Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
��� -���
��� Albert Tsao
Agenda
Web ����
�����
DEMO
1234
5
����
Web ����
Proxy 1.0Cache
Proxy 2.0Policy & Detection
Proxy 3.0Web Isolation
• 8a"2��H• Y=�IEd��• N60�fE?;('• `���*@A:%1�]PQ�W%;^\�Jc�
• /+Z�over-blocking
Proxy �����
• -R;FS• e�>, V�#• �:1.0�K.����N6,4(Gen1 Cacheflow)
• WebO�)���M�• URLX9�gbC • SSL�L����53• 7B�� !UhG_• �:2.0.Block & Allow N6,4
• Web 2.0 ����(Gen2 Cacheflow)
• Block & Allow ,&<a active content ,�$�(Over Blocking)
• !=��ES[iTZDN6,4�
• Gartner predicts that over 50% of enterprises will adopt web isolation.
• “one of the most significant ways an enterprise can reduce the ability of web-based attacks”.
1,400+ ��� browser & plug-in ��
�����������$)78%
�������$)���Every 4 seconds
�(�" %��&*
Source: Verizon DBIR, Symantec ISTR, Gartner
90% ��#���!��(�"�%�
83%�������&*%�/��
��� &�&*�����
55%
���+�����'����12%
KnownBad
uncategorized or potentially risky* domains
Unknown/Risky
KnownGood
��������
“����������OVER-BLOCKING?”
Parameter
BLOCK
ALLOW
/BLOCK?
ALLOW?
�•.�+$3:�%75
•�+�,�471���24�(�)�
•<�'�/4��+� �C�2?#!41��>
• �64�-0�&/�B=
•;��9�8�*@�A"
� -�������• DF� �32�,��B @�0E�.#��&C�5�1H.�4��• 1H(G�9*/�• �".Web>$ Proxy �DF��• DF��7,����.+��A/�6��)Web!=����"��.:;%8-?�,�.'<��
8
Web Isolation ����
*6"8 =>CD�:-; 7��5A%• ��@59+ ��-• 1G �#�.� �@,&�?/J• ���(�����*��"� /�)&���
Web Isolation (B�H3�$2• CD�4������%���• � E�)' (zero-day vulnerabilities)• ��<I;�F�!����:�0<�� �!�����$�#�'
RenderExecuteDownload
Web Isolation ��
Web
Documents
Risks User
User gestures
�������
������������ �
On premise, cloud and hybrid
�����
�����
�����
100% safe rendering information
100101001010110100110010101
101010011010011110
100101001010110100110010101
101010011010011110
100101001010110100110010101
101010011010011110
Symantec Web Isolation
11Copyright © 2017 Symantec Corporation
Isolation Container
Proxy
�����(Isolation) � Symantec SWG Solution ��
E+u/���0HTK�V GIN’s WebPulse:_�1#6Z�r*1snbPD7�HTK
NF1[Zmo, proxy �aE+L"Bkf�moOS,TIE hjproxyc@�!��2�Z DLP & CA/MAiX<9
mo(Isolation)OS&W"Tq�!hj\]B(HTML5/ visual stream)-Y�g(tP-Yf.html, CSS, Java, mp4, images, M.)
Gg �H�\]B(visual stream) R EU�A5J>HTq�!i�� EUHC^�
EU�I��!��u/�>%�;. �1�H`��Tq�!���4Z3p.
4dQ7'�Isolation$4",5HTq�!l?(�=( E)
Boris’ Very Safe Social Media(Not cybercriminal - for sure!)
Click for precious puppies
Super cuteKitten attack!
Boris’ Very Safe Social Media(Not cybercriminal - for sure!)
Click for precious puppies
Super cuteKitten attack!
Boris’ Very Safe Social Media(Not cybercriminal - for sure!)
Click for precious puppies
Super cuteKitten attack!
www.boris_social.cyber
�e��8�X�mof.)��\]B(Visual Stream)
Boris’ Very Safe Social Media(Not cybercriminal - for sure!)
Click for precious puppies
Super cuteKitten attack!
DLP
CA-MA
Isolation
DEMO
12
Ø ���Webpage IsolationØ���� Document Isolation
Ø Password Protected fileØ Password Protected Archives
Ø����� Sensitive Data ProtectionØ����� Prevent mining Script attackØ ��� Read-only Websites
DEMO - Webpage Isolation
13
• ��Web Isolation
���
�������
14
DEMO - Webpage Isolation
• ��Web Isolation• ������ 10
�Web Isolation
DMEO – Document Isolation��Web Isolation
16Web��>
↓����
↓������
������������>��� Web��>���>���
DEMO – Password Protected file
17
DEMO - Password Protected Archives
18******
http://symantec-isolation.com/paypal/
��Web Isolation
DEMO – Sensitive Data Protection��Web Isolation
19
Enable Sensitive Data Protection ��√
http://symantec-isolation.com/paypal/ http://symantec-isolation.com/paypal/
• Z"�A Youtube A0BG%��TV Youtube (�9�43A0WK� �/=;?'U�YD�#Q'G%�
• U�(�NC@��2G�F�CoinHive��U6$WKC�+-43� ��A�43WK 80% D CPU =��Z"2G�
• V� 12 �7�#Q'S�S<>�,O�AWK=L&2GDZ"M��581I�A0�JP.X$�E�DH �
B)Z":�A�DWK2GR!*!Youtube��������?
20https://buzzorange.com/techorange/2018/01/30/youtube-ads-hacker-use-to-mind/
������ – Prevent mining Script attack
21
• ��Web Isolation• Script ������• ���
https://blog.trendmicro.com.tw/?p=54207
DEMO– Prevent mining script attack• �Web Isolation
22
• �� Script ��������
• �����
��Web Isolation
DEMO– Read only Websites��Web Isolation
23
������
����
����
3 &'*,�.+����URL)�, ��������&'*,���$!�����
2 �����������
1 ������ -&'*,�#��(���-���"�.+�!��%�
�=2…
• ���61@,�094(�#!�3�+���8�7�:���
• �'"7�:�.��( IT support 5 ; $�
��7�:��&�>(��/%?<(-*(3�2�!�3�+�#:���)�
Allow Block Y/N ???
����� -������ �������������������
/92�+-):• Always allow ��+�<//,• Always block��+�<//,• �1�:–�6��
o ���� – �����
o �� – ����������
�:: � “�6��” /,5�7�
Allowed Categories
Categories where some access may be required Uncategorized Threat Cats
Health, Financial Services, etc.
Dynamic DNS Host
File Storage/Sharing Hacking Uncategorized Suspicious Malicious
in/out… …
ALLOW
ALLOW or DENY… DENY… MOSTLYDENY
DENY
…�# .0+8"
4�81;�+����&�+ domain /users
*��
...�'%(�>=$�+��!��3�4�81;�+����&�+ domain/
users *��
SomeAllow
SomeAllow
�������:• Always allow ����/��• Always block����/��• �#���'/��!$&o ��"��� ���������(%
o ����!���� �
���������(Isolation) � Proxy �������
Allowed Categories
Categories where some access may be required Uncategorized Threat Cats
Health, Financial Services, etc.
Dynamic DNS Host
File Storage/Sharing Hacking Uncategorized Suspicious Malicious
in/out… …
ALLOW ISOLATE DENY
����������(Isolation) �Proxy���!��"�������
� �����:• Always allow ��!/��• Always block ��!/��• �#���'/��!$&o ��"��� ���������(%
o ����!���� �
Risk
Level
Allowed
Categories
Customer
Category
Categories where some
access may be requiredUncategorized Security Concerns
Health, Financial
Services, etc.
Categoryof Interest
File Storage/
Sharing
Dynamic
DNS HostHacking Uncategorized Suspicious
Malicious
Outbound…
10987654321
ISOLATE
ALLOW
DENY
Categorized Trusted Sites
IntelligenceServices
Users
1 ���������
2 �������
3 �������������������(������DLP ������ SWG/CA-MA/DLP)
Allow1Content & Malware
Analysis
DLP
WebIsolation
Uncategorized/Potentially Risky Websites
Isolate3
Categorized Bad Sites
Block2
�����������������
• #�'-*/$��G �9��IT3.����>�B'F�0=�*�<�)�?%�47�
• #E:D�A�C:052' 100% ��Web +;���1 ���(H���
������������� ����
C-Level Team
Key IT Staff
HR, Legal, Finance
(H�A�52"8@&�,��!�47'-*
6-*/$�������
��������Web�
!"���#��
Privileged User
• ��� ������#!"��
• ����$�������� �� web �������
Web Isolation
All Websites
����������URL����
•4��'�!(��%����+)(�&� /�����$"
•�*���� 0����1���URL-#�3���$"
,.57�86����URL2�, ��� ����
������������
• +���"������� ��'#��! ��&��%���
• ,-)��*��/���(�!.$�
35
Email �� (Cloud and On-premises)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Summary
Isolation ������
����Web �• Z3 0�A>��• 3�HV�&%• ��O�/ a�.b\BIC
• �^M2;�!!�• Z3]+<8
� ���• WX��Y#Z3 0• [3?"9_( �������S-�
• =R,GE!/GEBdevices
����������• F�Web $E'D• JNQ5O��\ICB@QM5
• 6.KBU`/4`T�• ��:�P1�L)*7��
$
EndpointProtection
EndpointDetection
WorkloadProtection
Management& Compliance
WebProtection
ContentAnalysis
CASB
SecurityAnalysis
Data Protection
Encrypted TrafficManagement
VIP/Identity
InformationCentric Security
EmailProtection
Anti-Phishing
MessageSecurity
Encryption
38
File
URL
Whi
telis
t
Blac
klist
Cert
ifica
te
Mac
hine
Le
arni
ng
Cyber Security Services
Integrated Cyber DefenseSecuring the Cloud Generation
Thank You!