Upload
crussell79
View
5.453
Download
1
Tags:
Embed Size (px)
Citation preview
1
Symantec MessageLabs Web Security.cloud
Chris RussellCloud Security Specialist
Web Security .cloud – January 2011
Web Security Challenges
Defending Against MalwareDefending Against Malware• Attackers use the Web to deliver viruses, spyware, and other malware
Enforcing a Web Acceptable Use PolicyEnforcing a Web Acceptable Use Policy• Often difficult and time consuming
Web MisuseWeb Misuse• Reduces productivity, consumes bandwidth, and creates
exposure to security and legal risk
An Increasingly Mobile WorkforceAn Increasingly Mobile Workforce• Extending security and policy enforcement can be difficult when
workers are located away from the corporate LAN
2Web Security .cloud – January 2011
Web Threat Landscape
+20%+20%Vs. 2009 on a per client per
month basis.
Average amount of Website requests blocked by our Service:
10%10%
90%90%Legitimate Websites compromised by
malware without the owners knowledge
Analysis of Blocked Domains:
Attackers are increasing their volume and frequently use legitimate Websites…
Source: MessageLabs Intelligence, July 2010
New Malware Sites per Day
Sites with spyware = 200+ per day
Sites with Web viruses: 4000+ per day
3Web Security .cloud – January 2011
Dangers of Web MisuseThe Case for URL Filtering and Policy Enforcement
InformationWeek :The Browser As Attack Vector, August 7, 2010 (From the August 9, 2010 issue; eWeek: How to Protect Your Business from Web 2.0 Risks , Bob Walters, 2010-02-01 MessageLabs Intelligence: 2009 Annual Security Report December, 2009
MessageLabs Intelligence Findings:•87.4% of all blocks occur between 8am-6pm;•32.6% of all blocks occur from 12-2pm;•Adult & Sexually Explicit:
o 68% of blocks within working hourso 32% outside of working hours.
•Streaming Media: 12.5% of all blocks•44% of Phishing/Fraud website blocks occur during lunchtime
MessageLabs Intelligence Findings:•87.4% of all blocks occur between 8am-6pm;•32.6% of all blocks occur from 12-2pm;•Adult & Sexually Explicit:
o 68% of blocks within working hourso 32% outside of working hours.
•Streaming Media: 12.5% of all blocks•44% of Phishing/Fraud website blocks occur during lunchtime
Comprehensive URL Filtering is needed to control Web traffic, protect bandwidth and enforce your Acceptable Use Policies
“..the misuse of company resources through excessive bandwidth use is
crippling some networks, as employees are
increasingly storing large amounts of personal
downloads. This can be expensive and slow
down the entire network.”
“..the misuse of company resources through excessive bandwidth use is
crippling some networks, as employees are
increasingly storing large amounts of personal
downloads. This can be expensive and slow
down the entire network.”
4Web Security .cloud – January 2011
Dangers of Web MisuseSocial Media and Web 2.0
-MyJobGroup.co.uk - Social Media Costing UK Economy up to £14billion in Lost Work Time - 4th August 2010 http://www.symantec.com/connect/blogs/fraudsters-provide-false-security-facebook-users
How do Attacks Happen?1.Compromised accounts send malicious links 2.Links direct users to:
a. site resembling a Facebook login b. a page with malware downloads3.Criminals harvest the victim’s login. and password information for future attacks
How do Attacks Happen?1.Compromised accounts send malicious links 2.Links direct users to:
a. site resembling a Facebook login b. a page with malware downloads3.Criminals harvest the victim’s login. and password information for future attacks
Nearly 2 million workers spend over an hour per day 'Facebooking' at work
13% of employees aged 18-29, and 13% of employees aged 30-43 now use social networking sites for work purposes
5Web Security .cloud – January 2011
Web Security.cloudOverview
Web Security .cloud – January 2011
Web Security.cloudHow it works
Clean content is delivered without noticeable delay
3 Web content is retrieved by Symantec.cloud
Multi-layer scanning detects Web-borne threats
A user initiates a Web request which is checked against the customer policies
1
Firewall
Firewall
Policies determine whether traffic is sent on, flagged or denied. Each request is logged.
Internet
2
Web Security .cloud – January 2011
Roaming Support Options Smart Connect for Web Security.cloud
8
Web protection and policy management for Mobile UsersSeamlessly connects users
from:
•Seamlessly logs in users in a variety of network environments•Ideal for “road-warrior” users and frequent travelers•Enforces policies and protects users as if they were inside your corporate LAN
Public Wi-Fi
Hotspots;Pay-for-use
portals
Home Offices
Corporate LAN & Regional
Offices
Data center
Web Security .cloud – January 2011
9
Smart Connect Roaming Agent Customer Benefits
• Automatically adjusts to differences in networking environments
• Location awareness connects user to optimal infrastructure point Flexible
• No ‘sign-on’ with compliant Web usage and transparent to user
• Same protection and usage policies whether on or off LANSeamless
• Simple add-on to existing ClientNet policies and user groups
• Standard agent install package for easy distributionEasy to Manage
• Interoperable with captive portals/pay for use hotspots
• Tested with leading endpoint security products to avoid conflictsCompatible
• Protected with SSL encryption
• System authenticated for roaming usage
• Users are authorized for individual Web usage policiesSecure
Web Security .cloud – January 2011
Benefits of Using Web Security.cloud• Internet-level, multi-layer scanning uses multiple commercial
engines and proprietary heuristics • Global threat intelligence helps protect against new and
converged threats• URL filtering draws from 67 million URLs and over 80 categories
Accurate Defenses
• Global Infrastructure of 14 data centers in 4 continents processes billions of Web requests each month
• Load-balanced servers help maintain minimal Web latency• Rapid deployment and automatic updates
Strong Coverage
• Dashboard, summary, detailed and scheduled reporting options for insight into service activities
• Detailed reporting options include: browse time by category, individual URL and bandwidth consumption by users and groups
Comprehensive Reporting
Our Aggressive Service Level Agreement: 100% protection against known web viruses 100% service uptime
Average scanning of Web content within 100 ms Response times for critical, major, and minor
support calls10Web Security .cloud – January 2011
What Makes Our Approach Unique?
Security that exceeds point solutions• All Web content is scanned by our service, promoting enhanced accuracy above services
that rely solely on URL filtering for threat detection• Our services share threat intelligence across email Web and IM for enhanced accuracy
Strong URL categorization• Large amount of categories available allowing you to create more granular policies• More categories means: less unclassified content, greater accuracy and stronger policy
enforcement
Comprehensive options to enforce your Web Policy • Flexible quota management allows administrators to set limits for browse time and bandwidth consumption• Create custom rules based on time of day, user, group and location to suit your organization
Roaming and remote worker support options• Options for both remote and roaming workers are available to suit your needs• Our roaming agent possesses location and network intelligence capabilities to provide the
best browsing experience
11Web Security .cloud – January 2011
Delivered Using a Global Infrastructure
• Incorporating 14 data centers spanning four continents• Every data center is scalable and secured to the highest standards• Clustered high performance servers, each cluster has full redundancy
within itself and all other hardware is duplicated12Web Security .cloud – January 2011
Part of a Portfolio of Integrated Cloud-based Services
Web
IM
EndPoint
Content ControlImage Control
URL Filtering
Boundary EncryptionPolicy Based Encryption
Archiving
Continuity
Content Control
RecoverSecureControlProtect
AntiVirus
AntiSpam
AntiVirusAntiSpam
AntiVirus
AntiSpyware
Skep
ticT
M
EndPoint.cloud
13Web Security .cloud – January 2011
Summary• Advanced multi-layered protection from Web threats
• Comprehensive URL Filtering with over 80 categories to promote service accuracy
• Delivered through a highly available global infrastructure
• Low latency service - Scanning performed in under 100 ms
• Helps you make Web use more productive and compliant
• Provides SaaS Advantages
• Support for mobile workforce
• Backed by an industry leading Service Level Agreement
14Web Security .cloud – January 2011
Next Steps
• Begin a free trial of Web Security.cloud • See a demo• Request a quote• Visit www.messagelabs.com for additional information
15Web Security .cloud – January 2011
Thank you!
SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLYCopyright © 2010 Symantec Corporation. All rights reserved.
Thank you!
16
Chris [email protected]+61 (0) 2 9086 8285
Web Security .cloud – January 2011
17Web Security .cloud – January 2011
Web Threat LandscapeCommon entry points
Comprehensive Protection Needed Across Email, Web, and IM
‘Spoofed’ Email with Web Link
Fraudulent IM with Web Link
Compromised Website Hosting Malware
Attackers frequently use multiple protocols to evade point solutions
• When threats are found in our other services, this information is shared with the Web Security service for increased accuracy in detecting new and converging threats
18Web Security .cloud – January 2011
Dangers of Web Misuse (v2)The Case for URL Filtering and Policy Enforcement
“the browser is now your employees'
gateway out-and an attacker's gateway in…new attack techniques are exploiting browser flaws and leading to the compromise of
data. ”
“the browser is now your employees'
gateway out-and an attacker's gateway in…new attack techniques are exploiting browser flaws and leading to the compromise of
data. ”
MessageLabs Intelligence Findings:•87.4% of all blocks occur between 8am-6pm;•32.6% of all blocks occur from 12-2pm;•Adult & Sexually Explicit:
o 68% of blocks within working hourso 32% outside of working hours.
•Streaming Media: 12.5% of all blocks•44% of Phishing/Fraud website blocks occur during lunchtime
MessageLabs Intelligence Findings:•87.4% of all blocks occur between 8am-6pm;•32.6% of all blocks occur from 12-2pm;•Adult & Sexually Explicit:
o 68% of blocks within working hourso 32% outside of working hours.
•Streaming Media: 12.5% of all blocks•44% of Phishing/Fraud website blocks occur during lunchtime
InformationWeek :The Browser As Attack Vector, August 7, 2010 (From the August 9, 2010 issue; eWeek: How to Protect Your Business from Web 2.0 Risks , Bob Walters, 2010-02-01 MessageLabs Intelligence: 2009 Annual Security Report December, 2009
Comprehensive URL Filtering is needed to control Web traffic, protect bandwidth and enforce your Acceptable Use Policies
19Web Security .cloud – January 2011
Market Leadership
20Web Security .cloud – January 2011
Email and Web Converged ThreatsExample Phishing Attack
Malicious URLs appear in emails designed to appear legitimate
Spoofed or compromised website is used to capture account
information or install malware
21Web Security .cloud – January 2011
Web Security Deployment Options
Business Need On Premise Software or Appliance
Symantec.cloud Service
Block Threats Outside the Network
Automatic URL, Virus Signature, and Product Updates
Roaming User Traffic Not Routed Through Corporate Network
Predictable Costs Managed as OPEX
Rapid Deployment
Service Level Agreements
Unlimited Scalability
Built-in High Availability
Complimentary 24 / 7 Support
22Web Security .cloud – January 2011
Roaming Support Options Remote Connect
23
Web protection & policy management for Small & Home Office Users
VPN VPN
For your remote workers connecting from:
Home Offices
Regional Offices
•Easily activated within ClientNet administrative interface•Ideal for less mobile users located in remote offices or home offices•Enforces policies and protects users as if they were inside your corporate LAN
Web Security .cloud – January 2011
Defense against Converging Threats Web Security.cloud and Email Security.cloud Services
• Convergence of Web and email threats call for a hosted services expert in both protocols
• Symantec .cloud provides integrated Web, email and IM hosted security services
• One trusted supplier and management interface
• Saves time and money, while increasing visibility and control
• Convergence of Web and email threats call for a hosted services expert in both protocols
• Symantec .cloud provides integrated Web, email and IM hosted security services
• One trusted supplier and management interface
• Saves time and money, while increasing visibility and control
24Web Security .cloud – January 2011
Management InterfacePortal dashboard
• Reporting• Policy
Management• User
Administration• Online Help
25Web Security .cloud – January 2011
Web Security.cloud ReportingDashboard, Summary, Detailed and Audit reports
• Dashboard – snapshot view of service statistics
• Summary – graphs, tables and key statistics
• Audit – information on individual user activities
26Web Security .cloud – January 2011
Web Security.cloud ReportingDetailed reports
• Options include:• AntiVirus &
AntiSpyware Activities
• URL Filtering Activity• Bandwidth by User• Browse time by URL
category, individual URL
• Bandwidth by Individual URL , URL Category
• Web Audit
27Web Security .cloud – January 2011
Web Security.cloud Dashboard
The Dashboard provides a quick view of recent trends and activity of the service:
• URL Filtering intercepts
•Top 5 URL Categories
•Top 5 Content Types
28Web Security .cloud – January 2011
Web Security.cloud - URL Filtering Policy building for categories & content
•Over 80 Categories to Select from
• Multiple category support for a single website URL
29Web Security .cloud – January 2011
Web Security.cloud - URL Filtering Policy building for users & groups
•Policies may be configured to block access by users and groups:
30Web Security .cloud – January 2011
Web Security.cloud - URL FilteringURL Lookup Tool
31
•Aids in the creation of custom policies
Web Security .cloud – January 2011
Web Security.cloud - URL Filtering Quota based policies
Policies may be configured to restrict access for users and groups to specific websites or site categories by:
• time of day• browse time • bandwidth
consumption
32Web Security .cloud – January 2011
What Makes Us Different
• The ‘In the cloud’ SaaS pioneer• Skeptic AntiVirus ‘zero hour’ protection unsurpassed: Each day, Skeptic stops
200 unique strains of malware that traditional, signature based antivirus engines miss
• Continued investment in our technology and infrastructure• Unbeatable Service Level Agreements• 24/7 global client support team• Global infrastructure, global presence
33Web Security .cloud – January 2011
Supp
ort
Emai
l
Web
Industry Leading Service Level AgreementAntiVirus Protection 100% protection from known and
unknown email virusesCredit is offered if a client infected by a virus
Virus False Positives 0.0001% FP capture rateCredit is offered if we do not meet this commitment
Spam Capture Rate 99% capture rate (95% for emails containing Asian characters)
Credit is offered if we do not meet this commitment
Spam False Positives 0.0003% FP capture rateCredit is offered if we do not meet this commitment
Latency Average roundtrip time of 100% of email delivered in less than 60 seconds
Credit is offered if latency exceeds 1 minute
Delivery 100% delivery guaranteeClient may terminate if we do not meet this
Service Availability 100% uptimeCredit is offered if availability falls below 100%
Client may terminate if availability falls below 95%
AntiVirus Protection 100% protection against known viruses
Credit is offered if a client infected by a virus
Latency Average scanning time of 100% of web content is within 100 milliseconds
Credit is offered if latency exceeds 100 milliseconds
Service Availability 100% uptimeCredit is offered if availability falls below 100%
Client may terminate if availability falls below 95%
Arch
ivin
g Service Availability Guarantee 99.9% uptime for archiving network
Client may terminate if availability falls below 90%
Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost
Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls
within 8hrsCredit is offered if we do not meet this commitment
34Web Security .cloud – January 2011
SaaS is Strong in Messaging Security
SaaS in General • Quick and easy set up• Predictable, low cost• Redundancy• Platform independent• No maintenance or
version control
Messaging Security•Preserves bandwidth (removes up to 80% of emails in cloud)
•Better protection
SaaS BENEFITSBARRIERS to SaaS
• Concerns over security• Concerns over network reliability / availability
• Configurability of services
35Web Security .cloud – January 2011
Web Security.cloud Roaming Use Cases
VPN User
Payment authorization traffic
VPN Traffic
Hotel/ Hotspot
Corporate LAN
Non-Corporate LAN
Roaming Web User
Internet
Data center
36Web Security .cloud – January 2010
Agent state is Off LAN Protected
System Authentication Network Discovery Logged On User Info
Smart Connect Flow Diagram
Symantec .cloud Confidential 37
4
User/Group filters URL filters Content Scanning Logging/Reporting
‘Trip’ Infrastructure
RAS Proxies
Session authentication
NED Servers Geo-location and NED DB
Source IP lookup Country of origin Trip assignment
Initial Authentication Connection details Session certificate
1 2
5
3