cyber security in the market place: hp cto day

Cyber Security in the Market Place: HP CTO Day

David Thompson & James HanlonHP Alliance Manager & Security Strategist

2

Agenda

• Symantec• The Threat• The Market• The Solutions• The Partnership.

3

SYMANTEC SECURITY INFORMATION MANAGEMENT

$4.2 billion Revenue1 $2.5 billion

$38 billion by 2018 Market Opportunity $16 billion by 2018

• 1 billion+ systems• 135M+ Norton users• 100M+ SEP clients• Norton, Enterprise Security, Cybersecurity

Services, Trust Services, Mobility, IoT

Key Stats & Portfolio

• Global leader in backup• NetBackup appliance: 36% share• 75% of the Fortune 500• Backup, Archiving, eDiscovery, Storage,

Availability

$6.7Billion Revenues1

1 FY2014 GAAP metrics

IM38%Security

62%

Company Position | SYMANTEC & VERITAS

4

Symantec Enterprise Security Differentiation | OUR UNIQUE VISIBILITY

57M attack sensors in 157 countries

175M endpoints

182M web attacks blocked last year

3.7Trows of telemetry

100 Billion more/month

9threat response centers

500+rapid security response team

30% of world’s enterprise email traffic scanned/day

1.8 Billion web requests

Copyright © 2015 Symantec Corporation

5

CyberIntelligent

CyberVigilant

Advisors Collaboration Research & ToolsEducation

Threat Intelligence is the foundation for our Solution Portfolio

Symantec Today| OUR CONTRIBUTION

6

The Threat

7

What we see, what we know?

Attackers Moving Faster Digital extortion on the rise

Malware gets smarter

Zero-Day Threats Many Sectors Under Attack

5 of 6 large companies

attacked

317M new malware created

1M new threats

daily

60% of attacks

targeted SMEs

113% increase in

ransomware

45X more devices

held hostage

28% of malware was Virtual

Machine Aware

24 all-time

high

Top 5 unpatched for

295 days

24 Healthcare

+ 37%

Retail+11%

Education +10%

Government+8%

Financial+6%

Source: Symantec Internet Security Threat Report 2015

8

The Market

9

Key Trends Reshaping the Enterprise Security Markets

RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT

DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter

RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud

CYBERSECURITY SERVICES Security as a Service; threat life cycle management

EVOLVING REGULATION Governments and regulators playing ever larger role


BOARD LEVEL CONCERNS

Loss of competitive advantage

Brand damage & IP loss

Breach costs

Impact of data protection & privacy regulation

CYBE

R SE

CURI

TY A

WAR

NES

S BOARD LEVEL ISSUES

Do not understand implications of losing critical data & assets

Lack of clarity on ownership of Cyber

Security

Do not receive intelligence on cyber security threats

Do not review risk management plans &

policies

SECURITY INVESTMENT

Monitoring

Advanced Threat Protection

Intelligence & Incident Response

Data Protection

The Board| Cyber Security Concerns, Issues & Investment Priorities

11

The Symantec Solutions

12

Symantec Enterprise Security | SYMANTEC SOLUTION STRATEGY

Threat Protection

ENDPOINTS DATA CENTER GATEWAYS

• Advanced Threat Protection Across All Control Points• Built-In Forensics and Remediation Within Each Control Point• Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud• Cloud-based Management for Endpoints, Datacenter, and Gateways

Unified Security Analytics Platform

Log andTelemetryCollection

Unified IncidentManagement and Customer Hub

Inline Integrationsfor Closed-loopActionable Intelligence

Regional and Industry Benchmarking

Integrated Threatand BehavioralAnalysis

Information Protection

DATA IDENTITIES

• Integrated Data and Identity Protection• Cloud Security Broker for Cloud and Mobile Apps• User and Behavioral Analytics• Cloud-based Encryption and Key Management

Users

Data

Apps

Cloud

Endpoints

Gateways

Data Center

Cyber Security ServicesMonitoring, Incident Response, Simulation, Adversary Threat Intelligence


Copyright © 2015 Symantec Corporation13

Cyber Security Services


Information ProtectionDATA IDENTITIES

Threat ProtectionDATA CENTER GATEWAYSENDPOINTS

INFORMATION PROTECTION

14

Information Protection Requirements | CLOUD AND MOBILE FOCUS

With the advent of mobile and BYOD devices, more users are accessing and consuming information when outside the firewalls

USE

RS A

RE M

OVI

NG

DATA AND APPS ARE MOVING

With more data in cloud and more mobile users, information protection across cloud and mobile, combined with behavioral analytics, is a critical imperative

Historically data was created and consumed on premise; most users would create and consume this data from inside firewalls

With more applications and workloads migrating to public clouds, more and more data is created and consumed on cloud


15

Symantec Information Protection | STRATEGY

• Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud

• Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud

• Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats

Data Access

Identities

CloudSecurityBroker


Pillar 2: DLP

16

Visibility and Control

DLP ConsoleOn Premises

DLP: Cloud Email

• Monitor & Protect data from Cloud Email

• Single Policy Enforcement

• Internal & remote users

• For existing DLP customers– Manage from DLP Console on Premises

• For new customers– Manage from Cloud Console

Information Protection Cloud Email Monitor

CloudConsole

Real time protection

17

Visibility and Control

DLP ConsoleOn Premises

DLP: Cloud Storage and SaaS Applications

Real time protection

Scan

• Scan Cloud storage from the Cloud using native APIs

• Real-time protection for uploads and downloads from Cloud Storage and Cloud Applications

• For existing DLP customers– Manage from DLP Console on Premises

• For new customers– Manage from Cloud Console

Information Protection

Cloud Scanners

CloudConsole

18

Foundation: Symantec Identity: Access ManagerControl, Convenience, and Compliance

WHO ARE YOU?

Identity-based Access Control

Single Sign-on &Strong Authentication User

Directory

WHERE ARE YOU?

Tech SupportTom

Sales Rep Stephanie

Stephanie’s public and private cloud applications

Tom’s public and private cloud applications


The Foundation: Password-less 2FA to all Your Cloud AppsEasy and Secure

FINGERPRINTUSERNAME






THREAT PROTECTION

21

Threat Protection Requirements | FULL THREAT LIFE-CYCLE

Source: Gartner

PREDICT Proactive risk analysis

Predict attacks

Baseline systems Prevent issues

Divert attackers

Harden and isolate systems

Contain issues

Confirm and prioritize risk

Detect issuesRemediate/ Make change

Design/Model change

RESPOND

PREVENT

DETECTInvestigate/ Forensics

Advanced Threat

Protection

22

Symantec Threat Protection | STRATEGY

• Advanced Threat Protection AcrossControl Points

• Built-in Forensics and Remediation Within Each Control Point

• Integrated Protection of Server Workloads across On-Premise, Virtual, and Cloud

• Cloud-based Management for Endpoints, Datacenter, and Gateways

AdvancedThreat

Protection

Network/Gateways

DataCenter

Endpoints







UNIFIED SECURITY ANALYTICS

24

Security Platforms Market | FOCUS SHIFTING TO ANALYTICS

ATTACKS ARE INCREASINGLY SOPHISTICATED

• Micro-targeted• New techniques and zero

day attacks• Stealthy to remain

undetected

EXISTING TECHNOLOGY CAN’T KEEP UP

• Reactive methods• Insufficient data to find

subtle trends and patterns• Isolated approaches

without broader context

ANALYST FATIGUE IS RAMPANT

• Too many alerts andfalse positives

• Slow and manual detection, forensics,and remediation

RISE OF SECURITYBIG DATA ANALYTICS

Big data, analytics, and machine learning techniques needed to

address these challenges


25

Symantec Unified Security in a Nutshell

WHAT IT DOES:

WHAT IT IS:

Brings in dataand events from all sources

Provides a platform to manage, store, and

analyze the aggregated data

Enables a new breed of applications that leverages the

aggregated intelligenceCreates a virtuous cycle

3 part ecosystem

A comprehensive Big Data Analytics platform for collecting vast security telemetry, analyzing it for local and global threats and converting the insights into secure outcomes


Standard set of interfaces and APIs, supplied by Symantec and 3rd party security products, for contributing rich telemetry to the platform

Telemetry & APIs

Data and analytic applications built on the platform by Symantec and 3rd party ecosystem for a variety of security use cases

Unified Security Applications1 2 3


26

Sample Unified Security Analytics Applications

Risk Insight• Risk Advisor and

Benchmarking App• Measures and

benchmarks security health, including risks arising from compromised end-users

Targeted Attack Detection• Crawls through global

telemetry to find targeted attack IOCs and detect brand-new targeted attacks

• Ex: find all emails sent from a given address, all files attached to those emails, all events associated with those files, etc.

Incident Investigation• Drill into incidents to

get all associated events across security control points, building out the full attack chain

• Ex: Discover when and how a threat first entered the environment

Moneyball• Correlate security

outcomes across customers with differing security controls, policies, and settings

• Quantify ROI for potential new security investments


27

The Partnership

HP Service Offerings Built on Symantec Technology

28

29

?? QUESTIONS ??

cyber security in the market place: hp cto day

Software

cyber security

current cybersecurity

uk council

business uk

enterprise businesses

symantec corporation4

trust services

cybersecurity services