symantec: čas přítomný a budoucí
Post on 21-Feb-2017
178 Views
Preview:
TRANSCRIPT
„Nový“ SYMANTEC: čas prítomný a budúci
Ján Kvasnička
Senior Pre-Sales Consultant, Czech Republic and Slovakia
O čom bude dnes reč
1 ISTR č.21 – IT bezpečnosť v r. 2015
2 Stratégia Symantec
3 Roadmapy (produktové plány)
4 Otázky
Copyright © 2014 Symantec Corporation2
Internet Security Threat Report č. 21
Copyright © 2014 Symantec Corporation 3
Copyright 2016, Symantec Corporation
V r. 2009 bolo vytvorených
2,361,414nových škodlivých kódov.
to znamená
1 milión 179 tisícdenne.
v r. 2015 tento počet vzrástol na
430,555,582
2016 Internet Security Threat Report Volume 21 4
Copyright 2016, Symantec Corporation
2006
14
2007 2008 2009 2010 2011 20120
2
4
6
8
10
12
14
16
13
15
9
12
14
8
Zraniteľnosti nulového dňa
2013 2014
2423
2015
54
2016 Internet Security Threat Report Volume 21 5
Copyright 2016, Symantec Corporation
2012 2013 2014
• Počet adresátov• na kampaň
• Priemerný počet• emailových útokov• na kampaň
• Počet kampaní
2016 Internet Security Threat Report Volume 21 6
2015
Kampane cielených útokov
300
600
900
1,200
1,500150
120
90
60
30
12
2529
122
111
2318
11
1,305
841779
408
55% nárast
Copyright 2016, Symantec Corporation 2016 Internet Security Threat Report Volume 21 7
Industry Detail Distribution Attacks per Org % Risk in Group*
1 Finance, Insurance, & Real Estate 34.9% 4.1 8.7%
2 Services 21.6% 2.1 2.5%
3 Manufacturing 13.9% 1.8 8.0%
4 Transportation & Public Utilities 12.5% 2.7 10.7%
5 Wholesale Trade 8.6% 1.9 6.9%
6 Retail Trade 2.5% 2.1 2.4%
7 Public Administration 2.0% 4.7 3.2%
8 Non-Classifiable Establishments 1.6% 1.7 3.4%
9 Mining 1.4% 3.0 10.3%
10 Construction 0.7% 1.7 1.1%
11 Agriculture, Forestry, & Fishing 0.2% 1.4 2.0%
Non SIC Related Industries
Energy 1.8% 2.0 8.4%
Healthcare 0.7% 2.0 1.1%
Najčastejšie priemyselné odvetvia cielených spear-phishing útokov
*NB: The Risk in Group figure is a measure of the likelihood of an organization in that industry being attacked at least once during the year. For example, if there are 100 customers in a group and 10 of them were targeted, that would indicate a risk of 10 percent.
Copyright 2016, Symantec Corporation
ŠIFROVANÝ RANSOMWARE
“ZAPLAŤ A MY TI ODŠIFRUJEME DISK”
ZÁMOK
„POKUTA”
FALOŠNÝ ANTIVÍRUS
“ZAPLAŤ ZA VYČISTENIE POČÍTAČA“
APLIKÁCIE
“ZAPLAŤ A MY APLIKÁCIU OPRAVÍME“
2014-20152012-20132010-2011
Ransomware - vývoj v čase
2005-2009
2016 Internet Security Threat Report Volume 21 8
Copyright 2016, Symantec Corporation 2016 Internet Security Threat Report Volume 21 9
Rodiny ransomware
• Android• Linux• OSX
Copyright 2016, Symantec Corporation 2016 Internet Security Threat Report Volume 21 10
Blokované podvodné linky na technickú podporu
16 miliónov
Copyright 2016, Symantec Corporation
Dridex Gang – počet známych spamových útokov za deň
2016 Internet Security Threat Report Volume 21 11
Copyright 2016, Symantec Corporation
Keď kybekriminálnici
pracujú v call centrách, vytvárajú dokumentáciu a majú voľné víkendy,
potom viete, že je to profesia
122016 Internet Security Threat Report Volume 21
Copyright 2016, Symantec Corporation
5 podstatných informácií pre pamäť:
1 V r. 2015 bol v priemere zistený jeden útok nulového dňa týždenne
2 Viac ako pol miliardy osobných údajov stratených v dôsledku útokov
3 Tri z každých štyroch webových stránok vás vystavujú riziku
4 Šifrovanie je teraz používané ako kybernetická zbraň na držanie kritických dát spoločností a jednotlivcov ako rukojemníkov
5 Nevolajte nám, my vám zavoláme: kybernetickí podvodníci vám teraz zavolajú, aby ste im zaplatili
2016 Internet Security Threat Report Volume 21 13
Stratégie Symantec
Copyright © 2014 Symantec Corporation 14
SYMANTEC PODNIKOVÁ BEZPEČNOSŤ | PRODUKTOVÁ STRATÉGIA
Users
Data
Apps
Cloud
Endpoints
Gateways
Data Center
Platforma Unified Security Analytics
Log andTelemetryCollection
Unified IncidentManagement and Customer Hub
Inline Integrationsfor Closed-loopActionable Intelligence
Regional and Industry Benchmarking
Integrated Threatand BehavioralAnalysis
Ochrana proti hrozbám
KONCOVÉ BODY DÁTOVÉ CENTRÁ BRÁNY
• Advanced Threat Protection Across All Control Points• Built-In Forensics and Remediation Within Each Control Point• Integrated Protection of Server Workloads: On-Premise, Virtual, & Cloud• Cloud-based Management for Endpoints, Datacenter, and Gateways
Ochrana informácií
DÁTA IDENTITY
• Integrated Data and Identity Protection• Cloud Security Broker for Cloud & Mobile Apps• User and Behavioral Analytics• Cloud-based Encryption and Key Management
Služby kybernetickej bezpečnostiMonitoring, Incident Response, Simulation, Adversary Threat Intelligence
STRATÉGIA OCHRANY PRED HROZBAMI
SIEŤ/ BRÁNY DÁTOVÉ CENTRÁ
ATP
KONCOVÉ BODY• Pokročilá ochrana proti hrozbám na kontrolných bodoch (ATP)
• Vstavaná forenzná analýza a náprava v rámci každého kontrolného bodu
• Integrovaná ochrana serverov fyzických, virtuálnych a v cloude
• Riadene pre koncové body, dátové centra a brány v cloude
STRATÉGIA OCHRANY INFORMÁCIÍ
DÁTA PRÍSTUP
Cloud Security Broker
IDENTITIY• Rozšírená ochrana dát a identít bez ohľadu na to, kde sídlia: lokálne, na mobilných zariadeniach či v cloude
• Jednotné SSO a riadenie prístupu bez ohľadu na to, kde aplikácia sídli: lokálne, na mobilných zariadeniach, či v cloude
• Integrovaná analýza správania sa použivateľa a aplikácií, detekcia a prevencia vnútorných a vonkajších pokročilých perzistentných hrozieb
OCHRANA PROTI HROZBÁM: OSVEDČENÉ A INOVATÍVNE TECHNOLÓGIE
DETEKČNÉ NÁSTROJE OCHRANNÉ NÁSTROJE
Detonácia
Cynic
Cloud based sandboxing and
detonation engine for
malware analysis
Korelácia
Synapse
Correlates security events
across the control points
Blokovanie hrozieb
PEP
Blocks exploits of known & unknown
vulnerabilities
Behaviorálna analýza
SONAR
Finely tuned engine that enables flight
recorder-like system monitoring
Prediktívnaanalýza
Skeptic
Uses predictive analysis,
heuristics, and link following
to find targeted threats
Reputačná analýza
Insight
Determines the safety of files & websites using the “wisdom of
crowds”
SLUŽBY KYBERNETICKEJ BEZPEČNOSTI: PREHĽAD KĽÚČOVÝCH MOŽNOSTÍ
SLUŽBBY MONITOROVANIA BEZPEČNOSTI
ODPOVEĎ NA INCIDENTY & SIMULÁCIE
SLUŽBY BEZPEČNOSTNEJ INTELIGENCIE
• Key technology IP for log collection, analytics, and incident investigation
• Tailored to customer maturity/industry
• High-touch 24x7 service model
• Integration with next gen security infrastructure to detect advanced threats
• Global team with extensive experience in forensics investigation
• Emergency/Retained/Managed options
• Integrated with SOCs to provide end to end service
• Realistic live fire training missions delivered as a SaaS solution
• Global Intelligence Network
• Early warning Portal
• Adversary threat intelligence
• Integrated IoCs from internal and external feeds
Global team of 500+ threat and intel experts with unique knowledge of attack actors;Supported by Cloud-based Big Data analytics infrastructure
Služby DeepSight – reálny portál
Roadmapy (produktové plány)
Copyright © 2014 Symantec Corporation 20
Legal Disclaimer
Copyright © 2016 Symantec Corporation 21
• Please note that this information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.
• This version is only valid up to May 31, 2016
Symantec Endpoint Protection 12.1.6 MP4
22
Release Objective• Fix Customer defects• Provide incremental functionality improvements
Value Proposition• Address short term customer pain points
Target• New and existing SEP customers
GUP throttling
• Improves Performance
SEP for Public Clouds – Phase 1
• SEP deployed in the Amazon Apps Market Place
Ship Date: March 2016
Release Highlights
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Endpoint Protection 12.1.6 MP5
23
Release Objective• Fix Customer defects• Provide incremental functionality improvements
Value Proposition• Address short term customer pain points
Target• New and existing SEP customers
• Customer Defect Fixes
• AWS – FCP licensing
• ESX 6.0 Support
• RSA 8.1 Support
• Support for additional Kernels of Linux for Bosh and IBM
• Compatibility with Windows Server 2016
• Compatibility with Windows 10 Redstone
Planned GA: June 2016
Release Highlights
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Endpoint Protection 14.0
24
Release Objective• Enhanced EDR/ATP integration, system lock down
capability.
Value Proposition• Enhanced EDR & ATP integration
Target• New and existing SEP customers
Extended Mac Support• Mac Device Control
Total Cloud Protection - Patented technique: all of our cloud intelligence
available to every scan, reduced def size on disk
EDR/ATP Integration
• Move from heartbeat driven trigger to event driven trigger (improves search, quarantine, remediation)
• Enhanced client side data collection via SONAR
SEP Visibility Framework
Planned GA: 2H CY 2016
Release Highlights
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Unified Endpoint Protection v1.0/CA
25
Release Objective• Initial release of a cross device cloud-based
security and management that delivers easy to use sophistication
Value Proposition• Single Cloud Console• Security and Basic Management across platforms• User Centric Policy
Target• Initial focus on small to medium sized
organizations with a generalist IT admin• Fulfill enterprise security and basic management
for BYOD use cases
Release Highlights
End-User Self-service • Device self enrollment
• Auto-config for email
• End user un-enrollment
Endpoint Management• Endpoint protection (Win, Mac, Android)
• Centralized monitoring and alerting
• Basic Management and Configuration
• Dashboards and KPI
• Azure Directory Services Integration
• Device and application Inventory
Platforms: Mac, Win 7/8/10, iOS, Android
Ship Date: December 2015
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Unified Endpoint Protection v2.0
26
Release Objective• Enhanced release of a cross device cloud-based
security and management that delivers easy to use sophistication in addition to Endpoint Management/Security for the Enterprise
Value Proposition• Single Cloud Console• Security and Basic Management across platforms• User Centric Policy• Endpoint Management + Security for the
Enterprise
Target• Initial focus on small to medium sized
organizations with a generalist IT admin• Fulfill enterprise security and basic management
for BYOD use cases
Release Highlights
Endpoint Management + Security• Native encryption key management add-on
(Mac & Windows)• Improved enterprise capabilities
• Protection – Server support, scheduled scans
• Security Management –
• v2 - Remote actions, ITMS connector, W10 MDM v2.5 – Wifi, Unified Android Agent, Apple DEP, security-only mode
• Custom Alerts
Order Management Integration• API for online/auto-provisioning
Uptime Availability at 99.5
• Multi Data Center support
• EMEA Data center
• Multi Partition Support (Scalability)
Platforms: Mac, Win 7/8/10/10 Phone, iOS, Android
Planned GA: June/July 2016 (U.S.); 2H 2016 (Global)
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Advanced Threat Protection v2.0 (General Availability)
27
Release Objective• Provides an integrated platform
that ties the endpoint presence to network detections and callback for faster, easier, and more powerful detection, investigation and response
Value Proposition• Symantec ATP enables customers
with network to endpoint visibility, to prioritize & focus on what is important, investigate efficiently, contain easily and remediate without calling desktop ops
Target• Initial focus on SEP or ESS
customers, struggling with manual correlation, investigation and response
Platform
• Unified network and endpoint console
• Incident management, investigation, visualization
• Common search, event list, & shared blacklisting
• Basic Search capability (reg key, file hash, URL etc)
• User context event enrichment (for SEP managed only)
• Deepsight intelligence context enrichment
Endpoint, Network & Email
• Virtual appliance leverages SEP agent
• Investigation / hunting for IoCs
• Get a file from an endpoint for additional inspection
• Endpoint quarantine
• Remediation – file removal by hash, file blacklist
• support (Network and Endpoint)
• Identification of suspicious files on endpoints
• Improved visibility into all endpoint convictions
http://www.symantec.com/atp-network/
Ship Date: December 2015
Release Highlights
Release StatusCopyright © 2015 Symantec CorporationRelease Status Shipped Execution
Symantec Advanced Threat Protection v2.0.1
28
Release Objectives• Increase the value of endpoint to
network correlation by enhancing features at both control points
Value Proposition• Symantec ATP is leveraging existing
investments in security that customers have already made
Target• SEP and ESS customers that have a
need for powerful visibility across their environment, without deploying a new agent
Q1 – March RTM (Shipped)
• Support release for in field customer deployments
Q2 – May RTM
• Reporting capabilities, Executive summary
• Network Inline deployment modes (Monitoring and inline block)
• MoPS certification of all appliance form factors
• Enhanced EDR Abilities:
• Output of behavioral actions observed on the machine
• STIX import, search
Ship Date: March &Planned GA: May 2016
Release Highlights
Release Status PlanningRelease Status Shipped ExecutionCopyright © 2015 Symantec Corporation
Symantec Advanced Threat Protection (Versionless)
29
Release Objectives• Open up and share ATP event data
as a platform to leverage a customer’s existing investments in security, and enhance Endpoint IR investigations with flight recorder
Value Proposition• Symantec ATP powers the ability to
“work with” your other security investments, drive your IR investigations, and auto-handle high fidelity incidents built on the security expertise that s Symantec
Target• SEP and ESS customers that have a
need for powerful visibility, detection, and response across their environment
Q3 – Sep RTM
• ATP Platform APIs
• Integration with Splunk
• Integration with Service Now
• Support for >100K endpoints
• Data storage scaleout
• Integrate Web.cloud into ATP Platform (coverage for roaming endpoints, HTTPS, etc)
• TAA identification and IOC feed with endpoint query enhancing STIX (URL, IP, reg key)
• Versionless SKU
Planned GA: CY Q3 2016
Release Highlights
Release Status PlanningRelease Status Shipped ExecutionCopyright © 2015 Symantec Corporation
Symantec Mobility Suite v5.4 & v5.4.1
30
Release Objective• Enhance Enterprise capabilities• Deliver latest mobile platform support
Value Proposition• Broader Platform support – including iOS 9,
Windows Phone 10 Beta and Android M Beta • Wider Marketplace availability
Target• Enterprise mobile admin• MSP’s/ Teclo’s
Release Highlights
Mobile Management (5.4)
• Localized Admin Console (JP)
• Platform support: iOS 9
• Parallels/ODIN Integration
• Granular Device Policy Targeting
Mobile Management (5.4.1)
• Android M Support
• Customer Issues
End-User Experience
• Workforce Apps:
• Platform Support: Android L
• customer issues and minor enhancements
• Touchdown: Venus (Android Redesign) Alpha
Ship Date: September 2015 (5.4) & October 2015 (5.4.1)
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Mobility Suite v5.5: Last Feature Release
31
Release Objective• Enhance Enterprise capabilities• Deliver latest mobile platform support
Value Proposition• Broader Platform support (Enterprise)
Target• Enterprise mobile admin
Release Highlights
Mobile Management
• Platform support: Windows Phone 10
• Apple DEP (Work-hub less enrollment)
• Compliance alert and actions
• Restore Content Center
• Customer Issues/Enhancements
End-User Experience
• Workforce Apps:
• Updated Platform Support (iOS9.x, Android M)
• Customer issues and minor enhancements
Planned GA: CY Q2 2016
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Touchdown 9.0: Android UX Re-design
32
Release Objective• Limited rollout of redesigned UX based on latest
android guidelines
Value Proposition• Consumer Appeal, Enterprise Security, Desktop
Functionality
Target• Enterprise, Commercial and Consumer
Release Highlights
iOS
• Customer Issues and Enhancements
• Integrated MAPS w/SYMC telemetry and opt-out options
Android
• UX re-design for modules:
• Calendar
• Contacts
• Tasks
• Notes
• Integrated MAPS w/SYMC telemetry and opt-out options
Ship Date: April 2016
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Touchdown 9.x: Android UX Re-design
33
Release Objective• Android UX redesign generally available• Distribute and manage without MDM/ MAM
Value Proposition• Consumer Appeal, Enterprise Security, Desktop
Functionality• Lower TCO for email access on mobile
Target• Enterprise and Commercial
Release Highlights
Touchdown App
• Incorporate feedback for Android Re-Design
• Android Re-Design Ph-2
Planned GA: CY Q3 2016
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Mobile App Protection v1.1 Remediation/CA
34
Release Objective• Risk Detection SDK• Dynamic Policy Settings
Value Proposition• Provide protection and visibility to Enterprise
mobile applications
Target• Enterprise who creates mobile apps for their
customers/employees
Release Highlights
Risk Detection SDK
• Dynamic Policy Updates
• Plug-Ins to Simplify Developer Use
Console & Back End
• Dynamic Policy Settings
Ship Date/CA: February 2016
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Mobile App Protection v2.0: Common Cloud
35
Release Objective• On Common Cloud platform, Remediation &
Control
Value Proposition• On Common Cloud Platform; dynamic policy
updates
Target• Enterprise who creates mobile apps for their
customers/employees
Release Highlights
Console & Back-End
•On Common Cloud platform
•UX:“Cloud Stratus Style”
•Dynamic policy settings
•New data visualizations per customer feedback
•Possibly: Licensing integration via OLP
Risk Detection SDK•Dynamic policy updates
• iOS: Malware
Planned GA: Summer 2016
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Messaging Gateway 10.6
36
Release Objective• Enhanced effectiveness for bulk mail containing
URLs.• Refreshing Operating System to latest standard
and transition to native 64bit
Value Proposition• Enhanced effectiveness• Better performance• Supporting the latest platforms
Target• All current Symantec Messaging Gateway
customers • All segments requiring an on-premise secure
messaging gateway solution.
• Enhanced effectiveness for spam and bulk mail: Scans emails for URLs and performs lookups to Symantec’s URL reputation intelligence
• Provides the capability to send the Control Center administrative events to a remote logging facility
• Adding support for TLS 1.1 and 1.2
• Operating System refreshes to maintain a secure platform and transition applications to native 64 bit
• Performance improvements
• Support for VMWare ESXi/vSphere 6
Platforms:
SMG 8340/8380
VMware ESXi/vSpher
Microsoft Hyper-V
Ship Date: December 2015
Release Highlights
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Symantec Messaging Gateway 10.6.1
37
Release Objective• This releases fixes known defects
Value Proposition• Stability improvements• Better performance
Target• All current Symantec Messaging Gateway
customers • All segments requiring an on-premise secure
messaging gateway solution.
• Hardware refresh: New SMG 8340 (R230)
• This release fixes known defects
Platforms:
SMG 8340/8380
VMware ESXi/vSphere
Microsoft Hyper-V
Planned GA: CY Q2 2016
Copyright © 2016 Symantec CorporationValid through 31MAY2016 Release Status Shipped Execution
Release Highlights
38
Release Objective• Accurately Baseline normal operation of the
communication bus of a vehicle• Automatically detect anomalies without
requiring vehicle manufacturer to set rules• Ability to detect sophisticated attacks to a vehicle• Comply with low footprint and compute
requirements and can be deployed in head unit or via OBD – II dongle in a car
TargetCustomers in the Automotive space
o Vehicle Manufacturers and Tier I Supplierso After-market telematics players
Automatic Anomaly Detection• Bus parameter based statistical baselines• Ability to provide anomaly detection without
having to set rules or create policies.
Ability to detect and infer sophisticated attacks• Characterize State transitions in CAN BUS• Deep Packet Inspection
Low compute and RAM footprint
Planned GA: CY Q2 2016 ( MAY 2016 )
Release Highlights
Release Status ExecutionCopyright © 2016 Symantec Corporation -- Valid through 31MAY2016
Value PropositionAutomatically provide customers complete visibility to threats in their automotive networks on the CAN Bus
Anomaly Detection for Automotive V1.0
Anomaly Detection for Industrial Control Systems v1.0
Solution Objective• Automatically detect and map assets in customers’
industrial control systems• Detect anomalies in real-time without requiring
customer to set rules or policies• Form factor: software deployed on gateway or
other device on subnet, <500MB RAM required• Passive, no disruption of ongoing operations• UI maps system topology, provides relevant data
for anomalies
Target CustomerCustomers operating Industrial Control Systems
o Manufacturerso Oil & Gaso Utilitieso Critical Infrastructure
Asset Detection • Identify assets based on IP address, MAC address, additional
device specs (where possible)• Map network topology based on message flow
Anomaly Detection• Establish baseline activity by statistical analysis of network
parameters• Detect anomalous behavior (relative to baseline) without
having to set rules or create policies• Accept feedback from users over time to improve detection
accuracy and reduce false positives• Generate alerts and prioritize based on criticality in real-
time
ICS Protocol Parsing• Hybrid approach to protocol parsing:
• Protocol aware parser addresses specifics of top ICS protocols (e.g.: CIP, Modbus)
• Protocol agnostic parser uses machine-learning methods to characterize long tail of proprietary protocols
Easy to use UI• Visualize network topology• Present key forensic data for investigating anomalies• 2 UI’s: Edge (subnet specific) and backend (aggregated)
Feature Highlights - v1.0
Copyright © 2016 Symantec Corporation – Valid through 31MAY2016
Value PropositionICS systems contain a wide range of devices (age, complexity, function) and protocols, and are the target of new, sophisticated attacks. Securing ICS systems requires a proactive, analytics-based approach that understands a system’s topology and baseline activity to detect anomalous behavior that may indicate an attack.
Planned GA: September 2016
PlanningRelease Status Shipped Execution
40
Otázkyhow?
top related