6. Current Threat Landscape – Data Breaches
1200 x Laptops lost/stolen every week
40% of ex-employees take data with them
Average cost of data breach – £1.9m
9. Summary
• No business is safe from attack – regardless of its size
• Attackers are being more selective in who they target
• Obtaining information is key – if an attacker could make money from it, it’s a potential
target
Below are some qualifying questions that can help you determine a security solution
requirement:
• What are you currently doing to safeguard your data?
• How are your emails protected?
• Do you use mobile devices in your organisation?
• What industry regulations do you have to comply with?
• How are you protecting your end users workstations?
11. Global Expertise
More researchers
Comprehensive data sources
More virus samples analyzed
Extensive customer support
In-depth Analysis
Signatures: AV,AS,IPS,GEB,
SPAM, White lists
DeepSight Database
IT Policies and Controls
Rigorous False Positive Testing
Automated Updates
Fast & Accurate
Variety of Distribution Methods
Relevant Information
Relevancy
Accuracy
Protection
Response
Centers
Users
Symantec Security Intelligence
Global Intelligence Network
13. Symantec Security Strategy
Global Intelligence
Network (GIN)
200+m Nodes Globally
40% Global email Monitored
2.5+m “decoy” accounts
200+ Countries
Malicious Insider
Well Meaning Insider
Malicious Outsider
Enforce IT Policies
Policy Access Controls
Control Compliance
Suite (CCS)
Protect Information
Data Loss Prevention
& Encryption
(DLP/PGP)
Where Who Control
Endpoint Storage
Data in-transit
Trusted
Interactions
With Symantec O3
Identity Protection (2
factor authentication)
Fraud Detection
Public Key Infrastructure
Protect The Infrastructure
Mail Servers, Gateway
Servers
Symantec
Protection Suite (SPS)
Endpoint: AV, Spy, Device &
App Control
Manage & Remediate
Patch Management
Asset Management
Asset Deployment
Migration
Altiris (ITMS)
Symantec Security
Information
Manager (SSIM)
Mobile Devices
Process People Technology
Protective monitoring
Incident management
Incident Closure
Mobile Management
Suite/ Appcenter
(MDM)
iOS, Android
Windows 7
Phone
Tablets
Critical System
Protection for the ‘un-patchable’
Legacy systems
Hardening
Symantec.cloud
Protect Interactions
Critical
Systems Protection (CSP)
Validation
and ID Protection (VIP)
Workflow
15. • Most extensive portfolio of business
protection solutions available
• More experience – 30+ years of protecting
the world’s systems and information
• Comprehensive and up-to-date protection
against the latest threats
• Market leadership - in both security and data protection
• Trusted technology - Symantec protects 99% of the Fortune 500
Symantec Protects More Businesses
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Threat Activity
• 240,000 sensors
• 200+ countries
Malcode Intelligence
• 130M client, server,
gateways
• Global coverage
Vulnerabilities
• 32,000+ vulnerabilities
• 11,000 vendors
• 72,000 technologies
Spam/Phishing
•2.5M decoy accounts
•8B+ email messages/daily
•1B+ web requests/daily
Each year Symantec conduct research into security threats posed by the Internet to give all market verticals an insight into the current threat landscape. This research is documented in the Internet Security Threat Report. This report is based on data from the Symantec Global intelligence network, which Symantec Analysts use to identify, analyse and provide commentary on emerging trends in the dynamic threat landscape.
Targeted Attacks There has been a 42% increase in targeted attacks in 2012 compared to the previous year. Targeted attacks are designed to steal intellectual property, bank account details and customer data. These targeted attacks are increasingly hitting the manufacturing sector as well as small businesses, which is the target of 31 % of these attacks.
Data Breaches According to the Internet Security Threat Report, Data loss within the UK is a huge problem for many organisations. According to the research, the vast amount of data breaches are caused by malicious outsiders and hackers trying to steel intellectual property, bank details and customer details. Data breaches can also be a result of lost laptops (unencrypted), misplaced memory sticks or deliberate theft or accidents carried out by well-meaning insiders and also malicious insiders. As you can see at 36%, the healthcare industry continues to be the sector responsible for the largest percentage of disclosed data breaches by industry. Data breach Example 1 – LinkedIn suffered a data breach, exposing 6.5 million user account details were stolen. As a result they were fined several million dollars. Data breach Example 2 – Global Payments - A payment processor company for a number of well-known credit card companies such as Visa and MasterCard was compromised, exposing details of 1.5 million accounts. The data breach cost the company approx. 94 million dollars in damages.
Mobile Threats The smartphone has become a powerful computer in its own right, and this makes these attractive devices to criminals. Businesses are increasingly allowing staff to “bring our own device” (BYOD) to work, either by allowing them use personal computers, tablets or smartphones for work. In the last year, we have seen a further increase in mobile threats. Android currently has a 72 market share with Apple iOS a distant second with 14% according to Gartner. As a result of its market share, Android is the main target for mobile threats. 32% of all mobile threats steal information Customers should consider installing security software on mobile devices. Also, users need to be educated about the risks of downloading rogue applications and how to use their privacy and permission settings. For company-provided devices, customers should consider locking them down and preventing the installation of unapproved applications altogether.
EmailGlobal SpamMalware, spam, and social engineering continue to be massive, chronic problems. Although they have been around for a long time, attacks continue to evolve and they still have the potentialto do serious damage to consumers and businesses.Global Spam rates declined for a second year in a row, dropping from 75% in 2011 to 69% of all email in 2012. This is not to say that the problem of spam has been solved.At 69% of all email, it still represents a significant amount of unwanted messages. As email spam rates continue to decline, we see the same social engineering techniques that have been used in email spam campaigns increasingly being adopted in spam campaigns and being promoted through social networking channels.Spam ContentAdult/Dating spam in 2012 increased by approximately 40% compared with 2011. This suggests an almost direct correlation between the decline in pharmaceutical spam and the increase in dating spam. Emails that contained a malicious URL dropped significantly in 2012. In some months it was more than half the rate as it was that month in 2011. In 2012, approximately 23% of email malware contained a URL rather than an attachment, compared with 39% in 2011.PhishingEmail phishing rates are also down this year, from one in 299 emails in 2011 to one in 414 in 2012. The decline in the use of email as a method to spread spam and carry out phishing attacks does not likely indicate a drop in activity by attackers. Rather, it appears that we are seeing a shift in activity from email to other forms of online communication, such as social networks. MalwareOne in 291 emails contained a virus in 2012, which is down from one in 239 in 2011. Of that email-borne malware, 23% of it contained URLs that pointed to malicious websites. This isalso down from 2011, where 39% of email-borne malware contained a link to a malicious website. Much like the drop in spam and phishing rates, a drop in emails that contain viruses does not necessarily mean that attackers have stopped targeting users. Rather, it more likely points to a shift in tactics, targeting other online activities, such as social networking.
GIN Data feeds into the Symantec Protection Center dashboard. Discuss the GIN, Symantec’s visibility into the threat environment, and share how that information works its way into the products. RelevancyWe track a sea of moving targets across the global threat landscape to keep your defenses razor sharp The threat landscape is littered with criminal activity, using stealth technologies to infiltrate customer networks and steal confidential information. It is increasingly more difficult to understand which external forces threaten your infrastructure, how to quickly identify which assets are at risk, the resulting impact on your business and how to prioritize incident response within your company. Due to its long-time security leadership role, Symantec is uniquely positioned to tackle the challenges of collecting malware, spyware and adware samples. At the heart of Symantec's capabilities is the world's leading scalable security infrastructure, the Symantec Global Intelligence Network, with over 120 million desktop, server, and gateway antivirus installations that allow malware, spyware and adware to be captured and transmitted back to Symantec Security Response centers for analysis. The global reach and size of this network gives Symantec unmatched coverage, allowing us to greatly improve the ability of organizations and end users across the world to protect themselves. Symantec has established some of the most comprehensive sources of Internet threat data in the world, gathered by The Symantec Global Intelligence Network - some of the most extensive sources of Internet activity data ever available to offer a complete compendium of information unprecedented in size, scope, and clarity. This data is critical to providing our analysts with the information needed to understand threat trends and the resulting impact – so that we can develop the security protection needed by our customers. The volume of data that we collect over a broad range of security threats is a differentiator – as it gives us a much better statistical base to truly understand what is happening around the world: Monitor security devices in over 70 countries by our Managed Security Services that allows us to understand key threats that are impacting corporate networks 40,000 registered sensors in over 200 countries – where we anonymize the data – but are able to determine region, country, size of company and industry. From this – we are able to see if it is a localized threat, global activity or targeted against a specific industry. 120 million virus submission systems provide the insight to determine if these are new threats, variants of existing threats, or renewed activity from existing threats. Again – this data provides us with the intelligence to determine if we have existing protection in place – or if a new signature or definition needs to be created. In addition, we have a network of additional sensors tracking data specific to Vulnerabilities: Maintain one of the world’s most comprehensive vulnerability databases, currently consisting of over 25, 000 recorded vulnerabilities (spanning more than two decades) affecting more than 50,000 technologies from over 8,000 vendors Symantec Honeynet: Virtual network of unprotected systems designed to attract malicious activity. This appears on Internet as 8,000+ IP addresses Symantec Probe Network: A system of over two million decoy accounts focused on Fraud/Phishing/Spam. Located in over 30 countries, attracts email from around the world to gauge global spam and phishing activity. If you don’t know what you have – how do you know what to watch for. AccuracyOur diverse team of experts analysts provides an invaluable understanding of threats from the inside out Millions of online attacks happen every day. Fraud, worms, spyware, we see it all. But, our customers are silently protected from most of them due to the sophisticated automated tools that filter the majority of the threats. Many of today’s threats have become so complex that understanding the anatomy of a threat is the key, to creating the right protection. That is where our global team of experts make the difference. Located in North America, Asia, Australia, and Europe – our centers are staffed by researchers who represent a cross section of the most highly-regarded security experts in the industry, offering customers 24x7 coverage for important security events no matter when they happen. The information we gather is analyzed by the largest Security Organization in the world, which not only creates classic antivirus signatures but IPS signatures that work at the network level and stop infections before they actually reach the operating system. Vulnerabilities are analyzed to create Generic Signatures that provide patch like protection long before actual patches are available. Vulnerabilities are categorized and organized so informed decisions can be made. In addition, Actionable Policies and Controls are derived from generic Regulations. When we identify an attack gathered from the data in the Global Intelligence Network, the first things we ask are:Have we seen it before? How is it being distributed? What’s the impact? And what needs to be done to block and remove the threat? ProtectionWith updates coming from a worldwide array of response centers at multiple intervals, you’re always a step ahead Before we deliver any signatures to our customers they go through a rigorous QA to ensure accuracy. Within minutes new spam senders are blocked, Within hours customers are protected from new threats. Within a day we deliver generic signatures shielding new vulnerabilities. We offer several delivery mechanisms so customers so customers can chose the best method for their environment:Filtered and relevant information is proactively sent to subscribing customers. Templates from PCI to ITIL provide in-built intelligence enabling to fast track your projects The diversity of threats and security risks handled by the Symantec Security Response organization places it at the forefront of security research. For example, Symantec's antispyware researchers benefit from the understanding and expertise of not only their group, but also that of Symantec anti-spam specialists who monitor and analyze unsolicited email messages being used to deliver spyware program installers. Similarly, Symantec's intrusion experts provide analysis of the ways in which Web browser vulnerability exploitation can be used in conjunction with spyware to surreptitiously install the applications in a "silent" or "drive-by" fashion. Symantec provides multiple options to provide definition files to meet multiple customer needs. Rapid Release - updated hourlyIntelligent Updaters - Published 3 times a dayLiveUpdates - Virus definitions updated 3 times a day and for every major outbreak
Symantec Security StrategySymantec prides itself on having security strategy at the heart of its solutions. Good strategy is key to doing good business and when it comes to information security, there is no exception.Symantec’s Security portfolio is extremely diverse and you would be hard pushed to try and find a security requirement that cannot be met by the solutions they have to offer.SPSFirstly, we have Infrastructure protection through the use of Symantec Protection Suite. This comprehensive suite of products has been developed with core business functionality in mind. Secure your customers endpoints with Symantec Endpoint Protection 12.1, the Gartner 2013 market leading endpoint protection product, developed to not only fully integrate with a physical or VMware estate but to reduce resource overhead in some cases of up to 80%.Secure email servers with Mail security for Microsoft Exchange or Lotus Domino. Extend this protection to the network borders by using Spam &/or Web filters with Symantec Messaging and Web Gateway products.MDMFor organisations that are considering a BYOD initiative (Bring Your Own Device) or that need greater security for their corporate mobile estate. Symantec Mobile Management Suite is a key solution to give organisations better visibility of their mobile endpoints. To further enhance this, Symantec App Center enables user productivity on mobile devices, regardless of the ownership, while protecting enterprise data. CCSSymantec Control Compliance Suite (CCS) is an ISMS (Information Security Management System) & assists organisations with the enormous task of IT GRC. (Governance, Risk & Compliance) Through the use of the CCS, customers can leverage multiple tools to discover, assess, report, evaluate and remediate IT GRC related problems. Whether it is to review internal policies and procedures, assess the current level of compliance with an array of industry standards and frameworks or to discover if the technical controls that are already in place are actually working. By implementing Symantec Control Compliance Suite, organisations can get an expansive view of their IT GRC posture.DLP & PGPData is the lifeblood that business thrive on, the more that is collected, the greater the risks that are posed. Symantec Data Loss Prevention (DLP) is an enterprise content-aware DLP solution that discovers, monitors, and protects confidential data wherever it’s stored or used — across a customers network, storage and endpoint systems. To further enhance this, customers can implement Symantec Encryption Solutions powered by PGP. Symantec’s encryption solutions enable organizations to deliver data protection with centralized policy management through the optional use of Encryption Management Server. The solutions provide standards-based technology, centralized policy management, compliance-based reporting, and universal management for the encryption products.O3Symantec O3 is a unique cloud security platform that provides single sign-on and enforces access control policies across web applications. Symantec O3 helps enterprises migrate to Software as a Service (SaaS) applications while ensuring that proper risk management and compliance measures are in place to protect enterprise data and follow regulations.Symantec O3 improves security without getting in the way of usability. With Symantec O3, end users only have to login once, across all of their web applications. It works equally well for both cloud-based and internal web application use cases.In short, O3 enables enterprise IT to embrace the cloud while retaining visibility and control – simplifying the use of cloud applications for both enterprise IT staff and for users.VIPSymantec Validation and ID Protection Service is a leading cloud-based strong authentication service that enables enterprises to secure access to networks and applications while preventing access by malicious, unauthorized attackers. A unified solution providing both two-factor and risk-based token-less authentication, VIP is based on open standards and can easily integrate into enterprise applications.CSPLeading organizations leverage Symantec Critical System Protection to secure their physical and virtual data centres. Delivering host-based intrusion detection (HIDS) and intrusion prevention (HIPS), Symantec provides a proven and comprehensive solution for server security. Achieve complete protection for VMware vSphere, stop zero-day and targeted attacks, and gain real-time visibility and control into compliance with Symantec Critical System Protection. Symantec .CloudHosted services allow businesses to consume more IT services without assuming significant responsibilities of installing, managing and maintaining new hardware, systems or software. Directly consuming cloud-based services requires up front evaluation and on-going oversight to ensure information remains safe and available.Businesses are looking to simplify their IT by relying on cloud service providers to deliver more and more of the IT stack. In this model, the provider must ensure your information remains protected.Symantec delivers 16 pre-integrated security and backup services through their .cloud business line, and also delivers “authentication as a service” and “security incident and event management as a service” SSIMSymantec Security Information Manager offers enterprise wide log collection, management and retention, enabling organization to centralize and analyse large amounts of diverse log data. Symantec’s industry-leading correlation engine brings together organizational data, security event information and threat intelligence, allowing organizations to prioritize security incident response activities based on business risk. This proactive approach allows your customers to more effectively defend their enterprise from threats and demonstrate compliance with industry regulations. AltirisOptimize all endpoint and systems management operations to realize immediate savings and organizational efficiencies. Standardize on Symantec’s unified endpoint management and security portfolio across your entire computing infrastructure and client devices, including smartphones, tablets, laptops, and desktops. Deploy, enable, and manage it all in one place.Altiris IT Management Suite (ITMS) from Symantec is a suite of integrated products that help IT organizations provide faster and more predictable service to their business. The suite enables this by ensuring that organizations’ management infrastructures can easily support new technology changes, can quickly adapt to changing processes and business needs, and can provide the necessary insight to make more intelligent decisions because they are data-driven.WorkflowSymantec Workflow is a security process development framework that you can utilize to create both automated business processes and security processes. These processes provide for increased repeatability, control, and accountability while reducing overall workload. The Symantec Workflow framework also lets you create Workflow processes that integrate Symantec tools into your organization's unique business processes.
Symantec helps consumers and organizations secure and manage their information-driven world. Symantec’s teams around the world are developing technologies and building solutions to help your customers secure and manage their information. The company has a robust portfolio and a long history of technology leadership.Symantec is a global leader in providing security, storage and systems management solutions to help your customers – from consumers and small businesses to the largest global organizations – secure and manage their information against more risks at more points, more completely and efficiently than any other company. Symantec's unique focus is to eliminate risks to information, technology and processes, independent of the device, platform, interaction or location.With Symantec, your customers can protect more of their information and technology infrastructure, in greater depth, wherever information is stored or used. From securing a consumer’s online identity and interactions to protecting an organization’s mission-critical data, Symantec offers the leading and best-of-breed security, backup and recovery, data availability and data loss prevention products.