Salah Nassar
Director,Product
Marketing, Symantec
Tim Murphy
Sr. Manager,Product
Marketing, Symantec
Implementing a Zero Trust framework to
Secure Modern Workflows
Cloud & Web Access Security

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 2
ZERO
TRUST

Agenda
Introduction to Zero Trust
Secure Migration to the Cloud
Secure Cloud Access Solution
Questions
Zero Trust Spotlight: IaaS Access

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 4
ZERO TRUST
FORRESTER INTRODUCES
OVER A DECADE AGO
• Challenged existing
perimeter-based security
strategies
• Promoteda concept of
“DefaultDeny”; Least
Privileged Access
• Network-centric
Zero Trust Security
Introduction
ZERO TRUST TODAY
ZERO TRUST HAS GROWN IN
ITS SCOPE AND DEFINITION
• Evolved beyond network
• Addresses new threats and
compliance requirements
• Becominga practical
framework capable of guiding
security practitionersacrossall
IT areas
BLUEPRINT

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 5
ZTX model’s goal is to:
• Strengthen data security
• Limit the risks associated with excessiveuser
privileges and access
• Improve security detection and response with
analytics and automation
Forrester Zero Trust eXtended (ZTX) Ecosystem Model
Introduction

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 6
Forrester ZTX Model
Applying
Zero
Trust
Data
Network
Workloads
Devices
People/
Workforce
Analytics &
Automation
Requires an organization to rethink
existing security approach
Where are our customers starting?
Securing Access

Securing Cloud Migration &
Digital Transformation

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 8
Private CloudDC
SaaS Apps & Email
Web & Internet
IaaS& PaaS
Digital Transformation Creating New Cloud
and Web Security Challenges
Regional
Office
Roaming
Users
Headquarters
COMPLEX
THREATS
BYOD
Need to mitigate security-relatedbusiness
risk from transformationprograms
Backhaulsecurity architecture
cannot scale
Digital transformationprograms
exacerbate issue
Enterprises need secure “direct-to-net”
access,across all destinations
https://

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 9
Eliminate backhaul expense
and complexity
No need to manage on-premises
appliances
Covering security needs across all
web and cloud app destinations
Private CloudDC
https://
Web & Internet
IaaS& PaaS
Digital Transformation Creating New Cloud
and Web Security Challenges
Regional
Office
Roaming
Users
Headquarters
COMPLEX
THREATS
BYOD
Cloud Delivered
Security
SaaS Apps& Email

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 10
Users need direct-to-net security and
advanced protection from web threats,
regardless of location
ADVANCED WEB THREATS
Secure access to SaaS apps difficult
to manage – especially with BYOD
SaaS APP SECURITY
Complex to manage anywhere-
anytime access to Corporate apps
CORP. APP SECURITY
Anywhere-Anytime Secure Web & Cloud Access
Remains the leadingthreat vector,
creatingincidents consuming
constrained resources
EMAIL SECURITY
CloudSOC
CASBWeb Security
Service
Secure
Access Cloud
Email
Security.cloud
Cloud Email
PrivateCloud DC
IaaS & PaaS
https://
SaaS Apps& EmailWeb & Internet

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 11
Private CloudDC
https://
Web & Internet
IaaS&PaaS
SaaS Apps& Email
Symantec Cloud & Web Access Security
Symantec uniquely
positioned to solve
broad set of access
security
requirements
CloudSOC Cloud
App Security
Secure Access
Cloud
Web Security
Service
Email
Security.cloud
Symantec
Cloud & Web
Access
Security
Regional
Office
Roaming
Users
Headquarters

12
Symantec Cloud & Web
Access Security Solution

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 13
Cloud Email
Business Challenges
• Defend against phishing
attacks and ransomware
• Prevent Business Email
Compromise andFraud
• Eliminate SPAM
Symantec Cloud & Web Access Security
Business Requirements
• Enforce acceptable web use
• Defend against malware
• Protect information
• Eliminate backhauland
maintain performance
https://
Web & Internet
Business Requirements
• Control“ShadowIT”
• Enforce security/information
protection on sanctionedapps
• Defend against credentialtheft
and malicious insiders
SaaS Apps
Business Challenges
• Provide “lean” secure access
to corporate apps and
resources
• Prevent dataleakage and
defend against threats
• Reduce VPNcomplexity/cost
IaaS& PaaS
Web Security Service CloudSOCCASB Secure Access Cloud EmailSecurity.cloud
Access Control,Information Security, andThreat Prevention

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 14
Fully integratednetwork security stack in the cloud
Web Security Service
Web Security Service
Regional
Office
Roaming
Users
Headquarters
Accelerated
Cloud BackboneTelco POP
Backbone
Automate Policy &
Content Acceleration
Elastic Cloud
SVC Structure
Content Peering &
Connection Scaling
3rd Party
Monitoring
Advanced Security Services
Cloud Firewall Service*
Authentication
SecureSSL
Decrypt
FileExtraction
& Inspection
URL Policy
(CASB Risk, Web
Threats, Content Cat)
Proxy
Inspect Before Delivery
SEP/Agent
IPSec
SD-WAN
Connect
Connection
Services
Advanced Malware
Analysis Service (Sandbox)
Web Isolation
DLP Inspect & Enforce
Cloud Access Security
Broker (CASB)
* 2nd halfCY2020

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 15
IntegrationwithSecure Access Cloud (contextualawarenessbetweenservices)
Web Security Service
15
Web Security
Service

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 16
AUDIT – APPFEED
GIN
• Risk attribute data onover 30,000 cloudapplications
• Enforce applicationaccess policy controls by application,user,group, etc.
• In-line DLPenforcement onall cloudandwebapplicationtraffic
• Extendcontrols withmarket-leadingCASB solution: CloudSOC
CASB Audit
App
Rating
Database
Analytics
Proxy
Control Shadow IT
CASB Controls with Web Security Service
Access
Control

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 17
Symantec CASB CloudSOC for SaaS
CloudSOC
Data
Security
Understand& monitor
risk exposure across
public cloud apps &
infrastructure
• ShadowIT
• Compliance SensitiveData
• GDPR Exposure
• Cost Savings
Govern access to
critical data,extend
protectionsagainst
breach
• Discover sensitivedata
• Implement strongaccess controls
• Integrate MFA, encryption,& multi-channelDLP
• Leap forward toward GDPR
Protectagainst
threats,detect,
investigate,and
remediate incidents
• Protect against malware
• Detect malicious behavior
• Investigate activity – deep forensics across apps
• Respond with revocation,quarantine, & policy
Threat
Protection
Visibility
Comprehensive security for public SaaS applications

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 18
Addresses unmanaged devices, but:
•RequiresextensiveURLrewriting
•Limitednumberof apps supported
Traditional Control Points for CASB—Gateway & API
CloudSOC CASB
18
Real-Time Policy Enforcement
Adaptive/Conditional Access
Forward or Reverse Proxy
SanctionedApps
BYOD & Cloud-to-Cloud
Easy to Deploy
Gateway
API
Key Unresolved Issue in the Market

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 19
Mirror Gateway Executes & Renders App Sessions Remotely
CloudSOC CASB: Introducing Mirror Gateway
19
IDP
Unmanaged
Devices
Managed
Devices
Symantec
CloudSOC
Gateway
Isolation Portal
SAML Assertation
SAMLProxy
SSO
• User goes toCloudApp andis redirected toSAML Proxy/ IDP
• SAML Proxy redirects toisolation portal (think asuser browser
running in the cloud)
• Mirror GWportal tunnels trafficthorough CASB Gatewaythat
applies allGatelet controls
• Mirror GWportal does NOTrewrite URLs,sosolution is robust
Cloud
Applications
ANY DEVICE
Unmanaged,
BYOD
SECURE
No app data
processed or
storedlocally
ANY APP
All browser
based apps
(no limit)
ROBUST
No URL rewrites,
impervious to SaaS
app changes
GRANULAR POLICY
CASB gateway provides
full threat protection,
DLP & app controls
CloudSOC Cloud
App Security

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 20
ContinuousCloud Protection with Okta and Symantec VIP
CloudSOC CASB & MFA
20
SENSITIVE CONTENT
TRANSACTION DETAILS
USER THREAT DATA
0 Step up
authentication to
sensitive content
Get visibility of all
access and actions
Deny access to
risky users
Cloud
Applications
CloudSOC Cloud
App Security

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 21
To any corporate
application
Zero trust application access for corporate apps in the cloud
Secure Access Cloud for IaaS
In the cloud / On-premises
Without provisioning VPN, DMZ
Without managing endpoint agent
Zero Trust Access—trust is continuously verified; access is limited
Security Category—Software Defined Perimeter (SDP)
Securely connect
any user
from any device

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 22
Secure Access Cloud and CloudSOC Integration
Information Protection & Threat Prevention
CloudSOC
Datacenter
Secure
Access Cloud
DLP
Isolation
MFA
Threat Prevention
UEBA
ANY DEVICE
SECURE ACCESS
ANY RESOURCE
CENTRALIZEDDLP
UNIFIEDTHREAT
PREVENTION
Unmanaged,BYOD
Mobile
Conditional,adaptive,granular access
controls with MFA
Manage threat protection,UEBA,and
investigate incidents in one console
Enforce universal policies from a single,
centrallymanaged DLP
SaaS, PaaS, IaaS
Public,Private and Hybrid Cloud Datacenters

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 23
IaaS& PaaS
Secure Access Cloud—Integrated MFA
• SDP eliminates complexity
of VPN-based access
• Agentless approach simplifies
third party& BYOD access
• Up & runningin minutes
In the cloud / On-premises
Without provisioningVPN,DMZ
Without managingendpoint agents
Securelyconnect
any user from
any device
Agentless
Deploy
in
MinutesTo any
corporate
application
AWS
AZURE
ORACLE
PRIVATE
Secure
Access Cloud
23
Secure Access Cloud now comes with MFA capability
• Stepped-Up Auth -verify usingVIP Push or One Time Password
• For mobile, a simple app is downloadedand the device becomes the credential
Authenticate User
Validate Device Health
MFA ForStepped-UpAuth

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 24
Email Security.cloud for Cloud-based Email
Comprehensive security for cloud Email
Data Security
Visibility and Control
Threat Prevention
& Fraud Protection
Social
Engineering
Users are falling for
credentialtheft,
phishing and
BEC scams
Advanced
Threats
Ransomwareand
targeted attacks are
difficult to detect
and remediate
Data
Protection
Sensitive information
is shared overemail
without control
and visibility
COMPREHENSIVE
Impersonation
Controls
Security
Awareness
Data Protection
Policy-Based
Encryption
Anti-Spam
Anti-Malware
Advanced Threat
Protection
Threat
Isolation
Email
Analytics
Fraud
Protection
Email
Security.cloud

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 25
Allow Link
Trusted Websites
Most significant threat preventionissues in enterprise Email
Phishing/Credential Theft & Malware
Spear Phishing
Attack
Evaluate Links
at Delivery Time
Block Attack
Users
Evaluate Links
at Click Time
1 2 3
Educated Users
Don’t Click On Links
Phishing
Readiness
EmailThreat
Isolation
4
Unknown Websites
Isolate Link & Attachments
Threats reducedwith each step
Block Attack
✓

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 26
Isolation defeats even the most advanced Email attacks
Stop Phishing and Ransomware with Isolation
User gestures
100% safe
renderinginformation
RenderExecuteDownload
Secure Disposable Container
10010100101
01101001100
10101
101010011010
011
110
Email Threat
Isolation
Defends users from spear phishing attacks
by isolating suspicious links
Preventsransomwareattacksfrom infecting users
by isolating malicious attachments
Email Attachments
Email Links

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 27
Symantec Cloud & Web Access Security
• Core proxy gateway
• Firewall controls
• Threat preventionwith
Web Isolation
• Info security (DLP)& CASB
extension
• SD-WAN andSEP onramps
https://
Web &Internet
Web Security Service
• Advancedvisibility, granular
access/use controls
• Data protectionincorporate
SaaS apps
• Threat prevention&UEBA
• BYOD access to corporate
accounts via mirrorgateway
SaaS Apps
CloudSOCCASB
• Software DefinedPerimeter
(SDP) eliminates complexity
of VPN-basedaccess
• Agentless approachsimplifies
third party & BYOD access
• Up& running in minutes
IaaS& PaaS
Secure Access Cloud
Cloud Email
EmailSecurity.cloud
• Strongspear phishing
defense including link and
attachment isolation
• Multiple threat prevention
tools to prevent
ransomware
• Business email compromise
and fraudprevention
• Informationsecurity (DLP)
Access Control,Information Security, andThreat Prevention

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 28
Examples of Policy Orchestration & Execution
Service Integration Within the Solution
Web
Security Service
Email
Security.cloud
CloudSOC
CASB
• Remote Browser Isolation (WSS)
• Email URL & attachmentisolation
• Mirror Gateway@ CASB
Isolation
Web
Security
Service
CloudSOC
CASB
Secure Access
Cloud (SAC)
• Cloud App-Feed forShadowIT
identification& control
• WSS trafficforwardingto CloudSOC
gatewayfor CASB policy enforcement
• Context aware policyenforcement
(Secure Access Cloud)
Web
Security Service
Email
Security.cloud
CloudSOC
CASB
DLP
• Consistent DLP policyenforcement
across web, SaaS, IaaS,and email
SAC

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 29
Private CloudDC
SaaS Apps & Email
Web & Internet
IaaS&PaaS
https://
Regional
Office
Roaming
Users
Headquarters
Securing your digital transformation initiatives
Symantec Cloud & Web Access Security
Mitigate business risk by partnering with Symantec
Simple& Complete
Comprehensivesecure cloud access services
ImprovedSecurity
Advanced threat prevention techniques
for Web, Email,SaaS, IaaS
Cost Effective
Subscription model;no additional
infrastructure
Symantec
Cloud &
Web Access
Security

QUESTIONS ?
Salah Nassar
Director,ProductMarketing
Symantec
Tim Murphy
Sr. Manager,ProductMarketing
Symantec

Thank you!
Visit our site and request a demo today:
go.symantec.com/SecureAccess