Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

Similar presentations


Presentation on theme: "1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing"— Presentation transcript:

1 1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

2 2 Targeted Attack Trends 1 Organizations Struggling to Keep Up 2 A Methodology for Better Protection 3 How Symantec Can Help 4 Q & A 5

3 Targeted Attacks 3

4 Targeted Attacks Defined 4 End goal is most commonly to capture and extract high value information, to damage brand, or to disrupt critical systems Broad term used to characterize threats targeted to a specific entity or set of entities Often crafted and executed to purposely be covert and evasive, especially to traditional security controls

5 How Targeted Attacks Happen 5 Send an to a person of interest Spear Phishing Infect a website and lie in wait for them Watering Hole Attack

6 Targeted Attack Trends % Increase in targeted attack campaigns per Campaign Recipient/Campaign Campaigns Duration of Campaign days 3 days8.3 days Top 10 Industries Targeted in Spear-Phishing Attacks, 2013 Source: Symantec Public Administration (Gov.) Services – Professional Services – Non-Traditional Manufacturing Finance, Insurance & Real Estate Transportation, Gas, Communications, Electric Wholesale Retail Mining Construction 16% Spear Phishing Attacks by Size of Targeted Organization, Source: Symantec 50% 39% 18% 31% 30% 100% ,501 to 2,500 1,001 to 1, to 1, to to 250 2,501+ Employees 50% 61%

7 Organizations are Struggling to Keep Up 7

8 Reliance on Silver Bullet Technologies A single point product won’t identify all threats Most frequent Silver Bullet monitoring technologies: – IDP / IPS – Anomaly detection (on the rise) Individual technologies lack a comprehensive vantage point to detect today’s threats. 8 32% Average % of incidents detected by IDP / IPS technologies

9 Incomplete Enterprise Coverage Companies fail to effectively assess (and update) the scope of their Enterprise Enterprise technology trends further challenge scope – Mobile – Cloud – BYOD 9

10 Underestimate SIEM Complexity Companies frequently underestimate effort and cost to implement – Technical architecture frequently under scoped – Time to implement can take year+ Struggle to sustain capability – Turnover of “the SIEM expert” – Focus / Expertise Required 10 35% Too many false positive responses 72% Collect 1TB of security data or more on a monthly basis

11 Lack of Sufficient Staff / Expertise Increasing Sophistication ≠ More Resources 11 “We’re at 100% employment in IT security” – Chief Security Officer Health Care Organization 83% of enterprise organizations say it’s extremely difficult or somewhat difficult to recruit/hire security professionals

12 Can’t Keep up with Evolving Threats Detection program must be evolve as threats evolves – Analyst training / awareness – SIEM tuning – Detection methods – Response tactics Varied tactics to keep up with threats: – Open source – Working groups (ISACs) – Commercial 12 28% Sophisticated security events have become too hard to detect for us 35% Do not use external threat intelligence for security analytics

13 A Methodology for Better Protection 13

14 The Attack Waterfall 14 ProtectionDetectionResponse 256 Billion Attacks 350,000 Security Events The ‘Maybe’s 3,000 Incidents Readiness 100+ Security Ops staff

15 15 IdentifyProtectDetectRespondRecover 100+ Security Staff 256B attacks 350K events 3000 incidents

16 Identify or Readiness 16 Threat Intelligence Asset Management Policy Practice

17 17 IdentifyProtectDetectRespondRecover 100+ Security Staff 256B attacks 350K events 3000 incidents

18 Proactive Protection Technologies 18 All Control Points More than AV Test URLs in

19 19 IdentifyProtectDetectRespondRecover 100+ Security Staff 256B attacks 350K events 3000 incidents

20 Detect 20 Correlate Control Points Identify Anomalies Monitor & Test Everything

21 21 IdentifyProtectDetectRespondRecover 100+ Security Staff 256B attacks 350K events 3000 incidents

22 Respond 22 Automate Correlation Incident Response

23 How Symantec Can Help 23

24 Symantec Advanced Threat Protection Managed Adversary Service Insight, SONAR, Thread injection protection Secure App Service Security Simulation Disarm, Link following, Skeptic Incident Response Service MSS-ATP Advanced Threat Protection Solution Cynic Synapse ProtectionDetectionResponse 256 Billion Attacks 350,000 Security Events The ‘Maybe’s 3,000 Incidents Readiness 100+ Security Ops staff 24

25 Thank you! Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 25 Eric Schwake


Download ppt "1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing"

Similar presentations


Ads by Google