Enterprise IT Security Briefing

Enterprise IT Security Briefing
The most important thing, the most valuable thing somebody can possess is information. If you think about it, having the right information is priceless. From car history reports to medical records, to credit reports, to restaurant reviews. Information is what drives purchases, dining experiences, even appropriate healthcare. Information is so important that we have evolved into an information society so it easy to understand the value of information and to understand how protecting that information is key to a customer’s (of any size) ability to grow and thrive. Enterprise IT Security Briefing

Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact
Calgary, Alberta Dublin, Ireland Reading, England San Francisco, CA Alexandria, VA Tokyo, Japan Mountain View, CA Chengdu, China Austin, TX Culver City, CA Taipei, Taiwan Chennai, India Pune, India IT security professionals feel they have more to deal with than ever before. Specifically, they have more viruses, more threats (spam, botnets etc.), more surface areas to protect due to people suppliers, customers, contractors and more Information to protect. In fact, regardless of the size of a company, information doubles every year. Finally job descriptions have expanded and not only are IT security professionals responsible for security, they are also responsible for compliance. Our reference labs (powered by Symantec Global Intelligence Network) showed that 2008 was the tipping point for security and landscape changed radically. Just two years ago, hackers were the biggest threat and they were primarily focused on taking down your machines and infrastructure and the only way you knew you were being hit was your PC started to act odd or you saw a spike in network traffic as a worm was moving through your infrastructure. We at Symantec warned at that time that in the future you would be more worried about organized crime and this change happened in % of records lost in 2008 involved organized crime targeting corporate information. That is vastly different than just 2 years ago…. Additional Background on GIN At the heart of all of our products is the Symantec Global Intelligence Network. We are incredibly proud of this Network, and it just gets more and more powerful all the time. We have a 95% detection rate—that’s the highest of any security vendor—and the lowest number of false positives (0.0001%) The Network analyzes over 1.5 billion security alerts daily, validates approximately 5,000 as genuine security threats, and notifies customers of within 10 minutes of discovery This is, by far, the largest, most sophisticated intelligence network on the planet. It scans 30% of the world’s traffic, processes over 8 billion messages daily and gathers malicious code data from 130 million systems The Network updates every 5-10 Minutes from 240,000 Sensors In over 200 Countries There are more than 32,000 vulnerabilities in the Symantec vulnerability database There are 2.5 million decoy accounts in the Symantec Probe Network There are 4 Symantec Security Operations Centers located in Australia, UK, USA, India There are 11 Security Response Centers in the USA, Australia, Canada, India, China, Ireland What all of this means is that if there is a malicious attack about to hit you, we know about it first. We block it, we keep it from affecting your business, and we tell you how to take action. It’s about prioritized risk and response, and our intelligence network keeps you protected and tells you what to do first. There simply is no approach that’s faster or more thorough than ours. This Network is the main reason that 99% of the Fortune 500 & 1000 utilize our products. This is what makes all the difference between having security software and knowing that your information is protected 24/7. Sydney, AU Information Protection Preemptive Security Alerts Threat Triggered Actions Global Scope and Scale Worldwide Coverage 24x7 Event Logging Rapid Detection Attack Activity 240,000 sensors 200+ countries Malware Intelligence 130M client, server, gateways monitored Global coverage Vulnerabilities 32,000+ vulnerabilities 11,000 vendors 72,000 technologies Spam/Phishing 2.5M decoy accounts 8B+ messages/day 1B+ web requests/day Copyright © 2009 Symantec Corporation. All rights reserved. 2 2

Copyright © 2009 Symantec Corporation. All rights reserved.
Sources of a Breach Today, there are three primary sources of a breach: The number one driver of records lost today is due to the actions of Organized criminals. In fact 90% of records lost in 2008 involved organized crime targeting corporate information. Today it is no longer the Hacker that drives most breaches, it is mostly organized criminals. If you have seen the news recently, you heard about Albert Gonzalez (pictured here)and his team from Russia who stole 130 million credit card and debit card numbers from 5 companies, including Heartland Payment Systems, 7-Eleven, Hannaford Brothers and TJX. Another example is the Bonnano organized crime family in NY that led the attack on Lexis-Nexis and stole 14,000 Records. It’s also the Russian business network that we believe is the largest organized gang in the world for cyber-theft. In addition, a lot of these criminals have connections to government agencies and they are very well funded and highly sophisticated. The second source is the actions of Well Meaning Insiders. These are employees who have legitimate access to your network but through carelessness or not thinking, expose a company to risk. This is the employee that leaves an un-encrypted USB drive with sensitive data in a cab or a coffee shop or who loses a laptop. Its an employee who s sensitive data to themselves using their Gmail or Hotmail account so they can work on it at home, or who accidently s sensitive information to the wrong person because of the auto-fill in outlook, or finally, it could be the case of people who poorly designed business processes. For example, Symantec was recently called into help a European airline, who had our DLP product and noticed they were sending out thousands of credit card numbers everyday and could not understand how they were doing that so they asked for our help. What we discovered was that when they designed their backend systems, they ended up using customer credit card numbers as boarding pass numbers and so they were printing credit card numbers along with the customer’s name on every boarding pass. So again, the employee did not mean to do the wrong thing, but inadvertently exposed the company to risk. What we have found is the actions of well meaning insiders actually were a contributing factor in nearly two-thirds of breaches that happened last year. The third source of a breach are the actions of malicious insiders. These are again people who have legitimate access to your network but either in a moment of anger or as they realize they can make a profit from stealing information, decide to do bad things. In fact, there was a study that came out earlier this year that showed about 60% of all employees surveyed felt it was okay to take confidential information with them when they left as they felt it was their property. The fact is, Malicious Insiders drive a lot of breaches today. Organized Criminal Well Meaning Insider Malicious Insider Copyright © 2009 Symantec Corporation. All rights reserved. 3 3

Anatomy of a Breach Incursion Discovery Based on our research and the three key sources of a breach (Organized Criminal, Well Meaning Insider, Malicious Insider), we found that a breach today is very different than it was just two years ago and has four key stages. If you trace the attack tree you will find these four stages of a breach the majority of the time: Incursion, where they try to get into a company Discovery, where they look across your network to find where the valuable assets are within the company and how well protect they are Capture, where they get hold of those assets Exfiltration, where they move the assets out of the company This is our model for an attack today, again very different from what a hacker attack looked like just a few years back. We're finding, too, that increasingly, criminals have dedicated teams associated with each of these four stages. Capture Exfiltration Copyright © 2009 Symantec Corporation. All rights reserved. 4 4

Security Market Drivers Incursion Our research has found that in the Incursion Phase, one of the most common and dangerous vectors by which criminals and malware gets into a company continues to be and web and that's a trend we've seen for a while, and if anything, that trend has accelerated. A primary factor being spam where we have seen a major uptake in the amount of spam. In fact, Spam has increased by 192% from 2007 to and some of that spam contains malware but in more insidious attacks, we are seeing highly customized s, specifically individual s targeted at executives that look like they come from a legitimate source and contain a link that downloads malware. Another common area is the web is becoming an increasing vector for malware coming into companies. This in fact drove our acquisition of Mi5 recently. Criminals simply exploit vulnerabilities that exist in the infrastructure. Last year alone, we found almost 5,500 vulnerabilities in infrastructure that companies had deployed that was web facing. The interesting thing is that criminals often attack vulnerabilities for which there are known patches. 90% of those have patches that were available for six months or more by the time a breach happened. So in a lot of cases, the vulnerabilities list that everybody produces are a “how to” guide in terms of how to break into companies. The other thing they are looking for are web facing infrastructure that have default passwords - you can look up (even google will give you this information) default passwords for each manufacturer so they re looking for web facing infrastructure that isn’t appropriately protected. Another common area they are looking for are web facing applications that are not well protected and vulnerable to a SQL injection attack for example which is how Albert Gonzalez got into Heartland. So the worlds biggest data breach came in through a SQL injection and they were incredibly successful. In fact, in 2008 alone we found 75,000 bot infected computers. So what we've been talking to our customers about is even more true today than it's ever been, which is a well-managed infrastructure is a secure infrastructure. 192% growth in spam from 2007 to 2008 In 2008, Symantec documented 5,471 vulnerabilities, 80% of which were easily exploitable 90% of incidents would not have happened if systems had been patched In 2008 we found 75,000 active bot-infected computers per day, up 31% from 2007 Copyright © 2009 Symantec Corporation. All rights reserved. 5 5

Security Market Drivers Discovery Once in, the discovery team the organized crime site group takes over and begins mapping out the network to understand what assets exist where. What they're looking for, primarily is information. The target of those attacks has changed from five years ago, and they're counting on two things. They're counting on the fact that the infrastructure in companies is not appropriately hardened and companies have not enforced strong IT policies around who should have access to what infrastructure and what information which means once they are in they have complete access to the network, so they are relying on the fact that you don’t have strong IT policies enforcing those assets. We're finding that over 80% of companies haven't hardened their infrastructure to even meet the regulatory requirements around PCI for example. They're also counting on the fact, though, that information isn't where people think it is. In a lot of cases, well-meaning insiders, (well-meaning employees), are taking important information assets and moving them to other parts of the company, forgetting that part may not be hardened appropriately. And so a lot of breaches happen by well-meaning insiders causing what we call data spillage. What this means is most companies now for example that their employee records are in the employee record data base or that patient data is in the patient record data base. What they don’t know is where else does data exist. For example, we were called in last year by a large federal agency because using our SSIM (Security Information Manager) product they knew they were under attack – they were seeing a lot of network traffic between their network and a well known criminal site in Eastern Europe and knew there was no reason for this traffic and that they were under attack but did not know what was being attacked and asked for our help and what we found was criminals were actually after employee records but they were not after them in the employee records data base, they had figured out that there was a copy of these records in a QA server because the internal dev team was using that data as they were getting ready to launch the next version of their HR application and because the QA server was never meant to be externally facing, it wasn’t hardened as it would have been had it been externally facing infrastructure. Data spillage says you know it exist “here” but where else does it exist? And that is what the Discovery team is targeting, if you don’t have strong policies there is data spillage everywhere. 91% of records compromised in 2008 involved organized crime targeting corporate information 81% of attacked companies were non-compliant in PCI 67% of breaches were aided by insider negligence Copyright © 2009 Symantec Corporation. All rights reserved. 6 6

Security Market Drivers Capture Once they have discovered the data, they hand it over to the capture team. The capture team is looking for records and they are doing a trade off of how valuable is the information, versus how well protected is it. There is an established street price that Symantec actually publishes as part of our ISTR that shows the street price for different types of data – for credit card records (a sweet spot), eBay records, passport numbers… There is also a very big economy around trading intellectual property - design documents, source code etc. Last year, our estimates are that IP theft cost companies about $600 billion globally. So they're looking for records that actually have a black market value, and they're looking for intellectual property. And so the capture team is looking within a company at how valuable is the information and how hard is it to get out. In some cases, what they find is its not the corporate assets that are easiest to get out but the employees personal assets. For example, there was a healthcare company in the South-East that we were called into and what the criminals found in this case was the corporate data was well protected, but the employee desktops were not, so they installed screen saving software on the desktops and as employees were logging into their own personal bank accounts or auction accounts that data was being captured. So again, the capture team is looking at how valuable and how easy/difficult it is to get. At Heartland, they found it was the credit card transaction processing server that was vulnerable and they installed a rootkit and copied over 100 million records. Once they've found it and they've captured it, they look to get that information out. 285 million records were stolen in 2008, compared to 230 million between 2004 and 2007 Credit card detail accounts for 32% of all goods advertised on underground economy servers IP theft costs companies $600 billion globally Copyright © 2009 Symantec Corporation. All rights reserved. 7 7

Security Market Drivers Exfiltration Once they've found it and they've captured it, they look to get that information out. In a lot of cases, its not any more complicated than they encrypt the data, look for an unused port and send it out. In many cases, to well known criminal sites, not even trying to hide their actions as they do not expect to be found. In the case of the world's largest data breach, which happened recently, where over 100 million records were stolen, the way the information got out was, it was zipped up, they looked for an unused port on the firewall, and they sent that information out. Now the reality is, information is getting out, again, at a pace that is accelerating. These are some headlines we've taken recently, and a few things pop up. One, we're seeing that this is a phenomenon that targets companies regardless of size, from the very largest to some of the very smallest, regardless of industry, so we're seeing governments being attacked, schools being attacked, hospitals as well as enterprises, and regardless of geography. This is a global phenomenon. “Gov’t Posts Sensitive List Of US Nuclear Sites” Associated Press “Goldman May Lose Millions From Ex-Worker’s Code Theft” July 7 (Bloomberg), Goldman Sachs “2 Men Accused Of Swiping CC Numbers” July 2 (Bloomberg), KPHO.com “Royal Air Force Embarrassed By Yet Another Sensitive Data Loss” May 25, UK News Copyright © 2009 Symantec Corporation. All rights reserved. 8 8

Prelude to a Breach 1 What we're finding then is that criminals are targeting four key things. The first thing they're looking for are poorly protected corporate IT infrastructures, and this falls in two categories. The first thing they're looking for are IT infrastructures that don't have all the right protections across all the different points. So gateways to make sure threats don't come in over , or web gateways to make sure that web traffic isn't the carrier bringing threats in. But they are also looking for a second key thing. They're targeting companies that don't have a view across their IT infrastructure to get a good handle on what's happening. So what we're finding, as you laid out the attack tree, is that while criminals might come in, for example, over or the web, they'll use a different technology to scan the network, a different technology to capture the information they want, and yet another means to egress from the corporate network. And so it's important for companies to be able to have this holistic view across their IT infrastructure to be able to capture the logs across all the different elements of their IT infrastructure, correlate these logs, understand what threats are happening right now, and get a view into whether they're under attack. A functionality we provide as part of our security information manager, (our SIM product at Symantec). And so criminals are targeting two things: companies that don't have all their right protections in all the right places, and companies that don't have a view across all their IT infrastructure to understand if they're under attack. So given the anatomy of a breach we discovered that companies are targeting 4 things: Poorly protected infrastructure Lack of IT policies Poorly protected information Poorly managed systems Poorly Protected Infrastructure Copyright © 2009 Symantec Corporation. All rights reserved. 9 9

Prelude to a Breach 2 The second thing criminals are targeting are infrastructures that don't have strong IT policies. And specifically here, the policies that matter are the policies that are about who should have access to what infrastructure and what information. Because, you remember, if you don't have that implemented it means that once the criminals are in a network they have free rein across the corporate network. And both steps of this process are challenging. It's challenging for companies to develop an effective set of IT policies that not only maintains a strong security posture, but also makes sure they stay compliant with all the different regulations that are relevant to them. So developing the policies is a challenge, but it's equally challenging for companies to make sure that those policies are rigidly enforced. And in the end, if companies don't have strong policies around who should have access to what infrastructure and what information, then they are vulnerable. So given the anatomy of a breach we discovered that companies are targeting 4 things: Poorly protected infrastructure Lack of IT policies Poorly protected information Poorly managed systems Lack of IT Policies Copyright © 2009 Symantec Corporation. All rights reserved. 10 10

Prelude to a Breach 3 The third thing criminals are targeting are poorly protected information assets. And here the asset test for a company is the question, do we know where all our important information assets are? And if a company doesn't have a good handle on where their important information is, then they are at risk. It's not only important, however, to know where your information is, but it's also important to make sure that the right things happen with the information as that information flows both within the company and into and out of a company. So given the anatomy of a breach we discovered that companies are targeting 4 things: Poorly protected infrastructure Lack of IT policies Poorly protected information Poorly managed systems Poorly Protected Information Copyright © 2009 Symantec Corporation. All rights reserved. 11 11

Prelude to a Breach 4 And then finally, criminals are targeting companies that have poorly managed systems. We talked about the fact that a lot of companies have a hard time staying on top of all the patches that come out and appropriately prioritizing the ones that have a security implication. So patch management, while traditionally a systems management issue, has a very strong impact on the security posture of a company. The other thing that criminals are targeting around systems management are companies that have slow IT processes. What this means is if you have slow IT processes it makes it hard to react quickly even if you know you're under attack. So some of the key elements around a well-managed system are the ability to apply patches at an appropriate rate, but also the ability to react quickly if you know you're at risk. So, the criminals are targeting those four critical vulnerabilities: poorly protected infrastructures, lack of IT policies, poorly protected information and…. poorly managed systems. So given the anatomy of a breach we discovered that companies are targeting 4 things: Poorly protected infrastructure Lack of IT policies Poorly protected information Poorly managed systems Poorly Managed Systems Copyright © 2009 Symantec Corporation. All rights reserved. 12 12

1 Protect the Infrastructure So what is an appropriate security strategy? First companies need to protect the infrastructure and should a breach happen respond to threats rapidly. Companies need visibility into their systems so they can manage them properly and ultimately protect against emerging threats. Leveraging the unsurpassed technology of our global intelligence network (GIN) we can provide visibility and analysis to threats to proactively identify possible threats , provide real time notification through our SSIM product so customers can respond rapidly. Our Symantec Protection Suite is a collection of our products that help you protect your infrastructure. It's our endpoint protection product, our mail security product, our web security product, but it also includes things from across our portfolio that our customers have told us form part of this security equation, our backup and system recovery product, for example. It includes things across a variety of form factors., so we're the only company in the world that has a strong capability in software, in appliances as well as in SaaS. Poorly Protected Infrastructure/Symantec Protection Suite: SEPv11 already has sophisticated application control and system lock down capabilities. Symantec’s reputation base whitelisting provides the content that will give SEP12 the ability to allow applications with good reputation to run and to block (or give limited rights) to those with poor reputation. We are measuring reputation based on gathering application signatures form 10’s of millions of machines across our customer base and applying a statistical model. In addition, we are making a big investment in integrated security management – SPC – which will give our customers broad visibility across their security infrastructure, reduce gaps in customers’ security coverage, give our customers the ability to analyze outbreaks, breaches, etc., and make security information and reports actionable. Symantec™ Protection Suite Copyright © 2009 Symantec Corporation. All rights reserved. 13 13

1 Protect the Infrastructure What you'll see is that our Symantec Protection Suites does include our flagship Symantec Endpoint Protection product. So it allows you to make sure that you're protecting all the endpoints in your corporate infrastructure, but it includes more than that. It gives you the and web gateways you need to make sure that the traffic flowing into your company is clean as is the web traffic. It also gives you the ability to protect the critical systems and harden the critical systems in your infrastructure. And then finally what we have heard from our customers is that backing up the desktops is a core part of a security offering, and so we're including our backup technology and system recovery technology for desktops into the Symantec Protection Suites. The idea here is that the Symantec Protection Suites today and over time will offer everything our customers need to protect the infrastructure. Secure Endpoints using Symantec Endpoint Protection (SEP) Protect and Web using Brightmail and Web Gateway (Mi5) Defend Critical Internal Servers using Critical Systems Protect (CSP) Backup and Recover Data using Backup Exec System Recovery (BESR) Bridge Solutions A secure infrastructure is a well managed infrastructure – therefore, part of protection is management and our Altiris suite also helps customers maintain both security and compliance Secure Endpoints using Symantec Endpoint Protection (SEP) A secure infrastructure is a well managed infrastructure – therefore, part of protection is management and our Altiris suite also helps customers maintain both security and compliance Symantec™ Protection Suite Secure endpoints Protect and web Defend critical internal servers Backup and recover data Copyright © 2009 Symantec Corporation. All rights reserved. 14 14

Develop and Enforce IT Policies Second, companies need to develop and enforce IT policies and automate their compliance processes. By prioritizing risks and defining policies that span across every location, customers can enforce policies through built in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they even happen. Our Control Compliance Suite targets, helping companies put together the right IT policies, but not just define the policies, cycle the whole end-to-end process of defining policies, assessing how their infrastructure is set up against those policies, creating the report and then remediating any deficiencies that are identified. Lack of IT Policies/Control Compliance Suite: We continue to invest heavily in CCS and SSIM. The CCS Oban release leverages our best-of-breed workflow capabilities, improves our risk modeling and continues to push automation to drive down cost. SSIM provides a real-time, correlated view of security across the enterprise – we continue to invest in collection capabilities – i.e. universal collector in SIM 4.7 – and integration into other security product – i.e. SPC and CCS Symantec™ Control Compliance Suite Copyright © 2009 Symantec Corporation. All rights reserved. 15 15

Develop and Enforce IT Policies Define Risk and Develop IT Policies using Policy Module and Response Assessment Module (RAM) Assess Infrastructure and Processes using Standards Module, Response Assessment Module (RAM) and Security Information Manager (SSIM) Report, Monitor and demonstrate due care using Standards Module, Response Assessment Module (RAM) and Security Information Manager (SSIM) Remediate Problems using Standards Module and Security Information Manager (SSIM) Bridge Solutions Altiris Service Desk 7, Workflow and Patch Management close the loop on policy enforcement providing end to end remediation Symantec™ Control Compliance Suite Define risk and develop IT policies Assess infrastructure and processes Report, monitor and demonstrate due care Remediate problems Copyright © 2009 Symantec Corporation. All rights reserved. 16 16

3 Protect the Information Third, companies need to protect information proactively by taking an information-centric approach to protect both information and interactions. It’s not enough to know where the information resides—they need to know how it moves and who has access to it so they can protect it. Taking a content aware approach to protecting your information is key in knowing where your sensitive information resides, who has access and how it is coming in or leaving your company. Our Data Loss Prevention Suite, is the clear leader in Content-Aware Data Loss Protection and helps companies understand where their important information assets are, that they're being handled appropriately, both at rest, at endpoints and in their own network, and in motion, as the information enters and leaves the company. Poorly Protected Information/Data Loss Prevention Suite: We continue to make big investments in DLP expanding our ability to identify and classify sensitive information, to find and manage sensitive information, and to integrate endpoint DLP and security. Matrix is a combined SAMG DLP project to give us much richer capabilities in data governance – understanding the usage patterns of files, inferring the information owner, and enabling better management of sensitive information. Symantec™ Data Loss Prevention Suite Copyright © 2009 Symantec Corporation. All rights reserved. 17 17

3 Protect the Information Discover where sensitive information resides using Endpoint Discover and Prevent and Network Discover and Protect Monitor how data is being used using Network Monitor and Prevent Protect sensitive information from loss using Endpoint Discover and Prevent and Network Discover and Protect Bridge Solutions Altiris Workflow ties together systems security and data loss prevention. For example, the detection of sensitive data on an unsecured endpoint (DLP, SSIM) could trigger, patch (Altiris), policy (CCS)or deployment of security software (SEP) Symantec™ Data Loss Prevention Suite Discover where sensitive information resides Monitor how data is being used Protect sensitive information from loss Copyright © 2009 Symantec Corporation. All rights reserved. 18 18

4 Manage Systems Finally, companies need a way to manage security efficiently. Security needs to make a customer’s life easier through standardization, workflow and automation—simple things that they can put in place to make security software do the heavy-lifting - everything from patch management to regulatory audits. Companies have lots of experienced security people, lots of processes. Security can be managed more efficiently with standardization and automation. Our Altiris Management Suite helps deliver on the promise of a well-managed endpoint, that is therefore a secure endpoint, and helps our customers manage the life cycle of their IT assets. Poorly Managed Endpoints/Altiris Management Suite: Integrated security management with SPC . Workflow is key differentiator here – drive automation, map to business processes, improved user experience model – RSS feeds, etc. Integrated patch management from Altiris CMS gives our customers the ability to keep machines up to date which is an absolute requirement in protecting them. SaaS is the big next generation push for security – we will be leveraging MessageLabs as our infrastructure. There is huge customer value in delivering our security products as a service – with benefits including little or no deployment, easily manageability, and radically reduced infrastructure investment Finally, Virtualization -- securing virtual environments, making our products virtualization friendly, and optimizing security around virtual environments. Altiris™ Total Management Suite from Symantec Copyright © 2009 Symantec Corporation. All rights reserved. 19 19

4 Manage Systems Altiris Total Management Suite helps standardize global operations by Client and Server Management improves IT effectiveness with automated system management across heterogeneous environments IT Asset Management helps control hardware and software expenses, and improve compliance initiatives ServiceDesk allows organizations to improve their availability and service levels while reducing their overall service costs All of the these capabilities are integrated on the Symantec Management Platform and managed through a single pane of glass. Bridge Solutions Control Compliance Suite (CCS) in conjunction with the Altiris Total Management Suite closes the loop on policy enforcement provides end to end remediation Altiris™ Total Management Suite from Symantec Implement secure operating environments Distribute and enforce patch levels Automate processes to streamline efficiency Monitor and report on system status Copyright © 2009 Symantec Corporation. All rights reserved. 20 20

Symantec Security Recognized as A Leader in Gartner Magic Quadrants*
Network Access Control1 Content-Aware DLP4 Endpoint Protection Platforms2 Security Info & Event Mgmt3 PC Lifecycle Config Mgmt5 Now when we talk to our customers about Suites it's important for us to emphasize that for us Suites isn't just about bringing together a collection of technologies that aren't the world's best. We lay out here every single Magic Quadrant, Gartner Magic Quadrant, that we compete in across our security portfolio. So here are the six key IT segments that we're in and the associated Gartner Magic Quadrants. And it's important for us to emphasize that we are the leaders in every single segment that we compete in. We are, bar none, in the Leader's Quadrant for all these categories. And in fact, we are the only company in the world that can say that. As you look through these portfolios you'll realize that there's nobody else that has the breadth of capability that we have. So, for example, McAfee doesn't even show up in a couple of these Magic Quadrants. And equally importantly, when we show up, we always show up in the Leader's Quadrant. So if you look at these you'll see there are Magic Quadrants that McAfee is in fact in, but not in the Leader's Quadrant. And so for us it's important not only that we are in the key security segments, that we also actually provide our customers with best of breed technologies, because in the end our customers are looking to us to protect their IT infrastructure. Security Boundaries6 *MQ source and disclaimer information at the end of the presentation Copyright © 2009 Symantec Corporation. All rights reserved. 21 21

Symantec Protection Suite Protect the Infrastructure Control Compliance Suite Develop and Enforce IT Policies So taking a step back, what we are seeing today is a very different IT threat landscape than we saw even 18 or 24 months ago. The primary drivers of IT security attacks today are organized criminals, not the hackers that we'd seen a few years ago. The attack tree therefore looks different, and the target of the attacks is information, not infrastructure. Based on that we at Symantec have laid out a model for what an attack looks like and what the criminals are targeting. And we're finding they're targeting four things: poorly protected infrastructures, companies that don't have IT policies developed and enforced, poorly protected information assets within companies, and companies that have poorly managed systems. To help our customers deal in today's threat environment we offer our flagship offerings from Symantec. Symantec Protection Suites brings together everything we at Symantec have to help our customers protect their infrastructure. Our Control Compliance Suite is the one product our customers will need to develop and enforce IT policies. Our Data Loss Prevention product is the market-leading product to help our customers protect their information assets and our Altiris Total Management Suite is everything customers will need to manage their systems. Data Loss Prevention Suite Protect the Information Altiris Total Management Suite Manage Systems Copyright © 2009 Symantec Corporation. All rights reserved. 22 22

> Can you respond to threats proactively? > Can you enforce IT policies and remediate deficiencies? > Do you know where your sensitive information resides? > Can you easily manage the lifecycle of your IT assets? As the IT threat landscape has changed then, and the challenges that companies face has also changed, the core questions in IT security are changing. The first question our customers grapple with is, can you respond to threats proactively? In fact, for a lot of companies their entire early warning system around even knowing they're under attack is now obsolete. When I talk to CIOs or CISOs today very often I'll ask them, how do you even know you're under attack today? And they'll tell you, well, usually what happens is my call center or help desk, the phones start ringing because people call in and say, my PC is acting funny or my laptop's acting funny, or they'll see a spike in network traffic. Well, in today's attacks, none of those things happen. The criminals want to come in quietly and sit on the machines and steal information over time. And so even the early warning systems for most companies have changed. In fact, one of the challenges I issue McAfee customers is to say, look, even if you bought every single McAfee product today and made sure that they were all implemented perfectly and up-to-date, there is nothing that McAfee offers you that even tells you if they're under attack. They have so misunderstood what the security landscape looks like that they don't offer that technology. From Symantec it's our SIM product, and what McAfee will tell you is go buy a product from a company like an ArcSight or a LogLogic. So even the question of, do you know you're under attack and can you respond proactively to the security threats out there is a challenge for a lot of companies. Secondly, a core security question today is, do you know where all your important IT information assets are? Because if you don't know where your information is, it's very hard to actually make sure it's protected. Thirdly, can you enforce IT policies especially around who should have access to what infrastructure and what information? And then finally, can you effectively manage the lifecycle of your IT assets? Those are some of the core challenges that companies are grappling with today and that we at Symantec are focused on. Copyright © 2009 Symantec Corporation. All rights reserved. 23 23

Thank You © 2009 Symantec Corporation. All rights reserved.
THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.

Gartner Magic Quadrant Sources and Disclaimer
Gartner Magic Quadrant for Network Access Control; by Lawrence Orans, John Pescatore, Mark Nicolett; March 27, 2009 Gartner Magic Quadrant for Endpoint Protection Platforms; by Peter Firstbrook, Arabella Hallawell, John Girard, Neil MacDonald; May 4, 2009 Gartner Magic Quadrant for Security Information and Event Management; by Mark Nicolett, Kelly M. Kavanagh; May 29, 2009 Gartner Magic Quadrant for Content-Aware Data Loss Prevention; by Eric Ouellet, Paul E. Proctor; June 22, 2009 Gartner Magic Quadrant for PC Life Cycle Configuration Management; by Terrence Cosgrove, Ronni J. Colville; December 29, 2008 Magic Quadrant for Security Boundaries; by Arabella Hallawell & Peter Firstbrook; September 11, 2008 The Magic Quadrants are copyrighted by Gartner, Inc. and are reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Sources 192% growth in spam from 2007 to 2008 Source: Symantec Global Internet Security Threat Report XIV (ISTR Report) In 2008, Symantec documented 5,471 vulnerabilities, 80% of which were easily exploitable Source: Symantec Global Internet Security Threat Report XIV (ISTR Report) 90% of incidents would not have happened if systems had been patched Source: Data Breach Investigation Report”, Verizon Business Risk Team study and Symantec Security Response In 2008 we found 75,000 active bot-infected computers per day, up 31% from 2007 Source: Symantec Global Internet Security Threat Report XIV (ISTR Report)

Sources 91% of records compromised in 2008 involved organized crime targeting corporate information Source: 2009 Data Breach Investigation Report, Verizon Business Risk Team Study 81% of attacked companies were non-compliant in PCI Source: Data Breach Investigation Report”, Verizon Business Risk Team study 67% of breaches were aided by insider negligence Source: 2009 Data Breach Investigation Report, Verizon Business Risk Team Study 285 million records were stolen in 2008, compared to 230 million between 2004 & Source: 2009 Data Breach Investigation Report”, Verizon Business Risk Team study Credit card detail accounts for 32% of all goods advertised on underground economy servers Source: Symantec Global Internet Security Threat Report XIV (ISTR Report) IP theft costs companies $600 billion globally Source: International Chamber of Commerce

Enterprise IT Security Briefing

Similar presentations

Presentation on theme: "Enterprise IT Security Briefing"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Enterprise IT Security Briefing

Similar presentations

Presentation on theme: "Enterprise IT Security Briefing"— Presentation transcript:

Similar presentations

About project

Feedback