Weitere ähnliche Inhalte Ähnlich wie Symantec Webinar | Redefining Endpoint Security- How to Better Secure the Endpoint (20) Kürzlich hochgeladen (20) Symantec Webinar | Redefining Endpoint Security- How to Better Secure the Endpoint1. Redefining Endpoint Security –
How to Better Secure the Endpoint
Sundeep Vijeswarapu
System Administrator 3;
PayPal
Joakim Lialias
Director Product & GTM
Strategy, Symantec
Fernando Montenegro
Senior Analyst;
451 Research
2. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved.
Senior Analyst on the Information Security team
Originally from , now based in Toronto
Topic areas: security architecture (network
security), endpoint and cloud security spaces.
Prior experience: 20+ years across pre-sales
and delivery roles in enterprise security.
Interests: security economics, security at scale
@fsmontenegro
Introduction
3. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved.
ENDPOINT DETECTION AND RESPONSE (EDR)ENDPOINT PROTECTION PLATFORM (EPP)
Lifecycle
Avoid contact
► Reputation
► Content filtering
► Network integration
► App control
► Device control
Cheap lookup
► File hashes
Pre-execution checking
► AI/ML
► Network validation
► Sandboxing
Consider isolation
► Virtualization
► Remote execution
Evidence of malicious behavior?
►HIPS
►App behavior…
Targeted investigations
►IoC
►Timelines
Automated response
Ad-hoc (remote) responses
Rollback
Remediation
PREVENTION PROTECTION DETECTION RESPONSE
4. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved.
Methodology
451 Voice of the Enterprise
Quarterly insights:
► Budgets & Insights
► Workloads & Projects
► Organizational Dynamics
► Vendor Evaluations
Briefings, Inquiries, Research
100s of hours
► Enterprise IT
► Service Providers
► Security vendors
► Finance professionals
Qualitative research
Independent
5. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved.
Use cases
Q. On a scale of 1 to 5, where 1 is 'very ineffective' and 5 is 'very effective', how would you rate your current endpoint
security solution against the following use cases?
Source: 451 Research’s Voice of the Enterprise: Information Security, Workloads and Key Projects 2018
0
34%
27%
21%
21%
14%
0
43%
46%
39%
31%
25%
0
16%
21%
27%
30%
34%
0
4%
4%
10%
12%
16%
0
3%
3%
4%
7%
11%
Pre-execution protection (n=463)
Stopping during/after execution (n=463)
Removing/remediating (n=464)
Use of threat intelligence (n=460)
After-the-fact investigations (n=458)
5 - highest 4 3 2 1 - lowest
Satisfaction rating for endpoint solutions against use cases
6. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved. 6
Handling ransomware
Q. How did you handle ransomware in the case, or the most prominent case if multiple, you experienced?
Q. If your organization became the victim of a ransomware attack, how would it most likely respond first?
Source: 451 Research, Voice of the Enterprise: Information Security, Workloads and Key Projects 2018
56%
18%
11%
8%
2%
1%
1%
3%
68%
5%
8%
14%
2%
0%
2%
3%
We would reimage the machine and restore from a backup
Our endpoint security tool would interrupt the attack
Our network security tool would interrupt the attack
We would reimage the machine,but would likely lose the data
We would attempt to use a previously broken, publicly available
encryption key to decrypt
We would attempt to break the encryption key used to encrypt the
files to decrypt
We would pay the requested amount to unlock our data
Other
No Ransomware (n=407)
Ransomware (n=65)
7. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved.
Key Challenges
Mobility
►Network-agnostic
►Limited capacity
Ease of Use
►Seamless operation
►Heterogeneous UX
Cognitive overload
►Distraction to be expected
►Brittle security controls
USER DEMANDS
Pace of change
►Cloud migrations
►M&A activity
►Resource constraints
Environment Complexity
►User mobility
►Shifting trust boundaries
►Device heterogeneity
►Regulatory demands
BUSINESS DEMANDS
Supply Chain
►Software components
►Business relationships
►Technical relationships
Attack sophistication
►LOTL/fileless
►Attack automation
►Lateral movement
►Diffuse exfiltration
ATTACK TRENDS
8. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved.
Best practices
8
Cross-platform support
►Windows, Mac, Linux
►Mobile devices
Integrated Architecture
►Layered Protection
Mobility Support
►On-site/Off-site scenarios
►Protection & Operations
Architecture
Hardened Environment
►Admin rights
►Macro execution
►Lateral movement
Up-to-date Components
►Signatures & ML models
►Upgrade paths
►Newer features
Operations
Continuous Practices
►Asset Inventory
►Risk Management
Program Metrics
►Process tracking
►Security outcomes
►Program improvements
Management
9. 451RESEARCH.COM
©2018 451 Research. All Rights Reserved. 9
Coming next…
• Endpoint product evolution
• Operating system security + 3rd party product
• Automation and Orchestration capabilities (API)
• For some, cloud-based endpoints
• VMs, containers, Kubernetes, serverless compute, …
• Governance
• Regulatory frameworks, privacy, geopolitical considerations
11. Symantec Endpoint Protection Environment at PayPal
• Our SEPM servers are on version 14.2 MP1
• On client side we are on version 14.x
• GUP Servers
©2016 PayPal Inc. Confidential and proprietary.
12. How SEP helped alleviate our challenges
©2016 PayPal Inc. Confidential and proprietary.
• Effective scanning and malware detection via Auto-Protect, SONAR, Download Insight,
Manual Scan
• SEP has helped us to confirm if machines we are investigating are infected are
remediate them.
• Even on external Hard drives, SEP identifies malicious files rather quickly as well as
provides exact paths of files and other IOCs.
• SEP’s data is rather accurate as well when it comes to malicious detections and
IDS/RISK logs.
• Quick response from Symantec when reported about false positives
• Its one of the best tools for malware that we utilize in our Organization.
13. What’s New?
How to Better Secure the
Endpoint
Joakim Lialias
Director Product & GTM
Strategy; Symantec
14. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Innovate Endpoint Security?
ENDPOINT REALITIES HAVE
CHANGED DRAMATICALLY
ENDPOINT SECURITY MOVES
BEYOND MALWARE
ENDPOINT ARCHITECTURE
GROWING IN COMPLEXITY
14
Yesterday Today
Traditional Endpoints
Fixed Function Devices
Traditional Endpoints
Fixed Function Devices
BYOD (Unmanaged)
Managed Mobile Devices Managed Mobile Devices
Always Connected Users
On-Premises
Cloud Delivered
7
Agents for Security
and Management
(average)
Challenges
Updates
Performance
Talent
Disjointed
2x increase in vulnerabilities driven
largely by increase of apps in 2017
+77%
of successful attacks in 2017
utilized file-less techniques and
dual-use tools
+56% increase in risky Wi-Fi
networks in 2017
+8,500% increase in
coinminer detections
+100% of recent major APTs used Active
Directory as an attack vector
7 min Average time between endpoint
compromise and breach
15. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 15
HOMOGENOUS ENDPOINT SECURITY AND MANAGEMENT FOR A HETEROGENOUS WORLD
The Most Complete Endpoint Security Solution
Symantec Endpoint Security
15
TRADITIONAL PLATFORMS
BROADEST
COVERAGE
MODERN PLATFORMS
COMPUTE AND STORAGE
EXTENSIVE COVERAGE TO
PROTECT ALL ENDPOINTS
DEEPEST
PROTECTION
DEFEND AGAINST ALL ATTACK
VECTORS AND METHODS
ANTIMALWARE
PREVENT DETECT RESPOND
HARDENING
ISOLATE CONTROL DECEIVE
FLEXIBLE MANAGEMENT
INTEGRATED
ARCHITECTURE
ACHIEVE SUPERIOR
OPERATIONAL EFFICIENCIES
ON-PREM HYBRID CLOUD
SIMPLIFIED ARCHITECTURE
SINGLE AGENT SINGLE CONSOLE
OPEN PLATFORM
ICDX
MODERN
MANAGEMENT
AUTO-MANAGE
MODERN MANAGEMENT
& MODERN APP
EXTEND SECURITY WITH
MODERN MANAGEMENT
AUTO EVALUATE à AUTO RECOMMEND
à AUTO APPLYà AUTOLEARN
16. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Foundation for fine grained control
Our Endpoint Technology Approach
16
Hardening
Strengthen
security
posture
Antimalware
Hardening
Prevent the Knowable
Hunt the Unfindable
Respond to Incidents
Secure the Connectable
Protect the Vulnerable
Restrict the Unknown
Block the Suspicious
Secure the Traversable
17. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete defense to address all threats and vectors
Delivering a Unique Endpoint Defense Approach…
Endpoint Detection and Response
Antimalware
Malware Prevention
Suspicious Activity
Detection
White-list
Jails Castles
Hardening
Block-list
Capabilities unique to Symantec that
deliver unmatched gray activity protection
More Malicious More ExploitableThreat Continuum
Threats Potential Threats Unknown Potentially Good Known Good
17
18. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete Endpoint Defense Requirements
Threats
Potential
Threats
Unknown
Potentially
Good
Known
Good
Prevent Malware
Detect and Respond
GlobalBlock
Global Whitelist
Isolate Apps,
Scripts & Content
Restrict
Domain Access
Securely
Connect
ExfiltrationInfestationInfectionIncursion
Initial Access Execution Persistence
Privilege
Escalation
Defense
Evasion
Credential
Access
Discovery
Lateral
Movement
Collection Exfiltration
Command
and Control
HardeningAnti-malware
ThreatContinuum
18
19. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete Endpoint Defense Portfolio
Threats
Potential
Threats
Unknown
Potentially
Good
Known
Good
SEP
EDR
AppControl
App Control
Application Isolation Threat Defense for
Active Directory
Cloud Connect Defense
ExfiltrationInfestationInfectionIncursion
Initial Access Execution Persistence
Privilege
Escalation
Defense
Evasion
Credential
Access
Discovery
Lateral
Movement
Collection Exfiltration
Command
and Control
ThreatContinuum
19
20. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
…Delivered Through a Single Agent and Console
20
21. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
SYMANTEC ENDPOINT SECURITY
COMPLETE ENDPOINT DEFENSE
FOR THE ENTERPRISE
21
Endpoint Protection Advanced Endpoint
Hardening
Endpoint Detection
and Response
Symantec
Cyber
Defense
Manager
Single Console
Symantec
Agent
Single Agent
Symantec
Global
Intelligence
Network
Symantec Endpoint Protection
– Enhanced
Symantec Endpoint Protection
Mobile – Enhanced
Symantec Endpoint Cloud
Connect Defense – New
Symantec Endpoint Application
Control – NEW
Symantec Endpoint Application
Isolation – Enhanced
Symantec Endpoint Threat Defense
for Active Directory – NEW
Symantec Endpoint Detection
and Response – Enhanced
Symantec Managed Endpoint
Detection and Response – NEW
Advanced Endpoint
Defense Suite
Prevent + Harden
Complete Endpoint
Defense Suite
Prevent + Harden +
Respond
Endpoint with Detection
and Response
Prevention + Detection
+ Response