新的赛门铁克 新的奋斗目标 郭尊华 赛门铁克企业副总裁 大中国区总裁
DESCRIPTION
新的赛门铁克 新的奋斗目标 郭尊华 赛门铁克企业副总裁 大中国区总裁. 信息化是中国乃至全球经济发展的驱动力. 要有效地使用信息,就必须相信信息。 要相信信息就必须保护信息的安全。 要使用信息就必须使信息可用。 要保护信息的安全,就必须对其进行管理。 要管理信息,就必须有科学的方法和手段。. 中国国家有关领导指出:信息安全是 国家的根本利益 ,必须引起高度重视,构建我国国家信息安全战略刻不容缓. 今天我们的定位. 在40多个国家拥有14,000多名能干的员工 全球第4大独立软件公司 发展最快的大型软件公司(超过30亿美元) - PowerPoint PPT PresentationTRANSCRIPT
新的赛门铁克 新的奋斗目标郭尊华赛门铁克企业副总裁大中国区总裁
2
信息化是中国乃至全球经济发展的驱动力 要有效地使用信息,就必须相信信息。要相信信息就必须保护信息的安全。要使用信息就必须使信息可用。要保护信息的安全,就必须对其进行管理。要管理信息,就必须有科学的方法和手段。 中国国家有关领导指出:信息安全是国家的根本利益,必须引起高度重视,构建我国国家信息安全战略刻不容缓
3
今天我们的定位在 40 多个国家拥有 14,000 多名能干的员工全球第 4 大独立软件公司发展最快的大型软件公司(超过 30 亿美元)覆盖范围广:从普通消费者到中小型企业和大型企业强大的渠道:遍布全球的合作伙伴和系统集成商网络集成服务:评估、咨询、培训、支持、预先提醒和安全外包
Symantec Worldwide
4
Symantec and VERITAS have helped customers in complementary ways
Symantec ensures the security of information Mitigating external risks that attack a company and its
information assets
VERITAS ensures the availability of information Mitigating internal risks to a company’s ability to operate
by ensuring its information assets are always usable
5
我们是谁?我们做什么?我们为何要关注?我们的远景 在相互连接的世界中,人们应当能够自由地工作和娱乐。我们的使命 提供人员、产品和流程,帮助确保信息完整性。我们的承诺 您可以充分相信,赛门铁克将保护您的信息的完整性,帮助确保其安全性和可用性。
我们的价值观 创新、行动、客户驱动、信任( IACT )
客户体验 放心
6
CIO 首要考虑的问题将精力集中于盈利计划 为客户提供更多的服务, 72% 的 CIO 将此列为首要考虑的问题 增加收入, 49% 的 CIO 将此列为首要考虑的问题
降低 IT 成本和复杂性 有 39% 的 CIO 表示预算没有增加 近一半的 CIO (43%) 继续将降低成本作为首要考虑的问题 几乎全部的 CIO (81%) 将降低整体复杂性作为首要考虑的问题
减轻 IT 风险 安全, 84% 的 CIO 将其作为首要考虑的问题 可用性,超过半数的 CIO (59%) 已有在业务连续性计划的预算 遵从性风险,几乎全部的 CIO (86%) ,打算在截止日期前完全遵从要求
CIO Priorities
* CIO Insight, 30 strategies for the year ahead, ZD publishing
7
运营成本 运营成本 运营成本
$
时间
IT 预算
创新创新
创新
CIO 的机会 : 创新
CIO Opportunity
8
在成本与风险间进行平衡
网络 应用程序 数据库 服务器 存储
成本成本 风险风险
CIO Objective
安全可用性性能
客户端
复杂度
安全威胁业务连续性 法规遵从
9
访问 风险
10
信息不安全时,业务将面临风险
Security Risk
11
Overview of Security
Personnel Security Physical
Security
Information Security
12
Information Security
PolicesProcedures
Technology
13
Information Security Products & Services
HardwareSoftware
Services
Professional Services
Managed Security Services
Educational Services
14
Confederations Are CommonCriminals act as general contractors. The recruit or hire hackers who develop malicious code.
Spammers are recruited to send malicious code.
Bot-network operators use the malicious code to take over systems to coordinate attacks and provide more means of distribution.
Phishers attempt to steal names and identities.
Each participant gets compensated for their efforts.
15
Blended threats
Traditional viruses use one method of infection
“Blended Threats” combine different methods of infection
Attack your system on many different fronts simultaneously
Examples include: CodeRed, NIMDA, SQL Slammer,
BugbearSPAM as the delivery vehicle for malicious code.
Malicious code seizes machine turns into Netbot.Control of Netbots sold to Extortionists who threat a
Denial of Service Attack.
16
Calgary, Canada
Over 4,300 Managed Security Devices + 120 Million Symantec Systems Worldwide
Redwood City, CA
Santa Monica, CA
Dublin, Ireland
Newport News, VA
Waltham, MA
Orem, UT/American Fork, UT
Taipei, Taiwan
Springfield, OR
San Francisco, CA
Alexandria, VA
London, England
Munich, Germany
Tokyo, Japan
Sydney, Australia
5 Symantec
SOCs
+ 61 + Symantec 间空的国家和地区 + 6 Symantec 安全响应实验室来自 180 国家超过 20,000 注册的 Sensor
++ 29 全球性的支持中心
Mountain View, CA
Roseville, MN
Heathrow, FL
Boston, MA
Austin, TX
Buenos Aires, Argentina
Reading, England
Paris, France
Madrid, Spain
Milan, Italy
Or-Yehuda, Israel
Pune, India
Beijing, China
Seoul, Korea
Singapore, Singapore
赛门铁克建有全球有最大的威胁监测系统和机制
17
The Symantec Internet Security Threat ReportBased on one of the world’s largest sources of security data. 500 Symantec Managed Security Services customers 20,000 sensors worldwide monitoring network activity in 180
countries 120 million client, server, and gateway antivirus systems 11,000-entry vulnerability database Symantec Probe Network with over 2,000,000 decoy accounts
attracting spam and phishing email from 20 different countries from around the world.
Provides a comprehensive view of what the state of Internet security looks like today.
18
ASR Trends - Spam Growth• Based on data returned from the Symantec Probe Network, over 60% of all email traffic between July 1 st and December 31st 2004 was considered Spam.• During the current reporting period there was a 77% growth in the amount of Spam that Symantec saw in the companies it monitored.•Weekly totals of Spam went from an average of 800 million spam messages per week to well over 1.2 billion by the end of the current reporting period.
Source: Symantec Corporation
Billions
19
The future: solutions
AV on its own isn’t enough Blended threats require “blended protection: firewalls, content filtering, intrusion
detection, vulnerability management Integrated and centrally managed solutions becoming more important than the
individual solution itself--information needs to move faster
Better threat intelligence Need to respond before or just as the threat breaks
Proactive “blocking” technologies more important Shift from simple response to prevention and automatic remediation More research necessary into heuristic and behaviour blocking technologies Patch management becoming critical Intrusion prevention technology
• e.g. technology to block buffer overflows from being exploited
20
信息不可用时,业务也将面临风险
Traditional Risk
21
信息面临风险时,后果不堪设想
Consequences
数十亿美元的收入损失,数百万美元的停工损失 ,数百万美元的数据损失
22
解决方案:信息安全性和信息可用性必须合并
自动化 性能可用性
应用程序服务器
存储
Convergence
网络
客户端
安全性
23
推进融和的业界领先者
Driving Convergence
可用性软件的领先提供者
信息可用性+ =信息安全
安全软件的领先提供者
信息完整性
24
Symantec and VERITAS are Uniquely Positioned
Security Infrastructure and Management Defence-in-depth protection against attacks
Storage Management Storage utilisation/administration
Data Management Protection and recovery of data
Application Service Management Optimise applications and system performance
Insight Knowledge allows intelligent action
Information Integrity
25
跨越所有主要安全和可用性类别的业界领导者Storage Software Backup & Recovery
Storage Management Vulnerability Mgmt Secure Content Mgmt
Security Software
Leadership
Source: Gartner, IDC
26
Thank You
28
Information Security Laws & Standards (A sampling)
International Standards – ISO 17799Regional Treaties, Standards, etc. Basel II, EU Computer Crime Treaty,
Federal Laws Personal Information Protection Electronic Documents Act (Canada) Sarbanes Oxley, FISMA (US)
State, Province, Prefecture, County, City, Local California Senate Bill 1386 (US) Freedom of Information and Protection of Privacy Act
• Ontario, CanadaLaws for Particular Industries Health Care Finance Electrical Power
29
A More Holistic View of Information Management
The powerful new Symantec can…
Help customers prevent an attack… quickly recover in the event of a disruption…and make IT systems run more efficiently
Which helps customers to...
Build a resilient infrastructure for their organisations
flexible enough to respond to changing business needs rigid enough to withstand an attack or disruption