Advanced Threat Protection – ultimátní bezpečnostní řešení

Ján KvasničkaSenior Pre-Sales Consultant, Czech Republic and Slovakia

Advanced Threat Protection

Targeted Attacks: have we chance to protect ourselves?

Agenda

1 Evolving Threat Landscape

2 Symantec Advanced Threat Protection (ATP)

3 Examples

Copyright © 2015 Symantec Corporation2

Agenda



3 Examples


•What are APTs?

APT – Advanced Persistent Threat

ATP – Advanced Threat Protection


Advanced Persistent Threat

• Advanced

• – Attacker adapts to defenders’ efforts

• – Can develop or buy Zero-Day exploits

• – Higher level of sophistication

• Persistent

• – Attacks are objective and specific

• – Will continue until goal is reached

• – Intent to maintain long term connectivity

• Threats

• – Entity/s behind the attack

• – Not the malware/exploit/attack alone


APT Defined

•Key contributors to popularity of APTs- Nation States- Organized crime groups- Hacktivist Groups


WE SEE THE RESULTS DAILY. HOW MANY GO UNDETECTED AND UNREPORTED?

7

Copyright © 2015 Symantec Corporation

312Total Data

Breaches in 2014

348million

Total Identities exposed in 2014

• Unencrypted POS post-Target• 5 months to detection• 2 weeks to uncover• Via vendor + 0-day vulnerability• 56 million credit cards stolen

• Attackers wanted instant impact• 4 unreleased movies• 25GB, 33K files • Disabled email, Wi-Fi• Delayed paychecks

• 1 ½ months to detection• 5 DB admins compromised• 80 million medical records stolen• Medical records 10 times more valuable

than credit cards on black market

ATTACK MOTIVATION


Advanced Persistent Threat (APT) Techniques

Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug 2013 2014

Spear Phishing

Send an email to a person of interest

Trojanized Update

Infect software update victim downloads

Watering Hole Attack

Infect a website and lie in wait for them

Trojanized Update


Trojanized Update


Targeted attacks run at least three different types of attacks at the same time


Agenda



3 Examples


Symantec Confidential

The Best Protection Doesn’t Stop Everything


PROTECT

Stopping Incoming Attacks

While protection is still very important….

…you need to prepare to be compromised

PREPARE

Understanding Where Important Data Is & Who Can Access It

DETECT

Finding Incursions

RESPOND

Containing & Remediating Problems

RECOVER

Restoring Operations

Detect & Respond Capabilities Are Critical


Symantec Advanced Threat ProtectionOur Future:

PROTECT

Stopping Incoming Attacks

PREPARE

Understanding Where Important Data Is & Who Can Access It

DETECT

Finding Incursions

RESPOND

Containing & Remediating Problems

RECOVER

Restoring Operations

More Intelligence | Better Detection & Faster Response | Correlated Across Control Points | Integrated with Endpoint Protection

CLOUD SANDBOX CORRELATION INVESTIGATION Global IntelligenceREMEDIATION

Physical & Virtual Detonation

andPrioritization

Detect once, Find everywhere

Block, Clean, Fix in real-time

SYMANTEC ADVANCED THREAT PROTECTION

ENDPOINT NETWORK EMAIL 3RD PARTY

14

Symantec™ Advanced Threat Protection Features

14

Symantec ATP: Network

Symantec Synapse™

Symantec ATP: Email

Symantec Cynic™

Symantec ATP: Endpoint

You should be familiar with Symantec Advanced Threat Protection key features and benefits

WHAT IS IT? Network appliance

Hardware (8840, 8880)

Virtual (ESXi 5.1, 5.5)

Integrates with core network switch

TAP/SPAN – Monitoring

In-line – Blocking

Monitors internal, inbound and outbound network traffic

THE BENEFIT: Network visibility into all devices & all

protocols

Automated sandboxing, web exploits, command & control

Agentless integration with Email Security.cloud and Symantec Endpoint Protection

15


15


Symantec Synapse™

Symantec ATP: Email

Symantec Cynic™



WHAT IS IT? Targeted attack reporting

Simple add-on to Email Security.cloud

THE BENEFIT: Identifies targeted attacks against an

organization or specific user

Detailed reports on all malicious emails

On-demand data export for SIEM

Agent-less event correlation with Symantec ATP: Network and Symantec Endpoint Protection.

Managed via the single Symantec.cloud management console

16


16


Symantec Synapse™

Symantec ATP: Email

Symantec Cynic™



WHAT IS IT? Additional intelligence, forensics and

response tools for Symantec Endpoint Protection.

THE BENEFIT: Endpoint visibility (the foothold in most

targeted attacks)

Endpoint context, suspicious events, & remediation

Requires SEP – no new agent – and deployed as a virtual appliance

17


17


Symantec Cynic™

Symantec ATP: Email

Symantec Synapse™



WHAT IS IT? Cloud-based file execution, analysis and

sandbox platform

Mimics human interaction in realistic environments

THE BENEFIT: Conviction and intelligence always

available within minutes not hours.

Doesn’t just detonate, it imitates how an endpoint acts for better accuracy

Detect threats designed to evade VMs

Quick, accurate analysis of nearly all types of potential malicious content

Cloud enables rapid updates as malware evolves to avoid detection

18


18


Symantec Cynic™

Symantec ATP: Email

Symantec Synaspe™



WHAT IS IT? New correlation engine allows for faster,

confident response to security incidents

THE BENEFIT: Prioritizes endpoints that need to be

remediated due to active infection

Assigns a lower priority for threats already blocked at one control point (e.g. new threat identified at network, but blocked at endpoint)

No new agents to deploy or complex SIEM rules to write

Correlates across endpoint, email and network

Symantec Advanced Threat Protection: Modules

19

• Endpoint visibility (the foothold in most targeted attacks)

• Endpoint context, suspicious events, & remediation

• Requires SEP – no new agent – and deployed as a virtual appliance


• Network visibility into all devices & all protocols

• Automated sandboxing, web exploits, command & control

• Deployed off a TAP or inline as virtual or physical appliance

• Email visibility (still the number one incursion vector)

• Email trends, targeted attack identification, sandboxing

• Cloud-based easy add on to Email Security.cloud

Agenda



3 Examples


Demo

21

From here you can take action on the endpoint

Remediate, Quarantine,

Blacklist, Whitelist in the environment

22

Detection Types Response write-ups when present

Click through to VTotal

Insight Context

Retrieve and RemediateRich context provided for detections

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Ján Kvasnička

[email protected]

Advanced Threat Protection – ultimátní bezpečnostní řešení

Technology

Transcript of Advanced Threat Protection – ultimátní bezpečnostní řešení