controls for Effective Cyber Defense

Solution Brief: Enterprise Security

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Symantec Mobile Management 7.2

OVERVIEW. Enterprise Security Solutions

Protecting against cyber threats and security breaches

Stay ahead of insiderthreats with predictive,intelligent security

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Devising a Server Protection Strategy with Trend Micro

Trend Micro Cloud Security for Citrix CloudPlatform

Anatomy of a Data Breach Why Breaches Happen and What to Do About It

ENABLING FAST RESPONSES THREAT MONITORING

Enterprise-Grade Security from the Cloud

IBM Security QRadar Vulnerability Manager

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

Secure Your Mobile Workplace

Cisco Advanced Malware Protection

Symantec Mobile Management for Configuration Manager 7.2

Closing the Vulnerability Gap of Third- Party Patching

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Simplify SSL Certificate Management Across the Enterprise

Protecting Your Organisation from Targeted Cyber Intrusion

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

Transcription:

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE 8 SYMANTEC SOLUTIONS 9

INTRODUCTION To protect your organization from a cyber attack, it s important to understand how an attacker goes about stealing sensitive information. Typically, attacks happen in five distinct stages: reconnaissance, incursion, discovery, capture, and exfiltration each uses different tools and techniques. For every stage, however, there are Symantec solutions designed to give your organization robust protection and ultimately prevent the cybercriminal from achieving their goal.

1 RECONNAISSANCE s leverage information from a variety of factors to understand their target including identifying vulnerable servers, insecure applications, or unpatched systems that can be compromised. The building blocks of effective defense: Public 1. T he attacker probes networks and systems to identify weaknesses, making every effort to remain undetected. 2. T he attacker also researches employees to target through publicly available sources. 3. The attacker attempts to compromise them with spam or a phishing attack. 4 Control Compliance Suite (CCS) Monitors servers and other devices for vulnerabilities enabling proactive remediation before an attack occurs. Public 4. Research may also identify frequented websites that can be baited with malware. SSL CERTIFICATES AND VIP Strong authentication and security to validate users, web servers and sites, and prevent fraud or session hijacking. MANAGED SECURITY SERVICES Detects reconnaissance events quickly, identifying users or servers attempting to connect to a malicious site or host limiting the risk of exposure.

2 INCURSION s break into the network, delivering targeted malware to vulnerable systems and people, often without the user being aware they are a target. The building blocks of effective defense: Public Public 1. T he attacker will leverage weaknesses in networks and systems to gain entry. Public 3. Innocent-looking Spear-Phishing emails also contain attachments infected by back-door Trojans. 2. T he attacker may try to fool users into clicking on a malicious web link, or installing a fake application. MANAGED SECURITY SERVICES 24/7 monitoring for early detection of attacks and connections to malicious hosts. WEB SECURITY Protects users browsing the internet from hidden web-based attacks. ENDPOINT PROTECTION (SEP) Advanced security controls detect advanced threats, and combined with Symantec Protection Center, quickly identify abnormal activities including malware outbreaks. MAIL SECURITY Blocks emails containing complex malware hidden in attachments, and other phishing attacks. MOBILE MANAGEMENT SUITE Detects and removes malicious software and applications designed to steal information or analyze internal networks. 5

3 DISCOVERY With access to the network, attackers stay low and slow to avoid detection. They then map the organization s defenses from the inside and create a battle plan for information they intend to target. The building blocks of effective defense: Public 1. A Command-and-Control server is now set up. 2. D ata is trawled and the malware contacts the attacker via Command-and-Control channels. 3. The attacker collates stolen data using malware to transmit logins and passwords as users access key servers. 6 ENDPOINT PROTECTION (SEP) Blocks connections from unknown or unauthorized devices and quickly alerts you to unusual activity. 4. T he attacker leverages stolen data, passwords and logins to map the network, access other systems and identify high value assets. CRITICAL SYSTEM PROTECTION Protects systems and information from unauthorized levels of access by providing granular control and alerting capabilities. ENCRYPTION Uses a platform approach to prevent unauthorized users from accessing privileged information. MANAGED SECURITY SERVICES Identifies and flags unusual events, as well as internal hosts that are behaving suspiciously or trying to connect to malicious hosts.

4 CAPTURE s access unprotected systems and capture sensitive information from those systems that have proven vulnerable to compromise. They may also install malware to secretly acquire data or disrupt operations. The building blocks of effective defense: C & C Drop 1. The attacker has identified the location of high value assets. 2. They then work to gain access to systems they have breached so they can steal this information. CRITICAL SYSTEM PROTECTION Locks down critical systems, and blocks unusual behavior to prevent servers being compromised. IT MANAGEMENT SUITE Keeps systems up to date and patched, and detects unknown and suspicious systems. DATA LOSS PREVENTION (DLP) SOLUTIONS Detects sensitive information as it is stored or moved, preventing it from being copied, and also removes information if it is in the wrong location. 3. The attacker sets up an external drop server. 4. Then they copy the desired data to a temporary on-premise staging server. 7

5 EXFILTRATION Captured sensitive information is sent back to the attack team s home base for analysis and further exploitation. The building blocks of effective defense: Drop Drop Drop 1. T he desired data is already waiting on the temporary on-premise server. 2. T he attacker uses a tool to encrypt the credentials and sensitive data. 3. This data is then exfiltrated to the external drop server. 8 DATA LOSS PREVENTION (DLP) NETWORK Inspects outbound streams for potential information loss or theft, and prevents the data from being transmitted. Drop Drop 4. F rom here, the attacker is free to do what they will with the stolen data. DEEPSIGHT SECURITY INTELLIGENCE Gives additional insight into the internet hosts these information streams are being transmitted to.

DISCOVER HOW SYMANTEC SOLUTIONS CAN HELP For each stage of a cyber attack, Symantec offers solutions which work equally effectively as point products or as part of a comprehensive defense that gives your organization robust protection, and prevents the cybercriminal from achieving their goal. 9

symantec security solutions Control Compliance Suite Managing IT risk and compliance in today s enterprise is challenging. As a security leader, you face a growing number of business and regulatory drivers, an evolving threat landscape, and increasingly complex IT infrastructures. Symantec Control Compliance Suite helps you address these challenges by providing a solid framework on which to build your IT Governance, Risk, and Compliance program. Control Compliance Suite allows you to communicate IT risk in business-relevant terms, prioritize remediation efforts based on a composite view of risk, and automate assessment processes to improve your overall security and compliance posture. SSL Certificates and VIP Symantec s strong authentication solutions provide convenient, secure, cloud-based two-factor user authentication and public key infrastructure (PKI) services for protecting online identities and interactions between consumers, business partners, and employees. Web Security Symantec s Web Security family of products includes best-of-breed on-premise solutions as well as leading cloud-based solutions. Together they protect organizations from web-borne threats and enable the control, monitoring and enforcement of Web Acceptable Use Policies. Automatically updated anti-malware layers block threats safely away from your network while URL filtering policies and Web traffic quota limits reduce Web misuse and help protect your bandwidth. Powered by Insight, Symantec s innovative reputation-based malware filtering technology; the Symantec Web Gateway relies on a global network of greater than 210 million systems to identify new threats before they cause disruption in organizations. DeepSight Security Intelligence Symantec DeepSight Early Warning Services enable organizations to enhance security and take proactive control of the integrity of their information. DeepSight helps customers align risk profiles with the shifting threat landscape by delivering tailored information, analysis, mitigation strategies, and recommended best practices for known and emerging threats and vulnerabilities. With personalized notification triggers and expert analysis, DeepSight gives organizations the ability to prioritize IT resources, protect critical information assets against potential attacks, mitigate threats, and remove security risks. The Symantec Global Intelligence Network (GIN) offers an unparalleled source of Internet threat data to help identify new and evolving threats. The Symantec GIN has more than 240,000 sensors in over 200 countries monitoring attack activity, and more than 133 million systems providing malicious code intelligence. Symantec also maintains a comprehensive vulnerability database, with more than 40,000 recorded vulnerabilities. Critical System Protection Leading organizations leverage Symantec Critical System Protection to secure their physical and virtual data centers. Delivering host-based intrusion detection (HIDS) and intrusion prevention (HIPS), Symantec provides a proven and comprehensive solution for server security. Achieve complete protection for VMware vsphere, stop zero-day and targeted attacks, and gain real-time visibility and control into compliance with Symantec Critical System Protection. Data Loss Prevention Symantec Data Loss Prevention (DLP) is an enterprise content-aware data loss prevention solution that discovers, monitors, and protects confidential data wherever it s stored or used across your network, storage, and endpoint systems. 10

Mobile Management Suite Symantec Mobile Management Suite is a comprehensive mobile business enablement solution designed to address a diverse set of enterprise mobility needs. With scalable device management, innovative application management and trusted threat protection technology, Mobile Management Suite provides all the capabilities needed for enterprises to enable, secure, and manage mobile devices, applications, and data. Endpoint Protection Symantec Endpoint Protection is built on multiple layers of protection, including Symantec Insight and SONAR, both of which provide protection against new and unknown threats. Built for virtual environments, it can integrate with VMware vshield Endpoint for dramatically improved performance. Symantec Endpoint Protection includes the latest features for improved security, performance, and management. Encryption Symantec s encryption solutions enable organizations to deliver data protection with centralized policy management through the optional use of Encryption Management. Our solutions provide standardsbased technology, centralized policy management, compliance-based reporting, and universal management for endpoints, email, and filebased encryption products. IT Management Suite Altiris IT Management Suite is a suite of integrated products that help IT organizations to provide a faster and more predictable service to their business. The suite enables this by ensuring that organizations management infrastructures can easily support new technology changes, can quickly adapt to changing processes and business needs, and can provide the necessary insight to make more intelligent, data-driven decisions. Managed Security Services Symantec Managed Security Services extends this approach and enables organizations to build and sustain a resilient incident management program delivered as a service. Symantec offers the global presence and scale to satisfy even the largest enterprises. Symantec Managed Security Services give you 24x7 access to our world-class team of over 500 security professionals in four Security Operations Centers and 11 Security Response Centers around the world. The Symantec team is staffed by GIAC certified analysts and CISSP credentialed engineers. This team is a key source of the threat information that is collected in the Symantec Global Intelligence Network. Security Symantec s Security family of products includes best-of-breed on-premise solutions as well as leading cloud-based solutions. Together, they offer customers the strongest protection along with the flexibility and choice of form factors. 11

ABOUT SYMANTEC Symantec protects the world s information and is the global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our industry-leading expertise in protecting data, identities, and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at go.symantec.com/socialmedia For specific country offices and contact numbers, please visit our website. go.symantec.com/cyber-readiness Symantec Corporation 350 Ellis Street Mountain View, CA 94043 United States Phone: +1 650-527-8000 Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information