ISB13 Web security deployment options - which is really ...vox.veritas.com/legacyfs/online/veritasdata/IS B13.pdf · Web security deployment options - which is really best for you?

1

ISB13 Web security deployment options - which is really best for you?

Duncan Mills, Piero DePaoli, Stuart Jones

Web Security Deployment Options

SYMANTEC VISION 2012 Web Security Deployment Options 2

The threat landscape 1

Why Symantec web security 2

Generic differences to consider when choosing a platform 3

Why there are functionality differences across platforms 4

Driving priorities to obtain feature parity where possible 5

SYMANTEC VISION 2012

Threat landscape continues to worsen

Web Security Deployment Options 3

Malware Attacks Rising

Targeted Attacks Expand

Mobile Threats

Expose All

Data Breaches

Rising


Web malware continues to rise

• Attack tool kits continue to flourish

• Increase efficacy of known vulnerabilities



Which website is more dangerous?



Most harmful websites by categories


• Sites with poor security become easy targets for malware authors

• Some businesses understand customers will not visit sites that infect them


Social engineering is effective in social media


• Users willing to help infect themselves


Symantec is #1 Leader in Security Software

Based on 2011 Gartner Estimate of Worldwide, Revenue Market Share

Market Share Analysis: : Security Software, Worldwide, 2011, April 12, 2012, Ruggero Contu, Matthew Cheung, Gartner



Symantec Global Intelligence Network Turning intelligence into protection

Global Intelligence

Network

Strongest Web Protection

4

• Insight protects against new, mutated, & targeted malware

• Insight is powered by 210M users, 3.1B files

• Botnet and infected client protection

• Block connections to Malicious IPs & URLs

Advanced Malware Detection

2

• Malware intelligence from > 130M systems

• Heuristics examine file attributes and vulnerability exploit attempts

• Blocks new and unknown threats

Power of the Cloud

1

• Real-time analysis of spam and malware traffic in the cloud with Skeptic

• Drives enhanced heuristic and signatures

• Drives global intelligence across products

• > 99.85% effectiveness

• < 1 in a million false positives

• 400 million IPs - known spam and safe senders

• Stop marketing email

• Machine learning & URL intelligence prevent phishing

Strongest Email Security

3

9 9 Web Security Deployment Options


Symantec Global Intelligence Network Turning intelligence into protection


Source: IDC, Worldwide and U.S. Security Service Threat Intelligence 2011-2014 Forecast: Out of the Basement and into the Clouds.


Many of the differences between cloud-based and on-premises web security platforms are generic and not vendor specific



Map your business requirements to your web security deployment platform


Areas of consideration when choosing a web security deployment platform

Flexibility and total cost of ownership

Current and future IT

environment

Security and regulatory

requirements

Key functionality



Flexibility and total cost of ownership


Organisation Requirement Hardware appliance

Virtual appliance

Cloud SaaS

Capital or operational expenditure Capex Both Opex

Predictable per-user costs

Easily scales to accommodate additional load

Fast implementation

Easy to maintain

Free up staff to focus on core business activities

Minimal additional cost of HA and DR



IT environment



Virtual appliance

Cloud SaaS

Reduce organisation’s data centre costs

Distributed network with lots of branch offices

Protect and enforce web AUP on roaming users

Increase ROI of existing virtual infrastructure N/A N/A



Security and regulatory



Virtual appliance

Cloud SaaS

Quickly address all privacy concerns

All data must be stored in a specified country

Guarantee the security posture of the platform

Enforce DLP policy before data leaves the network

Service level agreements N/A N/A

Provider has local legal jurisdiction N/A N/A


Products evolve to meet customer requirements



Messaging Gateway Hardware or virtual

Broad messaging & web portfolio

Internet

SMTP, HTTP

Mail Security for Groupware

PGP Universal Gateway Email

17 Web Security Deployment Options

Content Encryption

Email AntiSpam .cloud Email AntiVirus .cloud Email Image Control .cloud Email Content Control .cloud Email Boundary Encryption .cloud Policy Based Encryption .cloud Web Security .cloud Instant Messaging Security .cloud

SMTP

Web Gateway Hardware or virtual

HTTP / HTTPS and all other ports and protocols

Data Loss Prevention



Functionality


Symantec Web Gateway .cloud web security

Application control Common management platform for email and web

Flexible deployment options Client to support roaming users

Monitors the network for infections

Scan and enforce policy on HTTPS

Data loss prevention


Client Web

Symantec Web Gateway Appliance or VM

Botnet Detection

Infected Client Detection

Application Control

Malware Content Scanning

URL Content Filtering

Domain and IP Reputation

Insight File Reputation

Symantec DLP Network Prevent for Web

Web Gateway is more than URL filtering

19

HTTP

HTTPS



Web Gateway can be deployed standalone or to complement existing URL filters


Inline

(Monitoring or Blocking)

Port Span/Tap

(Monitoring or Blocking)


Cloud-based web security presents some unique challenges that Symantec manages for our customers

A summer of sports in the UK – does it matter to me?


• 2012 Olympics

• 2012 Paralympics

• The Open 2012

• Wimbledon


Summer of sports – managing demand for online coverage


Olympics

27 Jul – 12 Aug

Wimbledon

25 Jun – 8 Jul

Euro 2012

8 Jun – 1 Jul

Actions taken:

• Architecture hardened

• Additional capacity now on-line

• E-Level discussions with peering and technology partners

• Cross functional team in place to manage potential incidents

• “every sport from every location...” – BBC Olympic Vision

• Predicted 2,500 hrs of online viewing

• 1,000 hrs of online exclusive footage (footage that will not be broadcast anywhere but online)

• UK Government advising of possible internet caps & general disruption


Development themes drive feature parity between .cloud and on-premises products


•Attack toolkits continue to exploit existing vulnerabilities

•Web is a major attack vector – 4595 blocked per day in 2011

•Compromised PCs – 3m bot zombies monitored in 2011 Protection

•Web is a major vector for data loss

•Only 10% of organizations address outbound threats from well-meaning or malicious insiders

Control

•Visibility and control of the operating environment, configuration and reporting

•Compatibility with hardware/software components, network protocols, external product integrations, etc

Management & Platform


Recent enhancements were driven by customer requirements and feature parity



Recent enhancements address customer requirements and drive feature parity


Protection

Symantec Web Gateway Web Security .cloud

Insight file reputation Future

SSL decryption Future


Symantec Insight

• Leverages anonymous telemetry data from 210M+ machines to construct a massive nexus of files, machines and domains

• Tracks nearly every binary in the world

– 3.1 billion files, adding 37 million every week

– Uses age, prevalence, source and other attributes to assign a reputation rating to files

• Can accurately identify and block threats even if just a single Symantec user encounters them

26

Proactive Protection from New, Targeted Threats

Bad Safety Rating

File is blocked

Good Safety Rating

File is whitelisted

No Safety Rating Yet Can be blocked





Control


Enterprise DLP integration Future native DLP

Rulespace web categorisation Available already

Added uncategorised site feedback

Application control enhancements N/A


Web Gateway and data loss prevention

• Challenge:

– Customers want to enforce DLP policies over Web traffic

– Web traffic can be SSL encrypted

– Customers want a robust solution from a single vendor

• Solution:

– Connect SWG + DLP Network Prevent for

Web

– Utilize SWG to decrypt SSL traffic and

pass content to DLP

– SWG blocks/modifies content based upon

DLP policies



Application control and file leakage

• Inspects all internet bound traffic for popular web applications

– Signature Based

– Not reliant on ports

• Supports over 100 Applications and Protocols

– IM, P2P, DB Apps, Remote Access, VoIP, etc…

– File transfer protocols, email protocols, network protocols, etc.

• Monitor / Control Application Usage

• Focus on Public IM Safety

– Antivirus scan on files transferred

– Can Allow Chat / Prevent Downloads

• File Leakage

– Control File Uploads/Downloads

– Monitor File Names





Management and platform


Virtual appliance deployment N/A

Proxy deployment and caching N/A

N/A Regional geo location for Smartconnect

N/A Efficiency improvements to Client Site Proxy


Web Gateway virtual edition for easy deployment

• Easy to trial

• Costs less

– no additional hardware required

• Personalised deployment

– mix of virtual and physical to suit your IT infrastructure

• Quickly respond to increase in Web traffic

– dynamic capacity allocation


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Physical

Virtual

Deployment Types (Feb 2012)


Future priorities driven by customer requirements and feature parity

Disclaimer

Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.



Development themes drive feature parity between .cloud and on-premises products


Protection

Control

Management & Platform


Available already HTTPS decryption

Available already Data loss prevention

N/A Additional capacity


Web Security.cloud – data loss prevention

• New DLP Add-on

– Pre-canned policies, leveraging Symantec DLP definitions

– Key resources shared between web and email offerings

– Create policies in test-mode prior to going live - TBC

– Reporting on matched content with surrounding content

– Enhanced granular policy configuration


34


Things to consider when choosing the right deployment platform for web security


TCO

Flexibility

•Opex or capex and budget constraints

•Resources to maintain and manage on-premises products

•Amount of change is happening within your organisation

Environment

• Investment in virtualisation

•Numbers of Internet connections and branch offices

•Roaming users support

Security

Regulatory

•Regulatory compliance

• Importance of SLAs

Functionality

•Choice of form factor – map to your requirements

•Assess individual products to determine which meets your needs


Other sessions of interest

36

• ISB09 (114, tomorrow 9:00)

– SONAR, Insight, Skeptic and GIN - The Symantec secret sauce

• ISB14 (This room, next session)

– Are You Getting the Most From Symantec Protection Suite?

• ISB11 (114, tomorrow 11:45)

– Demo: integrating Symantec products to get the ultimate protection

• ISB07 (114, tomorrow 13:45)

– The roadmap for Symantec infrastructure protection products


Thank you!

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


Documents

ISB13 Web security deployment options - which is really ...vox.veritas.com/legacyfs/online/veritasdata/IS B13.pdf · Web security deployment options - which is really best for you?