symantec_2-4-5 nov 2010
DESCRIPTION
TRANSCRIPT
1
Enterprise IT Security
BriefingIT Security Briefing
Bogdan Stefanescu
Presales Consultant - Symantec Romania
2
A CRIME IS BEING COMMITTED...
3
EVERY 15 MINUTES IN
PARIS.
4
EVERY 3½ MINUTES IN
NEW YORK CITY.
5
EVERY 2½ MINUTES IN
TOKYO.
6
EVERY 2 MINUTES IN
BERLIN.
7
EVERY ¼ OF A SECOND
IN CYBERSPACE.
8
Changes in the Threat Landscape
Redefining Endpoint Security
From Hackers… To Thieves
Few named variants Overwhelming variants
Noisy and highly visible Silent
Fame motivated Financially motivated
Indiscriminate Highly targeted
9
• •
• •
On July 13 2010 a unique form of malware was discovered that was
attempting to take control of industrial infrastructure around the world
TH
RE
AT
10
• •
• •
11
Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact
Copyright © 2009 Symantec Corporation. All rights
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors• 200+ countries
Malware Intelligence• 130M client, server, gateways monitored• Global coverage
Vulnerabilities• 32,000+ vulnerabilities
• 11,000 vendors• 72,000 technologies
Spam/Phishing• 2.5M decoy accounts
• 8B+ email messages/day• 1B+ web requests/day
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
Alexandria, VA
Reading, England
Sydney, AU
12
Changes in the Threat Landscape
Redefining Endpoint Security
Period
Nu
mb
er
of
sig
na
ture
s
Source: Symantec Security Response
13
The Problem
Protection is a constant challenge
• As we improve and innovate our technologies, malware authors adapt and innovate too
• Their techniques are easy – exploit, encrypt, deploy and repeat
Like a game of cat and mouse…
14
Traditional, signature based detections just can’t keep up
15
Then we need something different…
16
Ubiquity is something different
17
The Problem
Millions of file variants (good and bad)
• So imagine that we know:
– about every file in the world today…
– and how many copies of each exist
– and which files are good and which are bad
• Now let’s order them by prevalence with
– Bad on left
– Good on the right
18
Unfortunately neither technique works well for the tens of millions
of files with low prevalence.
(But this is precisely where the majority of today’s malware falls)
Unfortunately neither technique works well for the tens of millions
of files with low prevalence.
(But this is precisely where the majority of today’s malware falls)
Today, both good and bad software obey a long-tail distribution.
Bad Files Good Files
Prev
alen
ce
Whitelisting works well here.
Whitelisting works well here.
For this long tail a new technique is needed. For this long tail a new technique is needed.
Blacklisting works well here.
Blacklisting works well here.
The Problem
No Existing Protection Addresses the “Long Tail”
19
Ubiquity
Could we leverage our users for Security?
• We looked at how others leverage their user communities
• They ‘ask’!
• So perhaps we should use a similar approach?– We ask our users to rate software they use– Over time, applications build a reputation– Symantec products then only allows users to run programs
with at least “4 stars.”
Books Music Movies
20
Ubiquity
Well not so fast
• To a user, it’s not at all obvious what is safe and what is not…
Many threats aresilent, the user isn’t even awareof their presence
Some threats hide inside legitimate processes
Other threats pretend to be legitimate files…AntiVirus 2010
This means we can’t just ‘ask’ our users for feedback!
21
How it Works
SubmissionServers
ReputationServers
File hash
Good/bad
Confidence
Prevalence
Date first seen
11 Collect data
22 Calculate Ubiquity SafetyRatings(updated every 4 hrs)
33 Deliver Ubiquity Safety Ratings
In 2007, we started collecting data and built a massively-parallel analysis algorithm..
Analogy:Google’s
PageRank™
Analogy:Google’s
PageRank™
22
Five important new benefits:
1. Drastically Improved Protection
2. Policy-based lockdown
3. A Weapon Against False Positives
4. Improved performance
5. Unique endpoint visibility
Reputation
Ubiquity Benefits
23
Conclusion
Ubiquity Changes the Rules of the Game
• Amplifies the protection of our current technologies
• We no longer rely solely on traditional signatures
• Use data from tens of millions of users to automatically identifyotherwise invisible malware
• Shifts the odds in our favor – attackers can no longer evade us by tweaking their threats
24
Users – Given the
tools to make choices
Empower Users
25
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Develop and Enforce IT PoliciesDevelop and Enforce IT Policies
Protect The InformationProtect The Information
Manage SystemsManage Systems
Protect The InfrastructureProtect The Infrastructure
The Challenge
26
Develop and Enforce IT Policies
Control Compliance Suite
Develop and Enforce IT Policies
Define Risk and Develop
IT Policies
Assess Infrastructure and Processes
Report, Monitor andDemonstrate
Due Care
RemediateProblems
27
Protect The InformationProtect The Information
Data Loss Prevention Suite
DiscoverWhere Sensitive
Information Resides
MonitorHow Data
is Being Used
ProtectSensitive
InformationFrom Loss
28
Manage Systems Manage Systems
Altiris Total Management Suite
ImplementSecure
Operating Environments
Distribute and Enforce Patch Levels
Automate Processes to Streamline Efficiency
Monitor and Report on
System Status
™
29
Protect The Infrastructure
Symantec Protection Suite
Protect The Infrastructure
SecureEndpoints
ProtectEmail and
Web
DefendCritical
Internal Servers
Backupand
RecoverData
™
30
OrganizedCriminal
Malicious Insider
OrganizedCriminal
MaliciousInsider
Protect the Infrastructure
Develop & Enforce IT Policies
Protect the Information
Manage Systems
• Lack of Visibility• Evolving Threats• Growing Complexity
• IT Risk Management• Cost & Complexity of Compliance• Lack of Visibility
• Growth of Unstructured Data• Social Media Access• Cloud Computing
• Management of HW and SW• Complexity of IT Processes• Operating System Migration
Integrated Security PlatformOpen
PlatformConsole
UnificationSecurity
IntelligenceDynamic
Protection
New Challenges Require New Technologies
31
Thank You