Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
- 1. Office 365 Seguro? Sym, Cloud!
Luis Souza Lucas Romaris André de Oliveira
Channel SE Systems Engineer Advanced Support
- 2. Acerca de Nuestros Presentadores
Copyright © 2015 Symantec Corporation
LUIS SOUZA
Engenheiro de Pré-vendas, trabalha há 8 anos na Symantec e já atuou em
clientes de Large Enterprise do segmento Financeiro. Hoje é responsável pela
área técnica da área de Canais focado em Segurança da Informação.
ANDRÉ DE OLIVEIRA
Profissional com mais de 15 anos de experiência em Tecnologia da Informação e
há 8 anos trabalhando com Segurança para Endpoint e Messaging na Symantec.
Formado no Mackenzie em Ciências da Computação e Pós Graduado no IPT/USP
em Gestão de Projetos. Atualmente trabalha com foco em suporte avançado a
clientes BCS.
LUCAS ROMARIS
Formado em análise e desenvolvimento de sistemas, trabalha há 6 anos na
Symantec, atuando nas áreas de pré-vendas e consultoria. Atualmente exerce
a função de engenheiro de sistemas com foco em Compliance, Análise de
Vulnerabilidades, e Prevenção contra perda de dados confidenciais.
- 3. Agenda
Copyright © 2014 Symantec Corporation
3
1 Estratégia de Segurança da Symantec
2 VIP & SAM for Office 365
3 DLP for Office 365
4 Email Security.cloud
5 Q&A
- 4. Segurança Corporativa| Estratégia de Produtos e Serviços
4
Threat Protection
ENDPOINTS DATA CENTER GATEWAYS
• Advanced Threat Protection através de todos os pontos de controle
• Forense e Remediação embutida em cada ponto de controle
• Proteção integrada para Workloads: On-Premise, Virtual e Cloud
• Gestão baseada em nuvem para Endpoints, Datacenter e Gateways
Unified Security Analytics Platform
Coleta de Logs
e Telemetria
Gestão Unificadas
de Incidentes e
Customer Hub
Integrações com
Terceitos e Inteligência
Benchmarking
Regional e por
Segmento
Análise Integrada
de Comportamento
e Ameaças
Information Protection
DADOS IDENTIDADES
• Proteção integrada para Dados e Identidades
• Cloud Security Broker para Apps Móveis e em Nuvem
• Análise de comportamento dos usuários
• Gestão de Chaves e Criptografia em Nuvem
Users
Data
Apps
Cloud
Endpoints
Gateways
Data
Center
Cyber Security Services
Monitoramento, Resposta a Incidentes, Simulação, Inteligência conta Ameaças e Adversários
Copyright © 2015 Symantec Corporation
- 5. UNRIVALED SECURITY WITH UNIQUE VISIBLITY
175M
endpoints
57M attack sensors in 157
countries
182M web attacks blocked last
year
3.7T
rows of telemetry
30% of world’s enterprise email traffic
scanned/day
9
threat response centers
5
Symantec has Unique Visibility into Today’s Threat Landscape
Symantec Endpoint Protection 12.1
- 7. O365 tem a segurança necessária para os ataques de hoje?
7
https://www.cogmotive.com/blog/office-365-tips/vulnerability-in-office-365-allows-unauthorised-administrator-access
http://www.tripwire.com/state-of-security/latest-security-news/office-365-vulnerability-allowed-unauthorized-administrator-access/
- 9. Pontos de atenção para O365
Pare de ignorar a
necessidade de SSO e
autenticação com
duplo fator
Diminuir ao máximo
vazamento de
informação buscando
novas formas de
identificação.
APT – Ataques
direcionados estão
entre as formas mais
efetivas de ataque
usando as 3 camadas
“Email, network e
Endpoints”
Email é o #1 “Porta”de
ataques direcionados.
5 de 6 empresas
grandes (83%) foram
alvo de campanhas de
spear phishing no
ultimo ano.
9
- 10. Cloud Security for Office 365
Copyright © 2015 Symantec Corporation 10
User AuthenticationData
Protection
Threat
Protection
Admins and UsersSensitive DataEmail
- 11. Cloud Security for Office 365 – Symantec
Copyright © 2015 Symantec Corporation 11
SAM VIP
External Mail
Strong Authentication with Single Sign On
Threat Protection, Encryption, Data Protection
Admins and Users
- 12. Cloud Security for Office 365 – Symantec ( VIP + SAM)
Copyright © 2015 Symantec Corporation 12
SAM VIP
Strong Authentication with Single Sign On
Admins and Users
- 14. A New Cloud Protection Platform
15
Identity-based Access
Control
Single Sign-on with Strong
Authentication
Public and private cloud
applications
User Directory
- 15. Symantec Identity Access Manager
16
User Management
• Embedded virtual user directory
• Self-Service registration, profile management, password reset
• Use credential at SSO Portal to access Web applications
Access Management
• Policies based on user’s identity and session context
• VIP, RSA and User certificate integration
• Rich access audit logs
Single Sign On with Strong Authentication
• SSO to any web application
• Federation: SAML and HTTP-Fed
• Plug-in for internal applications and consumer sites
• Extensive built-in app catalog
- 16. How SAM Works
17
SAM
Gateway
IDP, IWA, mPKI
Any User Store
LDAP RDBMS
Layered Protection
2F Authentication
(VIP, mPKI, RSA)
Admin Console
Compliance
Identity & Context based
access control
1
6
54
3
2
- 17. Flexible Deployments – SAM Architecture
18
Hosted Service On Premise Solution
Mobile User
Consumer Portal,
Business Partner
Extranet
Corporate Network
User
Enterprise
SAM Gateway
Mobile User
Consumer Portal,
Business Partner
Extranet
Corporate Network User
Enterprise
SAM Gateway
1
2
1
2
SAM ID Bridge
- 20. CLOUD SECURITY PUTS A GREATER EMPHASIS ON IDENTITY
CLOUD AND MOBILE HAVE CHANGED THE SECURITY PARADYME
Copyright © 2015 Symantec Corporation
21
• Corporate Data (Box)
• Employee Data (Workday)
• Customer Data (Salesforce)
IDENTITYFor cloud apps the first layer of
protection – sometimes the only
layer is the PASSWORD
- 21. A PASSWORD IS NOT AN EFFECTIVE WAY TO SECURE IDENTITY
• 77% of passwords are in a 1000 word dictionary
• Contextual risk: In network vs unmanaged device on public network
• Risky password tricks – like password reuse (26 password protected accounts and 5 passwords)
Passwords are
Vulnerable
• Password resets #1 support call - 30% of calls are password related
• $70 estimated average to reset password - Billions of dollars annually
• 62% of organizations see SaaS apps as a better way to support their mobile/remote workers =
more passwords and a growing cost
Passwords are Costly
• Credential entry is a huge challenge with mobile devices
• Failed logins and account lockouts are common occurrences
Passwords are Complex
Copyright © 2015 Symantec Corporation
22
- 22. Trusted Access and
Authentication only
from Symantec
CONTROL, CONVENIENCE, CONFIDENCE WITH VIP EVERYWHERE
FOR THE ENTERPRISE AND THE CLOUD
Copyright © 2015 Symantec Corporation 23
Enterprise
Gateway (on-
premise apps)
Symantec
Access
Manager
(web apps)
- 23. WE SIMPLIFY ACCESS TO CLOUD APPLICATIONS
IDENTITY ACCESS MANAGER, VIP PUSH, ONE PASSWORD
Copyright © 2015 Symantec Corporation
24
• First layer of security: Single sign-on
portal to all cloud-based apps
provides access anytime, anywhere
WITH ONE PASSWORD
VIP Access Push adds another layer
of security – one tap, no 6-digit
code.
Identity and context-based policies
authorize access to only the apps a
user needs to do his/her job.
- 25. 26
Cloud Security + DLP for Office 365 Architecture
DLP Cloud Prevent
DLP Enforce
External Mail
Strong Authentication with Single Sign On
Threat Protection and Encryption
Protect Confidential Data
Inbound
Admins and Users
SAM VIP
- 26. Symantec Data Loss Prevention Customer Presentation
27
You don’t own the app
You don’t own the infrastructure
You can’s say “no”
Cloud
Your security slows me down
I expect an insanely great user
experience
Mobile
You don’t own the device
You can’t lock my device down
I will use the device and app I want
BYOD
Cloud & Mobile
Create new information protection risks
and challenges
- 27. Company Information
Intellectual Property
HR Records
Internal Auditing
M&A and Strategy
Customer Information
Credit Card Info
Medical Records
SSNs and Government IDs
Financials
Protects
Your most important, high-value data
- 28. Copyright © 2015 Symantec Corporation
29
Protect Data
In the cloud
Symantec DLP
FOR CLOUD STORAGE
Symantec DLP Cloud Service
FOR EMAIL
Symantec DLP Cloud Prevent
FOR MICROSOFT OFFICE 365
- 29. Single, convenient cloud-based
email protection solution
Stop malware, spam and
malicious links
Protect against data breaches
Combines industry-leading email
security and DLP
30
Protect cloud data
In Office 365 and Gmail
- 32. Cloud Security + Email Security.cloud + ATP for Office 365 Architecture
Copyright © 2015 Symantec Corporation 33
SAM VIP
External Mail
Strong Authentication with Single Sign On
Threat Protection, Encryption, Data Protection
SEPMATPSymantec GIN
Advanced Persistent Threat Detection
Admins and Users
- 35. Análise Avançada de Mensagens Skeptic
Detects anomalies
Intelligence gathered through
detailed code analysis
Attack intelligence processed
and shared in real-time to
protect all Symantec customers
- 36. Análise dos Links em Tempo Real
Intelligent real-time link
following
Analyzes content in real-
time
Stops emails with bad links
from being delivered
No detectable delivery
latency
- 40. Performance & SLA`s
Target
Actual Performance
Antispam
Effectiveness
Antispam
Accuracy
Antivirus
Accuracy
Email Service
Availability
Over 99%
No more than
.0003%
No more than
.0001%
100% 100% 100% 100% 100% 100% 100%
November
2014
December
2014
January
2015
February
2015
March
2015
April
2015
99.999974% 99.999982% 99.999981% 99.999980% 99.999975% 99.999979%
0.000010% 0.000008% 0.000009% 0.000011% 0.000015% 0.000015%
0.000002% 0.000002% 0.000002% 0.000002% 0.000001% 0.000001%
- 41. Office 365 Inbound Email Flow
Copyright © 2015 Symantec Corporation
42
Connection Manager
Spam Blocklist
Spoofed Sender Detection
Malware Scanning
Skeptic™ AS & AV
ATP Synapse™
Office 365
- 42. Office 365 Outbound Email Flow
Copyright © 2015 Symantec Corporation
43
Office 365 Exchange
Data Protection
Threat Protection
Encryption
- 44. Próximo Webinar
Copyright © 2014 Symantec Corporation
45
Eliminando os
Passwords
Para mais informação
@SymantecBR
https://www.facebook.com/SymantecBrasil
SymantecMarketing_BR@symantec.com
- 45. Thank you!
Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by
law. The information in this document is subject to change without notice.
Obrigado!