Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1
Find the needle in the security haystack Manually deep dive into logs, or manage your risk with confidence? As we saw in the two previous sessions your servers and clients are under continuous attack. Most companies today have experienced incidents with malware, and many are even unaware that they have malware infected clients and servers in their network. This session will show how, related to the sessions above, one can automate and streamline analysis, correlation, alerting and reporting of incidents and deviations. Technology Day Oslo 2
Haystacks in the old days... Technology Day Oslo 3
Modern Haystacks Technology Day Oslo 4
Haystacking... Technology Day Oslo 5
Where is the needle... Technology Day Oslo 6
And more advanced threats Technology Day Oslo 7
IT Analytics for Symantec Endpoint Protection Technology Day Oslo 8
What is IT Analytics? Leverages Business Intelligence Expands on Traditional Reporting Leverages OLAP Cubes Utilizes Standard Technologies Advanced ad-hoc data-mining Analyze Trends and historical information Graphical dashboards and easy reporting User friendly custom reports Export to multiple formats Pivot tables and charts Business intelligence via multi-dimensional data exploration SQL 2005/2008 Analysis Services & Reporting Services Technology Day Oslo 9
Product Overview Alerts Cube 1 Traditional Reporting 2 IT Analytics 3 Robust Graphical Dashboard 4 Multi-Dimensional Ad-hoc/Pivot Table Reporting 5 Pivot Chart Functionality with Excel Export Technology Day Oslo 10
Client Dashboard Technology Day Oslo 11
Virus Alert Trend Report Technology Day Oslo 12
Scan Cube Pivot Table Technology Day Oslo 13
Key Performance Indicators Technology Day Oslo 14
Security Information & Event Management (SIEM) with Symantec Security Information Manager (SSIM) Technology Day Oslo 15
Aggregate and Prioritize Central Visibility to Critical Threats Reduced Prioritization Number of Prioritized Alerts Reports Remediation Incidents Data Normalized into Common Formats Aggregation and Correlation Multiple Data Sources Technology Day Oslo Network Access Control Device and Application Control Firewall Intrusion Prevention Millions of Unprioritized Antivirus Events Other log data 16
Symantec Security Information Manager All Inclusive Solution Collectors Syslog Windows Events Intrusion Prevention Firewall Other sources Universal Collector Infrastructure Components Correlation Manager Manager Console Pre-built Queries LiveUpdate Service Log Archiving Reports and Dashboards 150+ Pre-defined Reports Optional Intelligence Feed (GIN) Technology Day Oslo 17
Managed Security Services (MSS) with Symantec Technology Day Oslo 18
MSS is Making Security Simple The Symantec Difference Protect our customers proactively Provide actionable information relevant to Business Context Increase detection through Edge to Endpoint Visibility Service Governance to ensure mature, consistent delivery Provide a World Class Customer Engagement Share the unique perspective of our Global Intelligence Technology Day Oslo 19
The Keys to Successful Security Monitoring: Edge to Endpoint Visibility Network IDS Alerts Limited to activity identified by IDS vendor signatures Limited 0-day threat detection Endpoint Protection: Firewall Analysis Endpoint Protection: Host IDP Alerts Endpoint Protection: AV Alerts Network IDP Alerts Firewall Logs Increased trending capability Scan detection Emerging threat and early warning indicators Web Proxy Analysis: URL Reputation Proxy Logs Reputation-enabled analysis Identification of malicious web based activity Web Proxy Analysis: Custom Threat Signatures Firewall Analysis: Scan Detection Endpoint Alerts Confirmation of attack status Identification of malicious user activity. Firewall Analysis: Anomalous Traffic Detection Firewall Analysis: IP Reputation Firewall Analysis: Hot IP Detection Technology Day Oslo 20 20
Successful Monitoring: People, Process, Technology Web Proxy Endpoints OS & Apps Progressive Threat Model Expert Query Engine IDS Relational Database Data mine Security Analyst Firewalls Identification Validation Classification Incidents Escalated Technology Day Oslo 21
Security Operations Centers Reading, Chennai, Sydney, Hemdon Technology Day Oslo 22
Homepage Technology Day Oslo 23
Dashboard Technology Day Oslo 24
Search for Logs Managed Security Services (MSS) Logs Query Technology Day Oslo 25
Reporting Managed Security Services (MSS) Technology Day Oslo 26
Symantec Protection Center (SPC) Technology Day Oslo 27
Symantec Protection Center Solution Overview SPC Mobile Executive Security Dashboard Roles-Based Dashboards & Reports Security Metrics Symantec Connectors Business Asset System Central Data Repository Security Workflows 3 rd Party Connectors SPC Enterprise Data Collection and Analytics Platform Technology Day Oslo 28
Symantec Protection Center Enterprise Key Benefits Provide business centric analysis of security information Ensure a complete view by integrating your entire security portfolio Quick deployment with prebuilt security metrics and connectors Provide a central solution for roles based information sharing Automate security remediation via action plans Technology Day Oslo 29
From this... Technology Day Oslo 30
To this... Technology Day Oslo 31
To this with Symantec Protection Center Technology Day Oslo 32
Summary Be more PROACTIVE against advanced external threats Soft Appliance (on premise) Symantec Security Information Manager (SIEM) to manage/prioritize INTERNAL policies/rules Symantec Managed Security Services (MSS) to help you manage/prioritize EXTERNAL Threats Use HYBRID Solution when you need to do both internal policy/rules reporting and manage external threats Present security LEVEL to the business with Symantec Protection Center Technology Day Oslo 33
QUESTIONS? Technology Day Oslo 34
Symantec Protection Center Summary Executive Security Dashboard Evolving Threats Tablet based view of security metrics Facilitates communication with both IT and business peers Consolidates security data and applies advanced correlation and analysis Integrates DeepSight threat intelligence Better Intelligence Better Security Decisions Relevant to Business Boardroom Scrutiny Connect security information to business assets Clearly communicate key metrics by business Broad range of supported solutions Pre-built connectors and metrics for quick integration Fast, Flexible Integration Technology Day Oslo 35
DEMO Symantec Protection Center Mobile Technology Day Oslo 36
Technology Day Oslo 37
Technology Day Oslo 38
Technology Day Oslo 39
Technology Day Oslo 40
Find the needle in the security haystack Manually deep dive into logs, or manage your risk with confidence? As we saw in the two previous sessions your servers and clients are under continuous attack. Most companies today have experienced incidents with malware, and many are even unaware that they have malware infected clients and servers in their network. This session will show how, related to the sessions above, one can automate and streamline analysis, correlation, alerting and reporting of incidents and deviations. Technology Day Oslo 41
Kontakt oss på: Symantec Brukerforum http://www.symantec.com/connect Symantec Norge på Facebook http://www.facebook.com/symantecnorge Norton Norge på Facebook http://www.facebook.com/nortonnorge Symantec Norge på Twitter http://twitter.com/symantecnorge Lisenser og Support Tips: rapporter på web - ring etterpå http://my.symantec.com/ Technology Day Oslo 42
Technology Day Oslo 43
Thank you! Gunnar Kristian Kopperud gkopperud@symantec.com +47 480 18 908 Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Technology Day Oslo 44