1 / 25

Getting Beyond Standalone Antivirus to Advanced Threat Protection

Getting Beyond Standalone Antivirus to Advanced Threat Protection. Eric Schwake. Sr. Product Marketing Manager @lombar77. Targeted Attack Trends. 1. Organizations Struggling to Keep Up. 2. A Methodology for Better Protection. 3. How Symantec Can Help. 4. Q & A. 5. Targeted Attacks.

neila
Download Presentation

Getting Beyond Standalone Antivirus to Advanced Threat Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing Manager@lombar77

  2. Targeted Attack Trends 1 Organizations Struggling to Keep Up 2 A Methodology for Better Protection 3 How Symantec Can Help 4 Q & A 5

  3. Targeted Attacks

  4. Targeted Attacks Defined Broad term used to characterize threats targeted to a specific entity or set of entities Often crafted and executed to purposely be covert and evasive, especially to traditional security controls End goal is most commonly to capture and extract high value information, to damage brand, or to disrupt critical systems

  5. How Targeted Attacks Happen Watering Hole Attack Spear Phishing Infect a website and lie in wait for them Send an email to a person of interest

  6. Targeted Attack Trends 2011 2012 2013 Top 10 Industries Targetedin Spear-Phishing Attacks, 2013 2013 Spear Phishing Attacks by Size of Targeted Organization, 2011 - 2013 Source: Symantec Source: Symantec 779 122 100% 16% 78 Public Administration (Gov.) Email per Campaign 111 29 39% 15 Services – Professional 2,501+Employees 50% 50% 2012 408 14 +91% 61 Services – Non-Traditional Recipient/Campaign 23 13 Manufacturing 13 Finance, Insurance & Real Estate 1,501 to 2,500 165 Campaigns 6 1,001 to 1,500 Transportation, Gas, Communications, Electric 61% 501 to 1,000 5 50% 50% Wholesale 251 to 500 2 Retail 30% 31% 1 Increase in targeted attack campaigns 18% Duration of Campaign Mining 1 to 250 3 days 8.3 days 4 days 1 0 Construction 2011 2012 2013

  7. Organizations are Struggling to Keep Up

  8. Reliance on Silver Bullet Technologies • A single point product won’t identify all threats • Most frequent Silver Bullet monitoring technologies: • IDP / IPS • Anomaly detection (on the rise) • Individual technologies lack a comprehensive vantage point to detect today’s threats. 32% Average % of incidents detected by IDP / IPS technologies

  9. Incomplete Enterprise Coverage • Companies fail to effectively assess (and update) the scope of their Enterprise • Enterprise technology trends further challenge scope • Mobile • Cloud • BYOD

  10. Underestimate SIEM Complexity • Companies frequently underestimate effort and cost to implement • Technical architecture frequently under scoped • Time to implement can take year+ • Struggle to sustain capability • Turnover of “the SIEM expert” • Focus / Expertise Required 72% 35% Collect 1TB of security data or more on a monthly basis Too many false positive responses

  11. Lack of Sufficient Staff / ExpertiseIncreasing Sophistication ≠ More Resources 83% of enterprise organizations say it’s extremely difficult or somewhat difficult to recruit/hire security professionals “We’re at 100% employment in IT security” – Chief Security Officer Health Care Organization

  12. Can’t Keep up with Evolving Threats • Detection program must be evolve as threats evolves • Analyst training / awareness • SIEM tuning • Detection methods • Response tactics • Varied tactics to keep up with threats: • Open source • Working groups (ISACs) • Commercial 35% 28% Do not use external threat intelligence for security analytics Sophisticated security events have become too hard to detect for us

  13. A Methodology for Better Protection

  14. The Attack Waterfall Readiness Protection Detection Response 100+ Security Ops staff 350,000Security Events The ‘Maybe’s 256 Billion Attacks 3,000Incidents

  15. 100+ Security Staff 256B attacks 350K events 3000 incidents

  16. Identify or Readiness Asset Management Policy Threat Intelligence Practice

  17. 100+ Security Staff 256B attacks 350K events 3000 incidents

  18. Proactive Protection Technologies More than AV Test URLs in Email All Control Points

  19. 100+ Security Staff 256B attacks 350K events 3000 incidents

  20. Detect Identify Anomalies Monitor & Test Everything Correlate Control Points

  21. 100+ Security Staff 256B attacks 350K events 3000 incidents

  22. Respond Automate Correlation Incident Response

  23. How Symantec Can Help

  24. Symantec Advanced Threat Protection Readiness Protection Detection Response 100+ Security Ops staff 350,000Security Events The ‘Maybe’s 256 Billion Attacks 3,000Incidents Managed Adversary Service Insight, SONAR, Thread injection protection Advanced Threat Protection Solution MSS-ATP Synapse Secure App Service Disarm, Link following, Skeptic Incident Response Service Cynic Security Simulation Synapse

  25. Eric Schwake Eric_schwake@symantec.com +1 541 520 6015 @lombar77

More Related