1

Getting Beyond Standalone Antivirus to Advanced Threat Protection

Eric SchwakeSr. Product Marketing Manager@lombar77

2

Targeted Attack Trends1

Organizations Struggling to Keep Up2

A Methodology for Better Protection3

How Symantec Can Help4

Q & A5

Targeted Attacks

3

Targeted Attacks Defined

4

End goal is most commonly to capture and extract high value information, to damage brand, or to

disrupt critical systems

Broad term used to characterize threats targeted to a specific entity or set of

entities

Often crafted and executed to purposely be covert and

evasive, especially to traditional security controls

How Targeted Attacks Happen

5

Send an email to a person of interest

Spear Phishing

Infect a website and lie in wait for them

Watering Hole Attack

Targeted Attack Trends

6

2013

2012

+91%

Increase in targeted attack campaigns

2011 2012 2013

Email per Campaign

Recipient/Campaign

Campaigns

Duration of Campaign

78

122

29

61

111

23

165

408

779

4 days 3 days 8.3 days

Top 10 Industries Targetedin Spear-Phishing Attacks, 2013Source: Symantec

Public Administration (Gov.)

Services – Professional

Services – Non-Traditional

Manufacturing

Finance, Insurance & Real Estate

Transportation, Gas, Communications, Electric

Wholesale

Retail

Mining

Construction

16%15

141313

65

211

Spear Phishing Attacks by Size of Targeted Organization, 2011 - 2013Source: Symantec

50% 50%39%

18%31% 30%

100%

02011 2012 2013

1,501 to 2,500

1,001 to 1,500

501 to 1,000

251 to 500

1 to 250

2,501+Employees

50% 50%61%

Organizations are Struggling to Keep Up

7

8

Reliance on Silver Bullet Technologies

• A single point product won’t identify all threats

• Most frequent Silver Bullet monitoring technologies: – IDP / IPS

– Anomaly detection (on the rise)

• Individual technologies lack a comprehensive vantage point to detect today’s threats.

32%Average % of incidents detected by IDP / IPS technologies

9

Incomplete Enterprise Coverage

• Companies fail to effectively assess (and update) the scope of their Enterprise

• Enterprise technology trends further challenge scope– Mobile

– Cloud

– BYOD

10

Underestimate SIEM Complexity

• Companies frequently underestimate effort and cost to implement– Technical architecture frequently

under scoped

– Time to implement can take year+

• Struggle to sustain capability– Turnover of “the SIEM expert”

– Focus / Expertise Required 35%Too many false positive responses

72%Collect 1TB of security data or more on a monthly basis

11

Lack of Sufficient Staff / ExpertiseIncreasing Sophistication ≠ More Resources

“We’re at 100% employment in IT security”

– Chief Security Officer

Health Care Organization

83%of enterprise organizations say it’s extremely difficult or somewhat difficult to recruit/hire security professionals

12

Can’t Keep up with Evolving Threats

• Detection program must be evolve as threats evolves– Analyst training / awareness

– SIEM tuning

– Detection methods

– Response tactics

• Varied tactics to keep up with threats: – Open source

– Working groups (ISACs)

– Commercial

28%Sophisticated security events have become too hard to detect for us

35%Do not use external threat intelligence for security analytics

A Methodology for Better Protection

13

The Attack Waterfall

14

Protection Detection Response

256 Billion Attacks

350,000Security Events

The ‘Maybe’s

3,000Incidents

Readiness100+

Security Ops staff

15

Identif

y

Protect

Detect

Respon

d

Recove

r100+

Security Staff

256B attacks

350K events

3000 incidents

Identify or Readiness

16

Threat Intelligence

Asset Management

Policy

Practice

17

Identif

y

Protect

Detect

Respon

d

Recove

r100+

Security Staff

256B attacks

350K events

3000 incidents

Proactive Protection Technologies

18

All Control Points

More than AV

Test URLs in Email

19

Identif

y

Protect

Detect

Respon

d

Recove

r100+

Security Staff

256B attacks

350K events

3000 incidents

Detect

20

Correlate Control Points

Identify Anomalies

Monitor & Test Everything

21

Identify Protect Detect Respond Recover

100+ Security

Staff

256B attacks

350K events

3000 incidents

Respond

22

Automate Correlation

Incident Response

How Symantec Can Help

23

Symantec Advanced Threat Protection

Managed Adversary

Service Insight, SONAR, Thread injection protection

Secure App

Service

Security Simulation

Disarm, Link following, Skeptic

Incident Response

Service

MSS-ATP

Advanced Threat Protection Solution

Cynic

Synapse

Synapse

Protection Detection Response

256 Billion Attacks

350,000Security Events

The ‘Maybe’s

3,000Incidents

Readiness100+

Security Ops staff

24

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

25

Eric SchwakeEric_schwake@symantec.com+1 541 520 6015@lombar77