Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
- 2. Cyber Security Services
Offerings
2
Security
Intelligence
Advanced Threat
Protection
Managed Security
Services (MSS)
Incident
Response
Security
Simulation
Security Need Cyber Security Group Offering
Track & Analyze Key Events & Trends
Security intelligence collection,
analysis and sharing through customer
portals, data feeds, multi-level briefs
and security intelligence services
Protect Against Threats & Campaigns
Comprehensive 24x7 security
monitoring and log management to
provide enterprise with 360 view of
exposures, incidents and threats.
Protect Against Targeted Attacks
Advanced Threat Protection solution
that enables intelligent response to
advanced threats across the
enterprise
Respond Quickly & Effectively
Advanced Incident Response &
Forensics support that provide
immediate access to critical
capabilities, knowledge and skill sets
Demonstrate Value & Security Spend
Security Simulation Platform that
delivers expertise, skill set
development and cyber readiness
through customized Live Fire Exercises
2Symantec Cyber Security Services
- 4. Why Symantec
12+ years experience delivering MSS services
MSS Gartner Magic Quadrant Leader for 11 years
Scalable - Analyzing over 21 billion logs daily providing
global threat intelligence. Escalate over 280 severe
security incidents daily.
Security Professionals – MSS SOC Analysts are 100%
GCIA Certified (GIAC Certified Intrusion Analysts)
300 SOC Ops, 200 Intel, 500 Threat Response
Global Presence and Delivery - 5 SOCs worldwide
Industry Leading SLAs - 10 Minute Notification
Stability - Financial Stability and Global Perspective from
the world’s largest provider of security solutions
Serving over 1000 Major Corporations
60% of the Global 10 and 44% of the Global 100
4Symantec Managed Security Services
- 5. IDP MANAGEMENT SERVICESMONITORING SERVICES
Defining Terms
5
Fault Management:
• Monitor devices for fault, performance
and availability monitoring
• Restore service availability
• Identify and eliminate root cause of faults
and outages
Change Management:
• Routine and Emergency changes to
business critical security devices.
• Performance based SLA for changes
• Secure in-band & out-of-band
management
• Configuration backup (for quick rebuilds)
Release/Lifecycle Management:
• Routine Product Updates
• Emergency Patches
Incident Analysis:
• Analyze security data to detect and respond to
signs of malicious activity
• Perform data aggregation, normalization, data
mining and correlation
• Validate, and Assess impact of Incident to
Enterprise.
Incident Escalation:
• Escalate actionable incidents
• Industry leading escalation SLA
• Flexible escalation procedures to fit with
Enterprise requirements
Rapid Response to Outbreaks:
• Update processes, technology and expertise
to emerging threats and trends.
• Provide early warning to client of emerging
threats.
Symantec Managed Security Services
- 6. Driving Actionable Results
Symantec MSS
• Network
• Server
• Endpoint
• Data
• Compliance
Restriction
• Organization
• Asset Value
• Vulnerability
Data
•Threats
• Vulnerabilities
• Malcode
• IP/URL
Reputation
6Symantec Managed Security Services
- 7. Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity
• 64.7 Million sensors
• 190+ countries
Malware Intelligence
• 180M+ client, server,
gateways monitored
• Global coverage
Vulnerabilities
• 70,000 vulnerabilities
• 15,000 vendors
• 105,000 technologies
Fraud
• 5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Austin, TXMountain View, CA
Culver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
7
Sydney,
Australia
Herndon, VA
Reading, UK
7
Global Intelligence Network
Identifies more threats, takes action faster & prevents impact
Symantec Managed Security Services
- 8. Coverage
• Industry leading device coverage
• Covering the Edge-to-Endpoint
Diversity
• Heterogeneous support
• All major security and non-security
vendors supported
Capabilities
• Converge multi vendor functionality
in a 1+1=3 methodology
Signature-Based NIDS Monitoring
NIDS
Monitoring
with Global
Intelligence
Firewall Log
Association
Firewall Analysis:
Scan Detection
Firewall Analysis: Anomaly DetectionFirewall Analysis: Backdoor Detection
Host IDS/IPS Alerts
Firewall Analysis:
Botnet C&C Detection
Firewall Analysis:
IP Watchlist Detection
Web Proxy
Analysis
Web
Application
Firewall Alerts
OS and Application
Logs Analysis
Endpoint Protection Alerts
8
The Keys to Successful Security Monitoring:
360°Edge to Endpoint Visibility
Symantec Managed Security Services
- 9. 9
The Keys to Successful Security Monitoring:
Business Context
Symantec Managed Security Services
• Organizational Hierarchy
• Vulnerability Data
• Asset Data
• Regular Customer Engagement
- 10. 10
Collection & Analysis Architecture
Symantec Managed Security Services
Customer
Premise
Symantec
SOCLog
Collection
Agent
Security
Analysts
Customer
Portal
DeepSight Global
Threat Intelligence
Data
Warehouse
Correlation
- 12. Cyber Security Services
Overview of Advanced Threat Protection
TODAY Manual correlation and remediation
In 2015 Automated correlation and remediation
Automatically analyzes endpoints to:
• determine whether malware is known & SEP has blocked;
• verify whether endpoints are compromised;
• Understand if / where infection has spread
• Identifies the malware and blocks IP address
Initiates endpoint actions
(clean, block, quarantine,
gather forensics, …)
Network Security detects
suspected Malware and alerts
Symantec Advanced Threat
Protection
Network Security detects
suspected Malware
Determines whether malware is
known and the Endpoint has blocked
it; verifies whether endpoints are
compromised; understands if /
where infection has spread
Initiates endpoint actions
(clean, block, quarantine,
gather forensics, …)
Launches corrective actions
Symantec Endpoint
Protection ManagerSymantec Advanced Threat Protection
Network Security Group Symantec Endpoint
Protection Manager
Endpoint Security Group
1212Symantec Managed Security Services
- 13. Advanced Threat Protection Alliance
13
Network Security
NGFW + Wildfire
Web MPS
Network IPS + AMP
Threat Emulation/Cloud
Endpoint Security
Version 12.1 (RU4 or above
preferred)
Symantec Managed Security Services
- 14. Managed Security Services: Advanced Threat Protection
14
Network
Security
Endpoint
Security
Security
Intelligence
Threat
Experts
Automated Triage Workflows
Rapid Response | Operational Efficiency | Attack Visibility
Integration
Symantec Managed Security Services
- 15. Symantec Key Differentiators
• Global Insight
– Feeds all analysis
– Integration with SEP
– Rapid response to emerging threats
• End to End Visibility
– Pinpoint incident alerts
– Detect more activity
– Fewer false positives
– Resilient monitoring strategy
• Organizational Awareness
– Gets the right alerts to the right people
– Supports compliance reporting initiatives
– Named Customer Service Manager
• Scalable Service
– Analyze > 21+ billion logs and alerts daily
– Global Corporations including 44% of the Global 100
– Gartner MQ for 11 years
• Security DNA
– 100% GIAC Certification for Analysts
– MSS Delivery Team >300 experts
– 500+ security experts in STAR team
– 12+ years delivering MSS services
• Global Presence and Delivery
– 5 SOCs worldwide
• Industry-Leading SLA
– 10 minute notification of severe security incidents
15Symantec Managed Security Services