symantec_2-4-5 nov 2010
DESCRIPTION
TRANSCRIPT
![Page 1: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/1.jpg)
1
Enterprise IT Security
BriefingIT Security Briefing
Bogdan Stefanescu
Presales Consultant - Symantec Romania
![Page 2: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/2.jpg)
2
A CRIME IS BEING COMMITTED...
![Page 3: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/3.jpg)
3
EVERY 15 MINUTES IN
PARIS.
![Page 4: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/4.jpg)
4
EVERY 3½ MINUTES IN
NEW YORK CITY.
![Page 5: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/5.jpg)
5
EVERY 2½ MINUTES IN
TOKYO.
![Page 6: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/6.jpg)
6
EVERY 2 MINUTES IN
BERLIN.
![Page 7: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/7.jpg)
7
EVERY ¼ OF A SECOND
IN CYBERSPACE.
![Page 8: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/8.jpg)
8
Changes in the Threat Landscape
Redefining Endpoint Security
From Hackers… To Thieves
Few named variants Overwhelming variants
Noisy and highly visible Silent
Fame motivated Financially motivated
Indiscriminate Highly targeted
![Page 9: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/9.jpg)
9
• •
• •
On July 13 2010 a unique form of malware was discovered that was
attempting to take control of industrial infrastructure around the world
TH
RE
AT
![Page 10: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/10.jpg)
10
• •
• •
![Page 11: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/11.jpg)
11
Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact
Copyright © 2009 Symantec Corporation. All rights
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors• 200+ countries
Malware Intelligence• 130M client, server, gateways monitored• Global coverage
Vulnerabilities• 32,000+ vulnerabilities
• 11,000 vendors• 72,000 technologies
Spam/Phishing• 2.5M decoy accounts
• 8B+ email messages/day• 1B+ web requests/day
Austin, TXMountain View, CACulver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
Alexandria, VA
Reading, England
Sydney, AU
![Page 12: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/12.jpg)
12
Changes in the Threat Landscape
Redefining Endpoint Security
Period
Nu
mb
er
of
sig
na
ture
s
Source: Symantec Security Response
![Page 13: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/13.jpg)
13
The Problem
Protection is a constant challenge
• As we improve and innovate our technologies, malware authors adapt and innovate too
• Their techniques are easy – exploit, encrypt, deploy and repeat
Like a game of cat and mouse…
![Page 14: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/14.jpg)
14
Traditional, signature based detections just can’t keep up
![Page 15: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/15.jpg)
15
Then we need something different…
![Page 16: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/16.jpg)
16
Ubiquity is something different
![Page 17: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/17.jpg)
17
The Problem
Millions of file variants (good and bad)
• So imagine that we know:
– about every file in the world today…
– and how many copies of each exist
– and which files are good and which are bad
• Now let’s order them by prevalence with
– Bad on left
– Good on the right
![Page 18: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/18.jpg)
18
Unfortunately neither technique works well for the tens of millions
of files with low prevalence.
(But this is precisely where the majority of today’s malware falls)
Unfortunately neither technique works well for the tens of millions
of files with low prevalence.
(But this is precisely where the majority of today’s malware falls)
Today, both good and bad software obey a long-tail distribution.
Bad Files Good Files
Prev
alen
ce
Whitelisting works well here.
Whitelisting works well here.
For this long tail a new technique is needed. For this long tail a new technique is needed.
Blacklisting works well here.
Blacklisting works well here.
The Problem
No Existing Protection Addresses the “Long Tail”
![Page 19: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/19.jpg)
19
Ubiquity
Could we leverage our users for Security?
• We looked at how others leverage their user communities
• They ‘ask’!
• So perhaps we should use a similar approach?– We ask our users to rate software they use– Over time, applications build a reputation– Symantec products then only allows users to run programs
with at least “4 stars.”
Books Music Movies
![Page 20: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/20.jpg)
20
Ubiquity
Well not so fast
• To a user, it’s not at all obvious what is safe and what is not…
Many threats aresilent, the user isn’t even awareof their presence
Some threats hide inside legitimate processes
Other threats pretend to be legitimate files…AntiVirus 2010
This means we can’t just ‘ask’ our users for feedback!
![Page 21: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/21.jpg)
21
How it Works
SubmissionServers
ReputationServers
File hash
Good/bad
Confidence
Prevalence
Date first seen
11 Collect data
22 Calculate Ubiquity SafetyRatings(updated every 4 hrs)
33 Deliver Ubiquity Safety Ratings
In 2007, we started collecting data and built a massively-parallel analysis algorithm..
Analogy:Google’s
PageRank™
Analogy:Google’s
PageRank™
![Page 22: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/22.jpg)
22
Five important new benefits:
1. Drastically Improved Protection
2. Policy-based lockdown
3. A Weapon Against False Positives
4. Improved performance
5. Unique endpoint visibility
Reputation
Ubiquity Benefits
![Page 23: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/23.jpg)
23
Conclusion
Ubiquity Changes the Rules of the Game
• Amplifies the protection of our current technologies
• We no longer rely solely on traditional signatures
• Use data from tens of millions of users to automatically identifyotherwise invisible malware
• Shifts the odds in our favor – attackers can no longer evade us by tweaking their threats
![Page 24: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/24.jpg)
24
Users – Given the
tools to make choices
Empower Users
![Page 25: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/25.jpg)
25
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Develop and Enforce IT PoliciesDevelop and Enforce IT Policies
Protect The InformationProtect The Information
Manage SystemsManage Systems
Protect The InfrastructureProtect The Infrastructure
The Challenge
![Page 26: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/26.jpg)
26
Develop and Enforce IT Policies
Control Compliance Suite
Develop and Enforce IT Policies
Define Risk and Develop
IT Policies
Assess Infrastructure and Processes
Report, Monitor andDemonstrate
Due Care
RemediateProblems
![Page 27: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/27.jpg)
27
Protect The InformationProtect The Information
Data Loss Prevention Suite
DiscoverWhere Sensitive
Information Resides
MonitorHow Data
is Being Used
ProtectSensitive
InformationFrom Loss
![Page 28: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/28.jpg)
28
Manage Systems Manage Systems
Altiris Total Management Suite
ImplementSecure
Operating Environments
Distribute and Enforce Patch Levels
Automate Processes to Streamline Efficiency
Monitor and Report on
System Status
™
![Page 29: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/29.jpg)
29
Protect The Infrastructure
Symantec Protection Suite
Protect The Infrastructure
SecureEndpoints
ProtectEmail and
Web
DefendCritical
Internal Servers
Backupand
RecoverData
™
![Page 30: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/30.jpg)
30
OrganizedCriminal
Malicious Insider
OrganizedCriminal
MaliciousInsider
Protect the Infrastructure
Develop & Enforce IT Policies
Protect the Information
Manage Systems
• Lack of Visibility• Evolving Threats• Growing Complexity
• IT Risk Management• Cost & Complexity of Compliance• Lack of Visibility
• Growth of Unstructured Data• Social Media Access• Cloud Computing
• Management of HW and SW• Complexity of IT Processes• Operating System Migration
Integrated Security PlatformOpen
PlatformConsole
UnificationSecurity
IntelligenceDynamic
Protection
New Challenges Require New Technologies
![Page 31: Symantec_2-4-5 nov 2010](https://reader033.vdocuments.mx/reader033/viewer/2022051411/54563c97af79594d148b8d21/html5/thumbnails/31.jpg)
31
Thank You