SlideShare a Scribd company logo
GENERACION DE LA
NUBE
SEGURIDAD EN LA
RED
PARA LA
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Security Implications of the
Cloud Generation
Mobile
Cloud Applications
Web
IoT
Social
8 0 / 4 4 3
2
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Security Implications of the
Cloud Generation
Content Analysis
CASB
Web Isolation
SSL Visibility
Security Analytics
DLP
Born and breed to manage web traffic
Loves HTTP(S):// (Performance, ETM)
Terminates traffic and leverages integrated
technology services for inspection
Next
Generation
Firewall
• Not designed for web traffic inspection
• Big challenges with HTTP(S):// (Performance, ETM)
• Passive inspection architecture cannot address web-based threats
Proxy
8 0 / 4 4 3
3
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Security Customer Challenges
Rogue Cloud App Use Creating Security & Compliance Issues
Backhauling Traffic Is Costly & Slows Cloud Performance
Encrypted Traffic Blind Spots Creates Vulnerabilities
Modern Threats Overwhelming Traditional Network Defenses
4
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Tuning
TAP
Analytics
APM
Sandbox
IPS
Firewall
Proxy
8 0 / 4 4 3
Bypasses Threat Protection Infrastructure
Encrypted Traffic Creates Vulnerabilities
Half of malware campaigns in 2019 will use some type of encryption to
conceal malware delivery, command and control activity, or data exfiltration
5
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Fix SSL/TLS Encryption Vulnerability
Secure Decryption of Network Traffic
IPS APM TAP Network Tuning Security Analytics
SandboxContent Analysis
Proxy
SSL Visibility
“C & F’s” NGFWs, SWG’s, ADCs
The Security Impact
of HTTPS Interception*
Testing conducted by:
Firewall
8 0 / 4 4 3
• Securely decrypt SSL & TLS to allow complete inspection
• Scale decryption with SSL Visibility Appliance
• Set policies by category to maintain privacy
• Must maintain broad industry cipher support
6
* https://jhalderm.com/pub/papers/interception-ndss17.pdf
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Security Customer Challenges
Encrypted Traffic Blind Spots Creates Vulnerabilities
Modern Threats Overwhelming Traditional Network Defenses
7
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Impact of “Passive” and Simplistic Threat Scanning Architectures
Issue One – Ineffective Content Scanning
Overwhelms Incident
Response (IR) Queue
• Alarms after the fact – malware
is already through
• IR teams scrambling to keep up
Next Gen Firewall
8 0 / 4 4 3
Sandbox
Organizations with >500 employees,
needing advanced security and with the
ability to manage multiple platforms,
should make separate firewall, secure web
gateway and email security decisions
*https://www.gartner.com/doc/3869071
REPORT: Next-
Generation Firewall
Hype Has Become an
Obstacle for Enterprises*
Malware Gets Through
• Stream architecture delivers
documents before deep analysis
• Scans with basic AV signature engines
• Performance hit to inspect web traffic
8
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
SANDBOX
WHITELIST
BLACKLIST
AV1
AV2
ADVANCED
MACHINELEARNING
Fixes Poor Gateway Sandbox Architectures
Effective File Inspection for Threat Protection
• Extract files and inspect before delivery
• Pre-filter to improve detection and reduce
sandbox load
• Integrate sandbox (+cloud) or use 3rd party
• Orchestrate to remediate on the endpointContent
Analysis
Endpoints
SEP
Proxy
GIN
9
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Web Browsers Becoming the Ultimate Attack Surface
Issue Two – Malware Targeting Web Browsers
1,400+New browser & plug-in
vulnerabilities per year
83%Growth in active
phishing URLs
78%
of sites can be used
to deliver malware
JAVASCRIPT CSS SVG
HTML IMAGES PLUG-INS
ADD-ONS FONTS SOCIAL
Browser vulnerabilities exploited by malware delivered
to endpoints via web page rendering resources
10Statistic Sources: Symantec ISTR, Verizon DBIR
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
100% SAFE
RENDERING
INFORMATION
Isolate the Web to Stop Threats
• Isolate uncategorized/risky sites
• Secure web browsing of privileged users
• Embedded Email URLs (phishing)
Secure Disposable Container
DOWNLOAD EXECUTE RENDER
1001010010
1011010011
0010101
101010011010
01
11
10
https://www.gartner.com/document/3463618
Evaluate and pilot a remote browser solution…as one of the
most significant ways an enterprise can reduce the ability of
web-based attacks on users to cause damage.”
Web IsolationProxy
11
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Security Customer Challenges
Rogue Cloud App Use Creating Security & Compliance Issues
Encrypted Traffic Blind Spots Creates Vulnerabilities
Modern Threats Overwhelming Traditional Network Defenses
12
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Shadow IT and Changing Cloud Usage Models Create Risk
Cloud Use – Data Security & Compliance
Proliferation of Cloud Apps
Variety of Locations
Shadow Data Problem
Loss of Sensitive Data
*2018 Shadow Data Report
Loss of
Sensitive Data
Regional OfficeHeadquarters Mobile Users
• Identify and Control
Shadow IT
• Enforce DLP Policy
Requirements
13%of Cloud Docs are
Broadly Shared*
13
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
DLP
AUDIT – APPFEED
GIN
• Risk attribute data
• Enforce application access policy controls by application, user, group, etc.
• In-Line DLP enforcement on all cloud and web application traffic
• Extend controls with a CASB solution
CASB
App Rating
Database
Analytics
Proxy
Control Shadow IT – User Behavior - Enforce DLP Policy
CLOUD ACCESS SECURITY BROKER
Offices Roaming Users
Access
Control
14
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Network Security Customer Challenges
Backhauling Traffic Is Costly & Slows Cloud Performance
Rogue Cloud App Use Creating Security & Compliance Issues
Encrypted Traffic Blind Spots Creates Vulnerabilities
Modern Threats Overwhelming Traditional Network Defenses
15
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Traditional Backhaul Model Becoming Costly and Slow
Need For Direct-To-Net Advanced Security
Cloud App Growth &
Mobile/Remote
Workforce
Users Want To Get
Direct-To-Net
Traffic Needs To Be
Secured
But Backhauling Is
Expensive and Slow
Secure, Direct Access
to Web & Cloud
Web Security as a Service
16
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Accelerated
Cloud Backbone
Telco POP
Backbone
Automate Policy &
Content Acceleration
Elastic Cloud
SVC Structure
Content Peering &
Connection Scaling
3rd Party
Monitoring
Proxy At Core
Threat Prevention and
Information Security
Cloud Controls (CASB)
High-performance
Global Backbone
Web Security as a Service
Proxy
Terminate ♦ Decrypt
♦ Inspect Before Delivery
♦ Orchestrate
SDN
Connect
IPSec
VPN
Firewall
Advanced Network Security Stack in the Cloud
Network Security for the Cloud Generation
Performance Optimization
for O365, AWS, etc.
Web Isolation
Malware Analysis
& Sandbox
DLP Inspection
& Enforcement
CASB Cloud
Controls
17
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Encrypted Traffic
Solving the Network Security Challenges of the Cloud Generation
Symantec Network Security
Modern Threats Cloud Security Cloud Delivered
18
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
NETWORK
PROTECTION
Sebastian Brenner
Sebastian_brenner@symantec.com
Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec is defining the Proxy as a
termination point by…
• Delivering a POWERFUL CLOUD SECURITY SERVICE that
leverages the termination strength of a proxy to protect
users, remote offices and devices no matter where they
are in the world.
• Innovating ADVANCED PROTECTION INCLUDING
BROWSER ISOLATION services which ensure users are
protected from the most sophisticated web and email
attacks on Earth.
• Ensuring STRENGTH IN MANAGING ENCRYPTED
TRAFFIC to enable a proper balance of security and
privacy when inspecting content.
As cloud applications drive changes in how users interact in
a networked world, we deliver strong security, simplicity of
operation, and flexible deployment choices as part of our
INTEGRATED CYBER DEFENSE PLATFORM.
Defining the Proxy
20

More Related Content

Segurdad de red para la generacion de la nube symantec

  • 2. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Security Implications of the Cloud Generation Mobile Cloud Applications Web IoT Social 8 0 / 4 4 3 2
  • 3. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Security Implications of the Cloud Generation Content Analysis CASB Web Isolation SSL Visibility Security Analytics DLP Born and breed to manage web traffic Loves HTTP(S):// (Performance, ETM) Terminates traffic and leverages integrated technology services for inspection Next Generation Firewall • Not designed for web traffic inspection • Big challenges with HTTP(S):// (Performance, ETM) • Passive inspection architecture cannot address web-based threats Proxy 8 0 / 4 4 3 3
  • 4. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Security Customer Challenges Rogue Cloud App Use Creating Security & Compliance Issues Backhauling Traffic Is Costly & Slows Cloud Performance Encrypted Traffic Blind Spots Creates Vulnerabilities Modern Threats Overwhelming Traditional Network Defenses 4
  • 5. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Tuning TAP Analytics APM Sandbox IPS Firewall Proxy 8 0 / 4 4 3 Bypasses Threat Protection Infrastructure Encrypted Traffic Creates Vulnerabilities Half of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command and control activity, or data exfiltration 5
  • 6. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Fix SSL/TLS Encryption Vulnerability Secure Decryption of Network Traffic IPS APM TAP Network Tuning Security Analytics SandboxContent Analysis Proxy SSL Visibility “C & F’s” NGFWs, SWG’s, ADCs The Security Impact of HTTPS Interception* Testing conducted by: Firewall 8 0 / 4 4 3 • Securely decrypt SSL & TLS to allow complete inspection • Scale decryption with SSL Visibility Appliance • Set policies by category to maintain privacy • Must maintain broad industry cipher support 6 * https://jhalderm.com/pub/papers/interception-ndss17.pdf
  • 7. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Security Customer Challenges Encrypted Traffic Blind Spots Creates Vulnerabilities Modern Threats Overwhelming Traditional Network Defenses 7
  • 8. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Impact of “Passive” and Simplistic Threat Scanning Architectures Issue One – Ineffective Content Scanning Overwhelms Incident Response (IR) Queue • Alarms after the fact – malware is already through • IR teams scrambling to keep up Next Gen Firewall 8 0 / 4 4 3 Sandbox Organizations with >500 employees, needing advanced security and with the ability to manage multiple platforms, should make separate firewall, secure web gateway and email security decisions *https://www.gartner.com/doc/3869071 REPORT: Next- Generation Firewall Hype Has Become an Obstacle for Enterprises* Malware Gets Through • Stream architecture delivers documents before deep analysis • Scans with basic AV signature engines • Performance hit to inspect web traffic 8
  • 9. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY SANDBOX WHITELIST BLACKLIST AV1 AV2 ADVANCED MACHINELEARNING Fixes Poor Gateway Sandbox Architectures Effective File Inspection for Threat Protection • Extract files and inspect before delivery • Pre-filter to improve detection and reduce sandbox load • Integrate sandbox (+cloud) or use 3rd party • Orchestrate to remediate on the endpointContent Analysis Endpoints SEP Proxy GIN 9
  • 10. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Web Browsers Becoming the Ultimate Attack Surface Issue Two – Malware Targeting Web Browsers 1,400+New browser & plug-in vulnerabilities per year 83%Growth in active phishing URLs 78% of sites can be used to deliver malware JAVASCRIPT CSS SVG HTML IMAGES PLUG-INS ADD-ONS FONTS SOCIAL Browser vulnerabilities exploited by malware delivered to endpoints via web page rendering resources 10Statistic Sources: Symantec ISTR, Verizon DBIR
  • 11. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 100% SAFE RENDERING INFORMATION Isolate the Web to Stop Threats • Isolate uncategorized/risky sites • Secure web browsing of privileged users • Embedded Email URLs (phishing) Secure Disposable Container DOWNLOAD EXECUTE RENDER 1001010010 1011010011 0010101 101010011010 01 11 10 https://www.gartner.com/document/3463618 Evaluate and pilot a remote browser solution…as one of the most significant ways an enterprise can reduce the ability of web-based attacks on users to cause damage.” Web IsolationProxy 11
  • 12. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Security Customer Challenges Rogue Cloud App Use Creating Security & Compliance Issues Encrypted Traffic Blind Spots Creates Vulnerabilities Modern Threats Overwhelming Traditional Network Defenses 12
  • 13. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Shadow IT and Changing Cloud Usage Models Create Risk Cloud Use – Data Security & Compliance Proliferation of Cloud Apps Variety of Locations Shadow Data Problem Loss of Sensitive Data *2018 Shadow Data Report Loss of Sensitive Data Regional OfficeHeadquarters Mobile Users • Identify and Control Shadow IT • Enforce DLP Policy Requirements 13%of Cloud Docs are Broadly Shared* 13
  • 14. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY DLP AUDIT – APPFEED GIN • Risk attribute data • Enforce application access policy controls by application, user, group, etc. • In-Line DLP enforcement on all cloud and web application traffic • Extend controls with a CASB solution CASB App Rating Database Analytics Proxy Control Shadow IT – User Behavior - Enforce DLP Policy CLOUD ACCESS SECURITY BROKER Offices Roaming Users Access Control 14
  • 15. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Network Security Customer Challenges Backhauling Traffic Is Costly & Slows Cloud Performance Rogue Cloud App Use Creating Security & Compliance Issues Encrypted Traffic Blind Spots Creates Vulnerabilities Modern Threats Overwhelming Traditional Network Defenses 15
  • 16. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Traditional Backhaul Model Becoming Costly and Slow Need For Direct-To-Net Advanced Security Cloud App Growth & Mobile/Remote Workforce Users Want To Get Direct-To-Net Traffic Needs To Be Secured But Backhauling Is Expensive and Slow Secure, Direct Access to Web & Cloud Web Security as a Service 16
  • 17. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Accelerated Cloud Backbone Telco POP Backbone Automate Policy & Content Acceleration Elastic Cloud SVC Structure Content Peering & Connection Scaling 3rd Party Monitoring Proxy At Core Threat Prevention and Information Security Cloud Controls (CASB) High-performance Global Backbone Web Security as a Service Proxy Terminate ♦ Decrypt ♦ Inspect Before Delivery ♦ Orchestrate SDN Connect IPSec VPN Firewall Advanced Network Security Stack in the Cloud Network Security for the Cloud Generation Performance Optimization for O365, AWS, etc. Web Isolation Malware Analysis & Sandbox DLP Inspection & Enforcement CASB Cloud Controls 17
  • 18. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Encrypted Traffic Solving the Network Security Challenges of the Cloud Generation Symantec Network Security Modern Threats Cloud Security Cloud Delivered 18
  • 19. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY NETWORK PROTECTION Sebastian Brenner Sebastian_brenner@symantec.com
  • 20. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY Symantec is defining the Proxy as a termination point by… • Delivering a POWERFUL CLOUD SECURITY SERVICE that leverages the termination strength of a proxy to protect users, remote offices and devices no matter where they are in the world. • Innovating ADVANCED PROTECTION INCLUDING BROWSER ISOLATION services which ensure users are protected from the most sophisticated web and email attacks on Earth. • Ensuring STRENGTH IN MANAGING ENCRYPTED TRAFFIC to enable a proper balance of security and privacy when inspecting content. As cloud applications drive changes in how users interact in a networked world, we deliver strong security, simplicity of operation, and flexible deployment choices as part of our INTEGRATED CYBER DEFENSE PLATFORM. Defining the Proxy 20

Editor's Notes

  1. The world has moved to HTTPS – the language of web is now the language of cloud, mobile, video, social media And so HTTP is also the language of malware delivery, hackers, cybercriminals. Separating the good from the bad is very complex, but it is what will determine if your customers win or loose as they combat cyber-threats Cyber security professionals are at a crossroads. The game has changed, and the bad guys are getting more aggressive and inflicting more and more damage on corporate assets—and reputations—worldwide. Ransomware is through the roof, zero-day exploits are exploding, threats are hiding in encrypted traffic and email is riddled with malware. There is no perimeter anymore. Data, devices and employees are mobilized and traffic is increasingly going to the internet and cloud applications. So, the question now is, how do you protect a castle—by which we mean your enterprise—when the walls are tumbling down? In this presentation we'll discuss: - Why you should embrace cloud-based network security - The tools you need to provide protection against a variety of attacks - Why a proxy belongs at the center of your cloud service - Cloud migration strategies - Integrations that orchestrate defenses across control points and attack vectors
  2. We start out with a critical one – encrypted traffic. Latest stats are something like 80% of inbound traffic is encrypted and as much as 25% or outbound is as well. If your tools are blind to encrypted traffic you are in trouble We are then going to talk about today’s world of increasingly sophisticated threats on the web. Some attack you through content downloads, others get you through the simple act of visiting a malicious site. Both equally crippling. We have all heard about Shadow IT. But it’s more than just an annoyance of employees going around processes to get the cloud apps they want to use – it’s a real security and compliance issue. Controlling cloud app access and use is a top need in the network world. Finally, maintaining the right toolset to combat sophisticated threats and manage strict compliance Regs can be complicated and costly. Part of the cost is the tools, but part of it is moving traffic around your dispersed network with remote offices and mobile users in order to secure it. Your customers need a way to simplify the use and deployment of best-in-class security, and a way to boost their user’s cloud app performance while they are at it.
  3. Symantec’s Network Security portfolio is uniquely capable of solving these key challenge areas your customer’s are facing Encrypted Traffic – inspecting it at scale with an “A” rated secure approach Modern Threats – we have both covered Content downloads with Proxy feeding Content Analysis - architecture allows for highly accurate detection and blocking of threat before it gets through Web browsing threats with Proxy enforcing Web Isolation policies – any malicious code executing on the website gets isolated and cannot get to endpoint Cloud Security with CASB identifying Shadow IT and Proxy policies then controlling it. And the Proxy working together with DLP and CASB to enforce data security policies or web and cloud traffic Lastly – this is all available in the Symantec Global Cloud…the Industry’s most advanced cloud-delivered network security stack. Gets rid of the backhaul issue that is a pain to a lot of your customers, but also makes it simple to deploy best-in-class security