��� -���

��� Albert Tsao

Agenda

Web ����

�����

DEMO

1234

5

����

Web ����

Proxy 1.0Cache

Proxy 2.0Policy & Detection

Proxy 3.0Web Isolation

• 8a"2��H• Y=�IEd��• N60�fE?;('• `���*@A:%1�]PQ�W%;^\�Jc�

• /+Z�over-blocking

Proxy �����

• -R;FS• e�>, V�#• �:1.0�K.����N6,4(Gen1 Cacheflow)

• WebO�)���M�• URLX9�gbC • SSL�L����53• 7B�� !UhG_• �:2.0.Block & Allow N6,4

• Web 2.0 ����(Gen2 Cacheflow)

• Block & Allow ,&<a active content ,�$�(Over Blocking)

• !=��ES[iTZDN6,4�

• Gartner predicts that over 50% of enterprises will adopt web isolation.

• “one of the most significant ways an enterprise can reduce the ability of web-based attacks”.

1,400+ ��� browser & plug-in ��

�����������$)78%

�������$)���Every 4 seconds

�(�" %��&*

Source: Verizon DBIR, Symantec ISTR, Gartner

90% ��#���!��(�"�%�

83%�������&*%�/��

��� &�&*�����

55%

���+�����'����12%

KnownBad

uncategorized or potentially risky* domains

Unknown/Risky

KnownGood

��������

“����������OVER-BLOCKING?”

Parameter

BLOCK

ALLOW

/BLOCK?

ALLOW?

�•.�+$3:�%75

•�+�,�471���24�(�)�

•<�'�/4��+� �C�2?#!41��>

• �64�-0�&/�B=

•;��9�8�*@�A"

� -�������• DF� �32�,��B @�0E�.#��&C�5�1H.�4��• 1H(G�9*/�• �".Web>$ Proxy �DF��• DF��7,����.+��A/�6��)Web!=����"��.:;%8-?�,�.'<��

8

Web Isolation ����

*6"8 =>CD�:-; 7��5A%• ��@59+ ��-• 1G �#�.� �@,&�?/J• ���(�����*��"� /�)&���

Web Isolation (B�H3�$2• CD�4������%���• � E�)' (zero-day vulnerabilities)• ��<I;�F�!����:�0<�� �!�����$�#�'

RenderExecuteDownload

Web Isolation ��

Web

Email

Documents

Risks User

User gestures

�������

������������ �

On premise, cloud and hybrid

�����

�����

�����

100% safe rendering information

100101001010110100110010101

101010011010011110

100101001010110100110010101

101010011010011110

100101001010110100110010101

101010011010011110

Symantec Web Isolation

11Copyright © 2017 Symantec Corporation

Isolation Container

Proxy

�����(Isolation) � Symantec SWG Solution ��

E+u/���0HTK�V GIN’s WebPulse:_�1#6Z�r*1snbPD7�HTK

NF1[Zmo, proxy �aE+L"Bkf�moOS,TIE hjproxyc@�!��2�Z DLP & CA/MAiX<9

mo(Isolation)OS&W"Tq�!hj\]B(HTML5/ visual stream)-Y�g(tP-Yf.html, CSS, Java, mp4, images, M.)

Gg �H�\]B(visual stream) R EU�A5J>HTq�!i�� EUHC^�

EU�I��!��u/�>%�;. �1�H`��Tq�!���4Z3p.

4dQ7'�Isolation$4",5HTq�!l?(�=( E)

Boris’ Very Safe Social Media(Not cybercriminal - for sure!)

Click for precious puppies

Super cuteKitten attack!

Boris’ Very Safe Social Media(Not cybercriminal - for sure!)

Click for precious puppies

Super cuteKitten attack!

Boris’ Very Safe Social Media(Not cybercriminal - for sure!)

Click for precious puppies

Super cuteKitten attack!

www.boris_social.cyber

�e��8�X�mof.)��\]B(Visual Stream)

Boris’ Very Safe Social Media(Not cybercriminal - for sure!)

Click for precious puppies

Super cuteKitten attack!

DLP

CA-MA

Isolation

DEMO

12

Ø ���Webpage IsolationØ���� Document Isolation

Ø Password Protected fileØ Password Protected Archives

Ø����� Sensitive Data ProtectionØ����� Prevent mining Script attackØ ��� Read-only Websites

DEMO - Webpage Isolation

13

• ��Web Isolation

���

�������

14

DEMO - Webpage Isolation

• ��Web Isolation• ������ 10

�Web Isolation

DMEO – Document Isolation��Web Isolation

16Web��>

↓����

↓������

������������>��� Web��>���>���

DEMO – Password Protected file

17

DEMO - Password Protected Archives

18******

http://symantec-isolation.com/paypal/

��Web Isolation

DEMO – Sensitive Data Protection��Web Isolation

19

Enable Sensitive Data Protection ��√

http://symantec-isolation.com/paypal/ http://symantec-isolation.com/paypal/

• Z"�A Youtube A0BG%��TV Youtube (�9�43A0WK� �/=;?'U�YD�#Q'G%�

• U�(�NC@��2G�F�CoinHive��U6$WKC�+-43� ��A�43WK 80% D CPU =��Z"2G�

• V� 12 �7�#Q'S�S<>�,O�AWK=L&2GDZ"M��581I�A0�JP.X$�E�DH �

B)Z":�A�DWK2GR!*!Youtube��������?

20https://buzzorange.com/techorange/2018/01/30/youtube-ads-hacker-use-to-mind/

������ – Prevent mining Script attack

21

• ��Web Isolation• Script ������• ���

https://blog.trendmicro.com.tw/?p=54207

DEMO– Prevent mining script attack• �Web Isolation

22

• �� Script ��������

• �����

��Web Isolation

DEMO– Read only Websites��Web Isolation

23

������

����

����

3 &'*,�.+����URL)�, ��������&'*,���$!�����

2 �����������

1 ������ -&'*,�#��(���-���"�.+�!��%�

�=2…

• ���61@,�094(�#!�3�+���8�7�:���

• �'"7�:�.��( IT support 5 ; $�

��7�:��&�>(��/%?<(-*(3�2�!�3�+�#:���)�

Allow Block Y/N ???

����� -������ �������������������

/92�+-):• Always allow ��+�<//,• Always block��+�<//,• �1�:–�6��

o ���� – �����

o �� – ����������

�:: � “�6��” /,5�7�

Allowed Categories

Categories where some access may be required Uncategorized Threat Cats

Health, Financial Services, etc.

Dynamic DNS Host

File Storage/Sharing Hacking Uncategorized Suspicious Malicious

in/out… …

ALLOW

ALLOW or DENY… DENY… MOSTLYDENY

DENY

…�# .0+8"

4�81;�+����&�+ domain /users

*��

...�'%(�>=$�+��!��3�4�81;�+����&�+ domain/

users *��

SomeAllow

SomeAllow

�������:• Always allow ����/��• Always block����/��• �#���'/��!$&o ��"��� ���������(%

o ����!���� �

���������(Isolation) � Proxy �������

Allowed Categories

Categories where some access may be required Uncategorized Threat Cats

Health, Financial Services, etc.

Dynamic DNS Host

File Storage/Sharing Hacking Uncategorized Suspicious Malicious

in/out… …

ALLOW ISOLATE DENY

����������(Isolation) �Proxy���!��"�������

� �����:• Always allow ��!/��• Always block ��!/��• �#���'/��!$&o ��"��� ���������(%

o ����!���� �

Risk

Level

Allowed

Categories

Customer

Category

Categories where some

access may be requiredUncategorized Security Concerns

Health, Financial

Services, etc.

Categoryof Interest

File Storage/

Sharing

Dynamic

DNS HostHacking Uncategorized Suspicious

Malicious

Outbound…

10987654321

ISOLATE

ALLOW

DENY

Categorized Trusted Sites

IntelligenceServices

Users

1 ���������

2 �������

3 �������������������(������DLP ������ SWG/CA-MA/DLP)

Allow1Content & Malware

Analysis

DLP

WebIsolation

Uncategorized/Potentially Risky Websites

Isolate3

Categorized Bad Sites

Block2

�����������������

• #�'-*/$��G �9��IT3.����>�B'F�0=�*�<�)�?%�47�

• #E:D�A�C:052' 100% ��Web +;���1 ���(H���

������������� ����

C-Level Team

Key IT Staff

HR, Legal, Finance

(H�A�52"8@&�,��!�47'-*

6-*/$�������

��������Web�

!"���#��

Privileged User

• ��� ������#!"��

• ����$�������� �� web �������

Web Isolation

All Websites

����������URL����

•4��'�!(��%����+)(�&� /�����$"

•�*���� 0����1���URL-#�3���$"

,.57�86����URL2�, ��� ����

������������

• +���"������� ��'#��! ��&��%���

• ,-)��*��/���(�!.$�

35

Email �� (Cloud and On-premises)

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

Summary

Isolation ������

����Web �• Z3 0�A>��• 3�HV�&%• ��O�/ a�.b\BIC

• �^M2;�!!�• Z3]+<8

� ���• WX��Y#Z3 0• [3?"9_( �������S-�

• =R,GE!/GEBdevices

����������• F�Web $E'D• JNQ5O��\ICB@QM5

• 6.KBU`/4`T�• ��:�P1�L)*7��

$

EndpointProtection

EndpointDetection

WorkloadProtection

Management& Compliance

WebProtection

ContentAnalysis

CASB

SecurityAnalysis

Data Protection

Encrypted TrafficManagement

VIP/Identity

InformationCentric Security

EmailProtection

Anti-Phishing

MessageSecurity

Encryption

38

File

URL

Whi

telis

t

Blac

klist

Cert

ifica

te

Mac

hine

Le

arni

ng

Cyber Security Services

Integrated Cyber DefenseSecuring the Cloud Generation

Thank You!