Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Advertising

ATP HIgh Level _ Symantec Keynote

Getting Beyond Standalone Antivirus to
Advanced Threat Protection
Eric Schwake
Sr. Product Marketing Manager
@lombar77
1
1
Targeted Attack Trends
2
Organizations Struggling to Keep Up
3
A Methodology for Better Protection
4
How Symantec Can Help
5
Q&A
2
Targeted Attacks
3
Targeted Attacks Defined
Broad term used to
characterize threats
targeted to a specific entity
or set of entities
Often crafted and executed
to purposely be covert and
evasive, especially to
traditional security controls
End goal is most commonly to capture and extract
high value information, to damage brand, or to
disrupt critical systems
4
How Targeted Attacks Happen
Spear Phishing
Watering Hole Attack
Send an email to a person
of interest
Infect a website and lie
in wait for them
5
Targeted Attack Trends
Top 10 Industries Targeted
Spear Phishing Attacks by Size of
Targeted Organization,
2011 - 2013
2013
2011
2012
in Spear-Phishing Attacks, 2013
Source: Symantec Source: Symantec
Public Administration (Gov.)
78
Email per Campaign
2,501+
Employees
Services – Professional
50%
2012
61
Services – Non-Traditional
Recipient/Campaign
111
50%
+91
165
Campaigns
1,001 to 1,500
Transportation, Gas,
Communications, Electric
501 to 1,000
5
50%
Wholesale
251 to 500
Retail
1 to 250
18%in
Duration
of Campaign
Increase
0
2011
408
%
Manufacturing
Finance, Insurance
& Real Estate
1,501 to 2,500
779
122
100%
2013
16%
39% 15 29
14
23
13
13
6
61%
50%
2
31%
30%
1 2012
2013
targeted
3 days
campaigns
8.3 days
4 days 1 attack
Mining
Construction
6
Organizations are Struggling to Keep Up
7
Reliance on Silver Bullet Technologies
• A single point product won’t
identify all threats
• Most frequent Silver Bullet
monitoring technologies:
– IDP / IPS
– Anomaly detection (on the rise)
32%
Average % of
incidents detected
by IDP / IPS
technologies
• Individual technologies lack a
comprehensive vantage point to
detect today’s threats.
8
Incomplete Enterprise Coverage
• Companies fail to effectively
assess (and update) the scope of
their Enterprise
• Enterprise technology trends
further challenge scope
– Mobile
– Cloud
– BYOD
9
Underestimate SIEM Complexity
• Companies frequently
underestimate effort and cost
to implement
– Technical architecture frequently
under scoped
– Time to implement can take year+
• Struggle to sustain capability
– Turnover of “the SIEM expert”
– Focus / Expertise Required
72%
Collect 1TB of security
data or more on a
monthly basis
35%
Too many false
positive responses
10
Lack of Sufficient Staff / Expertise
Increasing Sophistication ≠ More Resources
83%
of enterprise
organizations say it’s
extremely difficult
or somewhat
difficult to
recruit/hire security
professionals
“We’re at 100% employment
in IT security”
– Chief Security Officer
Health Care Organization
11
Can’t Keep up with Evolving Threats
• Detection program must be
evolve as threats evolves
– Analyst training / awareness
– SIEM tuning
– Detection methods
– Response tactics
• Varied tactics to keep up with
threats:
– Open source
– Working groups (ISACs)
– Commercial
28%
Sophisticated
security events have
become too hard to
detect for us
35%
Do not use external
threat intelligence
for security analytics
12
A Methodology for Better Protection
13
The Attack Waterfall
Readiness
Protection
Detection
Response
100+
Security
Ops staff
256 Billion
Attacks
350,000
Security Events
3,000
Incidents
The ‘Maybe’s
14
Identify
Protect
Detect
Respond
100+
Security
Staff
256B
attacks
350K
events
3000
incidents
Recover
15
Identify or Readiness
Asset Management
Policy
Threat Intelligence
Practice
16
Identify
Protect
Detect
Respond
100+
Security
Staff
256B
attacks
350K
events
3000
incidents
Recover
17
Proactive Protection Technologies
More than AV
Test URLs in Email
All Control Points
18
Identify
Protect
Detect
Respond
100+
Security
Staff
256B
attacks
350K
events
3000
incidents
Recover
19
Detect
Identify Anomalies
Monitor & Test Everything
Correlate Control Points
20
Identify
Protect
Detect
Respond
100+
Security
Staff
256B
attacks
350K
events
3000
incidents
Recover
21
Respond
Automate Correlation
Incident Response
22
How Symantec Can Help
23
Symantec Advanced Threat Protection
Readiness
Protection
Detection
Response
100+
Security
Ops staff
256 Billion
Attacks
350,000
Security Events
3,000
Incidents
Managed
Adversary
Service
Secure
App
Service
Security
Simulation
The ‘Maybe’s
Insight, SONAR,
Thread injection
protection
Disarm, Link
following,
Skeptic
Advanced Threat
Protection Solution
MSS-ATP
Synapse
Cynic
Synapse
Incident
Response
Service
24
Thank you!
Eric Schwake
Eric_schwake@symantec.com
+1 541 520 6015
@lombar77
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,
are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
25
Related documents
Lecture 3
Lecture 3
Managing Threats in a Changing World
Managing Threats in a Changing World
Cryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1
In today world of advance computing and more computer conneted
In today world of advance computing and more computer conneted
Access Control Systems
Access Control Systems
Symantec Intelligence Quarterly Security Response July - September, 2011 Introduction
Symantec Intelligence Quarterly Security Response July - September, 2011 Introduction
INTERNET SECURITY THREAT REPORT 2015 INTERNET SECURITY THREAT REPORT Distributed by APRIL 2015
INTERNET SECURITY THREAT REPORT 2015 INTERNET SECURITY THREAT REPORT Distributed by APRIL 2015
Download