210 likes | 226 Views
Explore how businesses can combat modern security challenges with Symantec's comprehensive threat management solution, addressing known and unknown threats, regulatory compliance, and proactive protection. With multi-tiered security and real-time blocking technology, businesses can mitigate risks and ensure network integrity. Learn about Symantec's innovative approach to threat management, including predictive protection, intrusion mitigation, and unified network security solutions. Stay ahead of threats with Symantec's deep threat intelligence and efficient security protocols for all organizational sizes.
E N D
Comprehensive Threat ManagementA Solution by Symantec November 2005 PRESENTER NAME
Today’s Security Quagmire • Businesses are continuously challenged by modern day security threats • Increased risk from internal users • Businesses are facing more rigorous regulations • Businesses address issues as they occur • Consequences: • Inefficiencies - patch regiment is scattered; reactive “fire drills” • Major breach in the network • Business downtime • Information lock down • Information theft • Regulatory fines / legal liabilities
The “Shielding” Continuum A New Approach to Threat Management Proactive Protection High Known, Unknown & Predicted Threats* Risk Exposure Known & Unknown Threats Known Threats Low Reactive Protection High Low Network Complexity 3
Solution Requirements • Anticipatory protection • Protection against internet threats of known and unknown variety • Necessary information access • Satisfy internal compliance and federal regulations
Proactive Multi-tiered Proven Flexible Efficient Effective The Desired Solution Comprehensive Threat Management
Solution Attributes Solution Benefits • Remediate in a more organized fashion • Get ahead of the threat Anticipatory protection - automatically block threats before they damage systems • Maximum protection against threats of known and unknown variety Multi-tiered, end-to-end security • Immediate security and protection • Enables efficiency and effectiveness Fast deployment and ease of management • Fulfills regulatory and internal compliance needs Provides essential proof of protection • Meets the changing security needs of organizations of all sizes Adaptable • Ensures necessary information accessibility • Business uptime Sustainability Proven technologies • Security you can count on Comprehensive Threat Management
Proactive, Real-Time Blocking Remediate in a More Organized Fashion Get Ahead of the Threat Multi-Layered Protective Force Field Threats of Known & Unknown Variety Comprehensive Threat Management: A Solution from Symantec
Predictive Protection Proactive Protection Active Protection Intrusion Mitigation Unified Network Engine (IMUNE™), LiveUpdate Symantec™ Network Security Symantec™ Gateway Security Vulnerability Attack Interception, LiveUpdate Vulnerability Attack Interception, LiveUpdate, AV Behavior Base Policies Known Threats Unknown Threats Getting Ahead of the Threat Symantec DeepSight™ Threat Management System Symantec DeepSight™ Alert Services Global Threat Intelligence, Alert Services Number of Submissions Symantec™ Critical System Protection
Threat Intelligence that Keeps Getting Smarter Over 20,000 partners in over 180 countries + virus statistics from the Symantec Digital Immune System and many other human intelligence resources YOU LiveUpdate
SGS SGS SGS SGS SGS SGS CSP CSP CSP CSP CSP CSP CSP Internet SNS SNS SNS SNS SCS SCS SCS SCS SCS SCS SCS SCS DSTMS DSTMS Maximum Protection at Multiple Tiers Corporate Network Datacenter Mobile Workers/Branch Offices Gateway Servers Network Client Branch Offices Unix Servers Wireless Users Windows Servers Remote Users Symantec Gateway Security Symantec Network Security DMZ Servers Linux Servers Mobile Clients Symantec Critical System Protection Symantec Client Security Web farm, portals, mail Symantec DeepSight Threat Management System / Alert Services Global Threat Intelligence
Firewall Antivirus Antispam Integrated Security Content Filtering IPS/IDS VPN Symantec’s Approach to Perimeter Protection Full Inspection Firewall • Packet Filtering • Circuit-level analysis • Application proxies • Detection and blocking of buffer overflows • URL pattern matching and blocking • Network address translations Symantec Gateway Security Award-Winning Virus Protection • Heuristic and definition-based detection • Fast detection and repair of HTTP, SMTP, and FTP traffic • Scanning POP3 traffic • Mail policy filter • Block on subject line, file name, and file size URL-Based Content Filtering and Antispam • Block access to undesirable Web content • Dynamic Document Review (DDR) • Reduces load on network from unauthorized traffic Virtual Private Networking • Secure, inexpensive connections over the Internet • IPsec and SSL VPN • Automatic retry on alternate gateways IPS/IDS • Vulnerability attack interception • Signature-based detection • Supported by Symantec Security Response
Each program requires a limited set of resources and limited access rights to perform its normal functions But many programs have privileges and resource rights far beyond what is required How it Works Critical System Protection Creates a “shell” around each program and service that defines acceptable behavior Critical System Protection Protects Vulnerable Endpoints Host Programs Normal Resource Access Core OSServices Application Services Files … … Read/Write Data Files DNA Mail RPC Web Print Spooler Database Registry Read OnlyConfiguration Information … Network Usage of Selected Portsand Devices Email Client Office Browser Devices InteractivePrograms
Antivirus Coordinated Defense at the Client Virus and Spyware Protection • Automatically removes viruses, spyware and other malicious code on desktops and servers • Protects and hides computers from hackers with a desktop firewall • Blocks Internet attacks with intrusion prevention technologies • Repairs changes made by viruses and spyware • Permits administrators to customize spyware/adware policies via existing Symantec AntiVirus management interface • Tamper protection protects itself against malicious code that tries to disable security measures. Symantec Client Security Firewall and Intrusion Prevention • Protects and hides computers from hackers with a desktop firewall • Blocks Internet attacks with intrusion protection technologies • Optimized out-of-the-box firewall configurations minimize configuration efforts • Vulnerability attack interception enhances intrusion prevention capabilities, resulting in reduced time-to-protection after vulnerability announcements Intrusion Prevention Firewall Other capabilities • Offers centralized installation, configuration, and management • LiveUpdate™ can automatically download new security updates • Backed by Symantec™ Security Response, the world’s leading Internet security research and response team Symantec System Center
File Virus 4 mos. Code Red 3 mos. Time to automated exploit 2 mos. Blaster 1 mos. Sasser Witty Worm Weeks Zero Day 1992 2004 Why Network Security? • Network worms targeting vulnerabilities are growing in frequency and complexity • Drastic reduction in window of timebetween a known vulnerability and automated attack/worm • Blaster – 26 days • Sasser – 17 days • Witty – close to 0 day • Fractured Perimeter – multiple entry points for network attacks and worms • Enterprises don’t have enoughtime to test and fully deploypatches to protect their vulnerablesystems before outbreaks • Network IPS solutions stop threats frompropagating until vulnerable systems can be patched
IMUNE architecture combines multiple detection technologies to accurately identify and block attacks Good IMUNETM BAD Symantec Network Security • One-Click-to-Prevention streamlines security administration and saves valuable time during attacks IMUNETM* Intrusion Protection • LiveUpdate delivers Symantec global threat intelligence directly into the SNS 7100 One-Click to PreventionTM LiveUpdateTM T – 3: Symantec DeepSight discovers threat T - 2: Symantec Security Response T - 1: Available via LiveUpdate T - 0: PROTECTED Symantec’s Approach to Internal Network Security * Intrusion Mitigation Unified Network Engine
IMUNE Intrusion Mitigation Unified Network Engine • Vulnerability Attack Interception (VAI) • Detect on vulnerabilities rather than an exploit • Proactive protection against worms such as zotob & esbot • Blocks all exploits that target the vulnerability • Protocol Anomaly Detection • Detects attacks at zero-day without knowledge of a known or disclosed vulnerability • Proactive protection against threats such as Code Red • Signature Detection • A detection signature is written to detect specifically the exploit compromising the system • Detection of known threats & risks such as Spyware, Adware and Bots • Traffic Monitoring • Network behavioral and use policy violation detection • Denial-of-Service Scan Detection • IDS Evasion Detection
SGS CSP SNS SCS DSTMS Ease of Deployment and Management for Immediate Security and Protection
Comprehensive Threat Management Solutions Multiple tools Point tools Comprehensive End-to-End Security Architecture Proactive Protection High Known, Unknown & Predicted Threats* Risk Exposure Known & Unknown Threats Known Threats Low Reactive Protection High Low Network Complexity 18
Brought to you by Symantec • Superior breadth of offering • Best-of-breed products • High yield solutions • Symantec-tested and supported • Significant R&D commitment • World leader in information security and availability
In Summary… Symantec proactively shields organizations against threats while ensuring information accessibility. Comprehensive Threat Management It’s Powerful It’s Efficient And, it’s Proven.