Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
•
2 likes•4,718 views
Symantec Cyber Security Solutions minimize the potential business impact of increasingly sophisticated and targeted attacks by reducing the time it takes to detect, assess and respond to security incidents.
Report
Share
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
- 1. Cyber Security Solutions Created by: Vince Hill, Sr. Principal Systems Engineer, Symantec
- 2. Cyber Security Services Offerings 2 Security Intelligence Advanced Threat Protection Managed Security Services (MSS) Incident Response Security Simulation Security Need Cyber Security Group Offering Track & Analyze Key Events & Trends Security intelligence collection, analysis and sharing through customer portals, data feeds, multi-level briefs and security intelligence services Protect Against Threats & Campaigns Comprehensive 24x7 security monitoring and log management to provide enterprise with 360 view of exposures, incidents and threats. Protect Against Targeted Attacks Advanced Threat Protection solution that enables intelligent response to advanced threats across the enterprise Respond Quickly & Effectively Advanced Incident Response & Forensics support that provide immediate access to critical capabilities, knowledge and skill sets Demonstrate Value & Security Spend Security Simulation Platform that delivers expertise, skill set development and cyber readiness through customized Live Fire Exercises 2Symantec Cyber Security Services
- 3. 3Symantec Managed Security Services Managed Security Services Monitoring & Analysis
- 4. Why Symantec 12+ years experience delivering MSS services MSS Gartner Magic Quadrant Leader for 11 years Scalable - Analyzing over 21 billion logs daily providing global threat intelligence. Escalate over 280 severe security incidents daily. Security Professionals – MSS SOC Analysts are 100% GCIA Certified (GIAC Certified Intrusion Analysts) 300 SOC Ops, 200 Intel, 500 Threat Response Global Presence and Delivery - 5 SOCs worldwide Industry Leading SLAs - 10 Minute Notification Stability - Financial Stability and Global Perspective from the world’s largest provider of security solutions Serving over 1000 Major Corporations 60% of the Global 10 and 44% of the Global 100 4Symantec Managed Security Services
- 5. IDP MANAGEMENT SERVICESMONITORING SERVICES Defining Terms 5 Fault Management: • Monitor devices for fault, performance and availability monitoring • Restore service availability • Identify and eliminate root cause of faults and outages Change Management: • Routine and Emergency changes to business critical security devices. • Performance based SLA for changes • Secure in-band & out-of-band management • Configuration backup (for quick rebuilds) Release/Lifecycle Management: • Routine Product Updates • Emergency Patches Incident Analysis: • Analyze security data to detect and respond to signs of malicious activity • Perform data aggregation, normalization, data mining and correlation • Validate, and Assess impact of Incident to Enterprise. Incident Escalation: • Escalate actionable incidents • Industry leading escalation SLA • Flexible escalation procedures to fit with Enterprise requirements Rapid Response to Outbreaks: • Update processes, technology and expertise to emerging threats and trends. • Provide early warning to client of emerging threats. Symantec Managed Security Services
- 6. Driving Actionable Results Symantec MSS • Network • Server • Endpoint • Data • Compliance Restriction • Organization • Asset Value • Vulnerability Data •Threats • Vulnerabilities • Malcode • IP/URL Reputation 6Symantec Managed Security Services
- 7. Information ProtectionPreemptive Security Alerts Threat Triggered Actions Global Scope and ScaleWorldwide Coverage 24x7 Event Logging Rapid Detection Attack Activity • 64.7 Million sensors • 190+ countries Malware Intelligence • 180M+ client, server, gateways monitored • Global coverage Vulnerabilities • 70,000 vulnerabilities • 15,000 vendors • 105,000 technologies Fraud • 5M decoy accounts • 8B+ email messages/day • 1B+ web requests/day Austin, TXMountain View, CA Culver City, CA San Francisco, CA Taipei, Taiwan Tokyo, Japan Dublin, IrelandCalgary, Alberta Chengdu, China Chennai, India Pune, India 7 Sydney, Australia Herndon, VA Reading, UK 7 Global Intelligence Network Identifies more threats, takes action faster & prevents impact Symantec Managed Security Services
- 8. Coverage • Industry leading device coverage • Covering the Edge-to-Endpoint Diversity • Heterogeneous support • All major security and non-security vendors supported Capabilities • Converge multi vendor functionality in a 1+1=3 methodology Signature-Based NIDS Monitoring NIDS Monitoring with Global Intelligence Firewall Log Association Firewall Analysis: Scan Detection Firewall Analysis: Anomaly DetectionFirewall Analysis: Backdoor Detection Host IDS/IPS Alerts Firewall Analysis: Botnet C&C Detection Firewall Analysis: IP Watchlist Detection Web Proxy Analysis Web Application Firewall Alerts OS and Application Logs Analysis Endpoint Protection Alerts 8 The Keys to Successful Security Monitoring: 360°Edge to Endpoint Visibility Symantec Managed Security Services
- 9. 9 The Keys to Successful Security Monitoring: Business Context Symantec Managed Security Services • Organizational Hierarchy • Vulnerability Data • Asset Data • Regular Customer Engagement
- 10. 10 Collection & Analysis Architecture Symantec Managed Security Services Customer Premise Symantec SOCLog Collection Agent Security Analysts Customer Portal DeepSight Global Threat Intelligence Data Warehouse Correlation
- 11. Advanced Threat Detection & Active Response 11Symantec Managed Security Services
- 12. Cyber Security Services Overview of Advanced Threat Protection TODAY Manual correlation and remediation In 2015 Automated correlation and remediation Automatically analyzes endpoints to: • determine whether malware is known & SEP has blocked; • verify whether endpoints are compromised; • Understand if / where infection has spread • Identifies the malware and blocks IP address Initiates endpoint actions (clean, block, quarantine, gather forensics, …) Network Security detects suspected Malware and alerts Symantec Advanced Threat Protection Network Security detects suspected Malware Determines whether malware is known and the Endpoint has blocked it; verifies whether endpoints are compromised; understands if / where infection has spread Initiates endpoint actions (clean, block, quarantine, gather forensics, …) Launches corrective actions Symantec Endpoint Protection ManagerSymantec Advanced Threat Protection Network Security Group Symantec Endpoint Protection Manager Endpoint Security Group 1212Symantec Managed Security Services
- 13. Advanced Threat Protection Alliance 13 Network Security NGFW + Wildfire Web MPS Network IPS + AMP Threat Emulation/Cloud Endpoint Security Version 12.1 (RU4 or above preferred) Symantec Managed Security Services
- 14. Managed Security Services: Advanced Threat Protection 14 Network Security Endpoint Security Security Intelligence Threat Experts Automated Triage Workflows Rapid Response | Operational Efficiency | Attack Visibility Integration Symantec Managed Security Services
- 15. Symantec Key Differentiators • Global Insight – Feeds all analysis – Integration with SEP – Rapid response to emerging threats • End to End Visibility – Pinpoint incident alerts – Detect more activity – Fewer false positives – Resilient monitoring strategy • Organizational Awareness – Gets the right alerts to the right people – Supports compliance reporting initiatives – Named Customer Service Manager • Scalable Service – Analyze > 21+ billion logs and alerts daily – Global Corporations including 44% of the Global 100 – Gartner MQ for 11 years • Security DNA – 100% GIAC Certification for Analysts – MSS Delivery Team >300 experts – 500+ security experts in STAR team – 12+ years delivering MSS services • Global Presence and Delivery – 5 SOCs worldwide • Industry-Leading SLA – 10 minute notification of severe security incidents 15Symantec Managed Security Services