Upload
infolock-technologies
View
1.158
Download
7
Tags:
Embed Size (px)
Citation preview
Cyber Security Solutions
Created by:Vince Hill, Sr. Principal Systems Engineer, Symantec
Cyber Security Services Offerings
2
Security Intelligence
Advanced Threat Protection
Managed Security Services (MSS)
Incident Response
Security Simulation
Security Need Cyber Security Group Offering
Track & Analyze Key Events & Trends
Security intelligence collection, analysis and sharing through customer portals, data feeds, multi-level briefs and security intelligence services
Protect Against Threats & Campaigns
Comprehensive 24x7 security monitoring and log management to provide enterprise with 360 view of exposures, incidents and threats.
Protect Against Targeted Attacks
Advanced Threat Protection solution that enables intelligent response to advanced threats across the enterprise
Respond Quickly & Effectively
Advanced Incident Response & Forensics support that provide immediate access to critical capabilities, knowledge and skill sets
Demonstrate Value & Security Spend
Security Simulation Platform that delivers expertise, skill set development and cyber readiness through customized Live Fire Exercises
2 Symantec Cyber Security Services
Why Symantec
12+ years experience delivering MSS services
MSS Gartner Magic Quadrant Leader for 11 years
Scalable - Analyzing over 21 billion logs daily providing
global threat intelligence. Escalate over 280 severe
security incidents daily.
Security Professionals – MSS SOC Analysts are 100%
GCIA Certified (GIAC Certified Intrusion Analysts)
300 SOC Ops, 200 Intel, 500 Threat Response
Global Presence and Delivery - 5 SOCs worldwide
Industry Leading SLAs - 10 Minute Notification
Stability - Financial Stability and Global Perspective from
the world’s largest provider of security solutions
Serving over 1000 Major Corporations
60% of the Global 10 and 44% of the Global 100
4 Symantec Managed Security Services
IDP MANAGEMENT SERVICES MONITORING SERVICES
Defining Terms
5
Fault Management: • Monitor devices for fault, performance
and availability monitoring • Restore service availability • Identify and eliminate root cause of faults
and outages
Change Management: • Routine and Emergency changes to
business critical security devices. • Performance based SLA for changes • Secure in-band & out-of-band
management • Configuration backup (for quick rebuilds)
Release/Lifecycle Management: • Routine Product Updates • Emergency Patches
Incident Analysis: • Analyze security data to detect and respond to
signs of malicious activity • Perform data aggregation, normalization, data
mining and correlation • Validate, and Assess impact of Incident to
Enterprise.
Incident Escalation: • Escalate actionable incidents • Industry leading escalation SLA • Flexible escalation procedures to fit with
Enterprise requirements
Rapid Response to Outbreaks: • Update processes, technology and expertise
to emerging threats and trends. • Provide early warning to client of emerging
threats.
Symantec Managed Security Services
Driving Actionable Results
Symantec MSS
• Network
• Server
• Endpoint
• Data
• Compliance
Restriction
• Organization
• Asset Value
• Vulnerability
Data
•Threats
• Vulnerabilities
• Malcode
• IP/URL
Reputation
6 Symantec Managed Security Services
Information Protection Preemptive Security Alerts Threat Triggered Actions
Global Scope and Scale Worldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity • 64.7 Million sensors
• 190+ countries
Malware Intelligence • 180M+ client, server,
gateways monitored
• Global coverage
Vulnerabilities • 70,000 vulnerabilities
• 15,000 vendors
• 105,000 technologies
Fraud • 5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Austin, TX Mountain View, CA
Culver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, Ireland Calgary, Alberta
Chengdu, China
Chennai, India
Pune, India
7
Sydney,
Australia
Herndon, VA
Reading, UK
7
Global Intelligence Network Identifies more threats, takes action faster & prevents impact
Symantec Managed Security Services
Coverage
• Industry leading device coverage
• Covering the Edge-to-Endpoint
Diversity
• Heterogeneous support
• All major security and non-security vendors supported
Capabilities
• Converge multi vendor functionality in a 1+1=3 methodology
Signature-Based NIDS Monitoring
NIDS
Monitoring
with Global
Intelligence
Firewall Log
Association
Firewall Analysis:
Scan Detection
Firewall Analysis: Anomaly Detection Firewall Analysis: Backdoor Detection
Host IDS/IPS Alerts
Firewall Analysis:
Botnet C&C Detection
Firewall Analysis:
IP Watchlist Detection
Web Proxy
Analysis
Web
Application
Firewall Alerts
OS and Application
Logs Analysis
Endpoint Protection Alerts
8
The Keys to Successful Security Monitoring: 360°Edge to Endpoint Visibility
Symantec Managed Security Services
9
The Keys to Successful Security Monitoring: Business Context
Symantec Managed Security Services
• Organizational Hierarchy
• Vulnerability Data
• Asset Data
• Regular Customer Engagement
10
Collection & Analysis Architecture
Symantec Managed Security Services
Customer Premise
Symantec SOC Log
Collection Agent
Security Analysts
Customer Portal
DeepSight Global Threat Intelligence
Data Warehouse
Correlation
Cyber Security Services Overview of Advanced Threat Protection
TODAY Manual correlation and remediation
In 2015 Automated correlation and remediation
Automatically analyzes endpoints to: • determine whether malware is known & SEP has blocked; • verify whether endpoints are compromised; • Understand if / where infection has spread • Identifies the malware and blocks IP address
Initiates endpoint actions (clean, block, quarantine, gather forensics, …)
Network Security detects suspected Malware and alerts Symantec Advanced Threat Protection
Network Security detects suspected Malware
Determines whether malware is known and the Endpoint has blocked it; verifies whether endpoints are compromised; understands if / where infection has spread
Initiates endpoint actions (clean, block, quarantine, gather forensics, …)
Launches corrective actions
Symantec Endpoint Protection Manager Symantec Advanced Threat Protection
Network Security Group Symantec Endpoint Protection Manager
Endpoint Security Group
12 12 Symantec Managed Security Services
Advanced Threat Protection Alliance
13
Network Security
NGFW + Wildfire
Web MPS
Network IPS + AMP
Threat Emulation/Cloud
Endpoint Security
Version 12.1 (RU4 or above preferred)
Symantec Managed Security Services
Managed Security Services: Advanced Threat Protection
14
Network Security
Endpoint Security
Security Intelligence
Threat Experts
Automated Triage Workflows
Rapid Response | Operational Efficiency | Attack Visibility
Integration
Symantec Managed Security Services
Symantec Key Differentiators
• Global Insight
– Feeds all analysis
– Integration with SEP
– Rapid response to emerging threats
• End to End Visibility
– Pinpoint incident alerts
– Detect more activity
– Fewer false positives
– Resilient monitoring strategy
• Organizational Awareness
– Gets the right alerts to the right people
– Supports compliance reporting initiatives
– Named Customer Service Manager
• Scalable Service
– Analyze > 21+ billion logs and alerts daily
– Global Corporations including 44% of the Global 100
– Gartner MQ for 11 years
• Security DNA
– 100% GIAC Certification for Analysts
– MSS Delivery Team >300 experts
– 500+ security experts in STAR team
– 12+ years delivering MSS services
• Global Presence and Delivery
– 5 SOCs worldwide
• Industry-Leading SLA
– 10 minute notification of severe security incidents
15 Symantec Managed Security Services