Ján KvasničkaSenior Pre-Sales Consultant, Czech Republic and Slovakia
Advanced Threat Protection
Targeted Attacks: have we chance to protect ourselves?
Agenda
1 Evolving Threat Landscape
2 Symantec Advanced Threat Protection (ATP)
3 Examples
Copyright © 2015 Symantec Corporation2
Agenda
1 Evolving Threat Landscape
2 Symantec Advanced Threat Protection (ATP)
3 Examples
Copyright © 2015 Symantec Corporation3
•What are APTs?
APT – Advanced Persistent Threat
ATP – Advanced Threat Protection
Copyright © 2015 Symantec Corporation4
Advanced Persistent Threat
• Advanced
• – Attacker adapts to defenders’ efforts
• – Can develop or buy Zero-Day exploits
• – Higher level of sophistication
• Persistent
• – Attacks are objective and specific
• – Will continue until goal is reached
• – Intent to maintain long term connectivity
• Threats
• – Entity/s behind the attack
• – Not the malware/exploit/attack alone
Copyright © 2015 Symantec Corporation5
APT Defined
•Key contributors to popularity of APTs- Nation States- Organized crime groups- Hacktivist Groups
Copyright © 2015 Symantec Corporation6
WE SEE THE RESULTS DAILY. HOW MANY GO UNDETECTED AND UNREPORTED?
7
Copyright © 2015 Symantec Corporation
312Total Data
Breaches in 2014
348million
Total Identities exposed in 2014
• Unencrypted POS post-Target• 5 months to detection• 2 weeks to uncover• Via vendor + 0-day vulnerability• 56 million credit cards stolen
• Attackers wanted instant impact• 4 unreleased movies• 25GB, 33K files • Disabled email, Wi-Fi• Delayed paychecks
• 1 ½ months to detection• 5 DB admins compromised• 80 million medical records stolen• Medical records 10 times more valuable
than credit cards on black market
ATTACK MOTIVATION
Copyright © 2015 Symantec Corporation8
Advanced Persistent Threat (APT) Techniques
Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug 2013 2014
Spear Phishing
Send an email to a person of interest
Trojanized Update
Infect software update victim downloads
Watering Hole Attack
Infect a website and lie in wait for them
Trojanized Update
Infect software update victim downloads
Trojanized Update
Infect software update victim downloads
Targeted attacks run at least three different types of attacks at the same time
Copyright © 2015 Symantec Corporation
Agenda
1 Evolving Threat Landscape
2 Symantec Advanced Threat Protection (ATP)
3 Examples
Copyright © 2015 Symantec Corporation10
Symantec Confidential
The Best Protection Doesn’t Stop Everything
Copyright © 2015 Symantec Corporation11
PROTECT
Stopping Incoming Attacks
While protection is still very important….
…you need to prepare to be compromised
PREPARE
Understanding Where Important Data Is & Who Can Access It
DETECT
Finding Incursions
RESPOND
Containing & Remediating Problems
RECOVER
Restoring Operations
Detect & Respond Capabilities Are Critical
Copyright © 2014 Symantec Corporation12
Symantec Advanced Threat ProtectionOur Future:
PROTECT
Stopping Incoming Attacks
PREPARE
Understanding Where Important Data Is & Who Can Access It
DETECT
Finding Incursions
RESPOND
Containing & Remediating Problems
RECOVER
Restoring Operations
More Intelligence | Better Detection & Faster Response | Correlated Across Control Points | Integrated with Endpoint Protection
CLOUD SANDBOX CORRELATION INVESTIGATION Global IntelligenceREMEDIATION
Physical & Virtual Detonation
andPrioritization
Detect once, Find everywhere
Block, Clean, Fix in real-time
SYMANTEC ADVANCED THREAT PROTECTION
ENDPOINT NETWORK EMAIL 3RD PARTY
14
Symantec™ Advanced Threat Protection Features
14
Symantec ATP: Network
Symantec Synapse™
Symantec ATP: Email
Symantec Cynic™
Symantec ATP: Endpoint
You should be familiar with Symantec Advanced Threat Protection key features and benefits
WHAT IS IT? Network appliance
Hardware (8840, 8880)
Virtual (ESXi 5.1, 5.5)
Integrates with core network switch
TAP/SPAN – Monitoring
In-line – Blocking
Monitors internal, inbound and outbound network traffic
THE BENEFIT: Network visibility into all devices & all
protocols
Automated sandboxing, web exploits, command & control
Agentless integration with Email Security.cloud and Symantec Endpoint Protection
15
Symantec™ Advanced Threat Protection Features
15
Symantec ATP: Network
Symantec Synapse™
Symantec ATP: Email
Symantec Cynic™
Symantec ATP: Endpoint
You should be familiar with Symantec Advanced Threat Protection key features and benefits
WHAT IS IT? Targeted attack reporting
Simple add-on to Email Security.cloud
THE BENEFIT: Identifies targeted attacks against an
organization or specific user
Detailed reports on all malicious emails
On-demand data export for SIEM
Agent-less event correlation with Symantec ATP: Network and Symantec Endpoint Protection.
Managed via the single Symantec.cloud management console
16
Symantec™ Advanced Threat Protection Features
16
Symantec ATP: Network
Symantec Synapse™
Symantec ATP: Email
Symantec Cynic™
Symantec ATP: Endpoint
You should be familiar with Symantec Advanced Threat Protection key features and benefits
WHAT IS IT? Additional intelligence, forensics and
response tools for Symantec Endpoint Protection.
THE BENEFIT: Endpoint visibility (the foothold in most
targeted attacks)
Endpoint context, suspicious events, & remediation
Requires SEP – no new agent – and deployed as a virtual appliance
17
Symantec™ Advanced Threat Protection Features
17
Symantec ATP: Network
Symantec Cynic™
Symantec ATP: Email
Symantec Synapse™
Symantec ATP: Endpoint
You should be familiar with Symantec Advanced Threat Protection key features and benefits
WHAT IS IT? Cloud-based file execution, analysis and
sandbox platform
Mimics human interaction in realistic environments
THE BENEFIT: Conviction and intelligence always
available within minutes not hours.
Doesn’t just detonate, it imitates how an endpoint acts for better accuracy
Detect threats designed to evade VMs
Quick, accurate analysis of nearly all types of potential malicious content
Cloud enables rapid updates as malware evolves to avoid detection
18
Symantec™ Advanced Threat Protection Features
18
Symantec ATP: Network
Symantec Cynic™
Symantec ATP: Email
Symantec Synaspe™
Symantec ATP: Endpoint
You should be familiar with Symantec Advanced Threat Protection key features and benefits
WHAT IS IT? New correlation engine allows for faster,
confident response to security incidents
THE BENEFIT: Prioritizes endpoints that need to be
remediated due to active infection
Assigns a lower priority for threats already blocked at one control point (e.g. new threat identified at network, but blocked at endpoint)
No new agents to deploy or complex SIEM rules to write
Correlates across endpoint, email and network
Symantec Advanced Threat Protection: Modules
19
• Endpoint visibility (the foothold in most targeted attacks)
• Endpoint context, suspicious events, & remediation
• Requires SEP – no new agent – and deployed as a virtual appliance
Copyright © 2015 Symantec Corporation
• Network visibility into all devices & all protocols
• Automated sandboxing, web exploits, command & control
• Deployed off a TAP or inline as virtual or physical appliance
• Email visibility (still the number one incursion vector)
• Email trends, targeted attack identification, sandboxing
• Cloud-based easy add on to Email Security.cloud
Agenda
1 Evolving Threat Landscape
2 Symantec Advanced Threat Protection (ATP)
3 Examples
Copyright © 2015 Symantec Corporation20
Demo
21
From here you can take action on the endpoint
Remediate, Quarantine,
Blacklist, Whitelist in the environment
22
Detection Types Response write-ups when present
Click through to VTotal
Insight Context
Retrieve and RemediateRich context provided for detections
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Ján Kvasnička
Top Related