cyber security in the market place: hp cto day
TRANSCRIPT
Cyber Security in the Market Place: HP CTO Day
David Thompson & James HanlonHP Alliance Manager & Security Strategist
3
SYMANTEC SECURITY INFORMATION MANAGEMENT
$4.2 billion Revenue1 $2.5 billion
$38 billion by 2018 Market Opportunity $16 billion by 2018
• 1 billion+ systems• 135M+ Norton users• 100M+ SEP clients• Norton, Enterprise Security, Cybersecurity
Services, Trust Services, Mobility, IoT
Key Stats & Portfolio
• Global leader in backup• NetBackup appliance: 36% share• 75% of the Fortune 500• Backup, Archiving, eDiscovery, Storage,
Availability
$6.7Billion Revenues1
1 FY2014 GAAP metrics
IM38%Security
62%
Company Position | SYMANTEC & VERITAS
4
Symantec Enterprise Security Differentiation | OUR UNIQUE VISIBILITY
57M attack sensors in 157 countries
175M endpoints
182M web attacks blocked last year
3.7Trows of telemetry
100 Billion more/month
9threat response centers
500+rapid security response team
30% of world’s enterprise email traffic scanned/day
1.8 Billion web requests
Copyright © 2015 Symantec Corporation
5
CyberIntelligent
CyberVigilant
Advisors Collaboration Research & ToolsEducation
Threat Intelligence is the foundation for our Solution Portfolio
Symantec Today| OUR CONTRIBUTION
7
What we see, what we know?
Attackers Moving Faster Digital extortion on the rise
Malware gets smarter
Zero-Day Threats Many Sectors Under Attack
5 of 6 large companies
attacked
317M new malware created
1M new threats
daily
60% of attacks
targeted SMEs
113% increase in
ransomware
45X more devices
held hostage
28% of malware was Virtual
Machine Aware
24 all-time
high
Top 5 unpatched for
295 days
24 Healthcare
+ 37%
Retail+11%
Education +10%
Government+8%
Financial+6%
Source: Symantec Internet Security Threat Report 2015
9
Key Trends Reshaping the Enterprise Security Markets
RESURGENCE OF ENDPOINT Rapid shift to mobile and IoT
DISAPPEARING PERIMETER Decreasingly relevant with “fuzzy” perimeter
RAPID CLOUD ADOPTION Enterprise data and applications moving to cloud
CYBERSECURITY SERVICES Security as a Service; threat life cycle management
EVOLVING REGULATION Governments and regulators playing ever larger role
Copyright © 2015 Symantec Corporation
BOARD LEVEL CONCERNS
Loss of competitive advantage
Brand damage & IP loss
Breach costs
Impact of data protection & privacy regulation
CYBE
R SE
CURI
TY A
WAR
NES
S BOARD LEVEL ISSUES
Do not understand implications of losing critical data & assets
Lack of clarity on ownership of Cyber
Security
Do not receive intelligence on cyber security threats
Do not review risk management plans &
policies
SECURITY INVESTMENT
Monitoring
Advanced Threat Protection
Intelligence & Incident Response
Data Protection
The Board| Cyber Security Concerns, Issues & Investment Priorities
12
Symantec Enterprise Security | SYMANTEC SOLUTION STRATEGY
Threat Protection
ENDPOINTS DATA CENTER GATEWAYS
• Advanced Threat Protection Across All Control Points• Built-In Forensics and Remediation Within Each Control Point• Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud• Cloud-based Management for Endpoints, Datacenter, and Gateways
Unified Security Analytics Platform
Log andTelemetryCollection
Unified IncidentManagement and Customer Hub
Inline Integrationsfor Closed-loopActionable Intelligence
Regional and Industry Benchmarking
Integrated Threatand BehavioralAnalysis
Information Protection
DATA IDENTITIES
• Integrated Data and Identity Protection• Cloud Security Broker for Cloud and Mobile Apps• User and Behavioral Analytics• Cloud-based Encryption and Key Management
Users
Data
Apps
Cloud
Endpoints
Gateways
Data Center
Cyber Security ServicesMonitoring, Incident Response, Simulation, Adversary Threat Intelligence
Copyright © 2015 Symantec Corporation
Copyright © 2015 Symantec Corporation13
Cyber Security Services
Unified Security Analytics Platform
Information ProtectionDATA IDENTITIES
Threat ProtectionDATA CENTER GATEWAYSENDPOINTS
INFORMATION PROTECTION
14
Information Protection Requirements | CLOUD AND MOBILE FOCUS
With the advent of mobile and BYOD devices, more users are accessing and consuming information when outside the firewalls
USE
RS A
RE M
OVI
NG
DATA AND APPS ARE MOVING
With more data in cloud and more mobile users, information protection across cloud and mobile, combined with behavioral analytics, is a critical imperative
Historically data was created and consumed on premise; most users would create and consume this data from inside firewalls
With more applications and workloads migrating to public clouds, more and more data is created and consumed on cloud
Copyright © 2015 Symantec Corporation
15
Symantec Information Protection | STRATEGY
• Extend Data and Identity protection regardless of where data resides: On Premise, On Mobile, In the Cloud
• Common SSO and Access Management regardless of where applications reside: On Premise, On Mobile, In the Cloud
• Integrated user and behavioral analytics to detect and prevent insider and outsider (APT) threats
Data Access
Identities
CloudSecurityBroker
Copyright © 2015 Symantec Corporation
Pillar 2: DLP
16
Visibility and Control
DLP ConsoleOn Premises
DLP: Cloud Email
• Monitor & Protect data from Cloud Email
• Single Policy Enforcement
• Internal & remote users
• For existing DLP customers– Manage from DLP Console on Premises
• For new customers– Manage from Cloud Console
Information Protection Cloud Email Monitor
CloudConsole
Real time protection
17
Visibility and Control
DLP ConsoleOn Premises
DLP: Cloud Storage and SaaS Applications
Real time protection
Scan
• Scan Cloud storage from the Cloud using native APIs
• Real-time protection for uploads and downloads from Cloud Storage and Cloud Applications
• For existing DLP customers– Manage from DLP Console on Premises
• For new customers– Manage from Cloud Console
Information Protection
Cloud Scanners
CloudConsole
18
Foundation: Symantec Identity: Access ManagerControl, Convenience, and Compliance
WHO ARE YOU?
Identity-based Access Control
Single Sign-on &Strong Authentication User
Directory
WHERE ARE YOU?
Tech SupportTom
Sales Rep Stephanie
Stephanie’s public and private cloud applications
Tom’s public and private cloud applications
Copyright © 2015 Symantec Corporation19
The Foundation: Password-less 2FA to all Your Cloud AppsEasy and Secure
FINGERPRINTUSERNAME
Copyright © 2015 Symantec Corporation20
Cyber Security Services
Unified Security Analytics Platform
Information ProtectionDATA IDENTITIES
Threat ProtectionDATA CENTER GATEWAYSENDPOINTS
THREAT PROTECTION
21
Threat Protection Requirements | FULL THREAT LIFE-CYCLE
Source: Gartner
PREDICT Proactive risk analysis
Predict attacks
Baseline systems Prevent issues
Divert attackers
Harden and isolate systems
Contain issues
Confirm and prioritize risk
Detect issuesRemediate/ Make change
Design/Model change
RESPOND
PREVENT
DETECTInvestigate/ Forensics
Advanced Threat
Protection
22
Symantec Threat Protection | STRATEGY
• Advanced Threat Protection AcrossControl Points
• Built-in Forensics and Remediation Within Each Control Point
• Integrated Protection of Server Workloads across On-Premise, Virtual, and Cloud
• Cloud-based Management for Endpoints, Datacenter, and Gateways
AdvancedThreat
Protection
Network/Gateways
DataCenter
Endpoints
Copyright © 2015 Symantec Corporation
Copyright © 2015 Symantec Corporation23
Cyber Security Services
Unified Security Analytics Platform
Information ProtectionDATA IDENTITIES
Threat ProtectionDATA CENTER GATEWAYSENDPOINTS
UNIFIED SECURITY ANALYTICS
24
Security Platforms Market | FOCUS SHIFTING TO ANALYTICS
ATTACKS ARE INCREASINGLY SOPHISTICATED
• Micro-targeted• New techniques and zero
day attacks• Stealthy to remain
undetected
EXISTING TECHNOLOGY CAN’T KEEP UP
• Reactive methods• Insufficient data to find
subtle trends and patterns• Isolated approaches
without broader context
ANALYST FATIGUE IS RAMPANT
• Too many alerts andfalse positives
• Slow and manual detection, forensics,and remediation
RISE OF SECURITYBIG DATA ANALYTICS
Big data, analytics, and machine learning techniques needed to
address these challenges
Copyright © 2015 Symantec Corporation
25
Symantec Unified Security in a Nutshell
WHAT IT DOES:
WHAT IT IS:
Brings in dataand events from all sources
Provides a platform to manage, store, and
analyze the aggregated data
Enables a new breed of applications that leverages the
aggregated intelligenceCreates a virtuous cycle
3 part ecosystem
A comprehensive Big Data Analytics platform for collecting vast security telemetry, analyzing it for local and global threats and converting the insights into secure outcomes
Unified Security Analytics Platform
Standard set of interfaces and APIs, supplied by Symantec and 3rd party security products, for contributing rich telemetry to the platform
Telemetry & APIs
Data and analytic applications built on the platform by Symantec and 3rd party ecosystem for a variety of security use cases
Unified Security Applications1 2 3
Copyright © 2015 Symantec Corporation
26
Sample Unified Security Analytics Applications
Risk Insight• Risk Advisor and
Benchmarking App• Measures and
benchmarks security health, including risks arising from compromised end-users
Targeted Attack Detection• Crawls through global
telemetry to find targeted attack IOCs and detect brand-new targeted attacks
• Ex: find all emails sent from a given address, all files attached to those emails, all events associated with those files, etc.
Incident Investigation• Drill into incidents to
get all associated events across security control points, building out the full attack chain
• Ex: Discover when and how a threat first entered the environment
Moneyball• Correlate security
outcomes across customers with differing security controls, policies, and settings
• Quantify ROI for potential new security investments
Copyright © 2015 Symantec Corporation