Web Security and Network Security

1

Symantec MessageLabs Web Security.cloud

Chris RussellCloud Security Specialist

Web Security .cloud – January 2011

Web Security Challenges

Defending Against MalwareDefending Against Malware• Attackers use the Web to deliver viruses, spyware, and other malware

Enforcing a Web Acceptable Use PolicyEnforcing a Web Acceptable Use Policy• Often difficult and time consuming

Web MisuseWeb Misuse• Reduces productivity, consumes bandwidth, and creates

exposure to security and legal risk

An Increasingly Mobile WorkforceAn Increasingly Mobile Workforce• Extending security and policy enforcement can be difficult when

workers are located away from the corporate LAN

2Web Security .cloud – January 2011

Web Threat Landscape

+20%+20%Vs. 2009 on a per client per

month basis.

Average amount of Website requests blocked by our Service:

10%10%

90%90%Legitimate Websites compromised by

malware without the owners knowledge

Analysis of Blocked Domains:

Attackers are increasing their volume and frequently use legitimate Websites…

Source: MessageLabs Intelligence, July 2010

New Malware Sites per Day

Sites with spyware = 200+ per day

Sites with Web viruses: 4000+ per day


Dangers of Web MisuseThe Case for URL Filtering and Policy Enforcement

InformationWeek :The Browser As Attack Vector, August 7, 2010 (From the August 9, 2010 issue; eWeek: How to Protect Your Business from Web 2.0 Risks , Bob Walters, 2010-02-01 MessageLabs Intelligence: 2009 Annual Security Report December, 2009

MessageLabs Intelligence Findings:•87.4% of all blocks occur between 8am-6pm;•32.6% of all blocks occur from 12-2pm;•Adult & Sexually Explicit:

o 68% of blocks within working hourso 32% outside of working hours.

•Streaming Media: 12.5% of all blocks•44% of Phishing/Fraud website blocks occur during lunchtime




Comprehensive URL Filtering is needed to control Web traffic, protect bandwidth and enforce your Acceptable Use Policies

“..the misuse of company resources through excessive bandwidth use is

crippling some networks, as employees are

increasingly storing large amounts of personal

downloads. This can be expensive and slow

down the entire network.”

“..the misuse of company resources through excessive bandwidth use is

crippling some networks, as employees are

increasingly storing large amounts of personal

downloads. This can be expensive and slow

down the entire network.”


Dangers of Web MisuseSocial Media and Web 2.0

-MyJobGroup.co.uk - Social Media Costing UK Economy up to £14billion in Lost Work Time - 4th August 2010 http://www.symantec.com/connect/blogs/fraudsters-provide-false-security-facebook-users

How do Attacks Happen?1.Compromised accounts send malicious links 2.Links direct users to:

a. site resembling a Facebook login b. a page with malware downloads3.Criminals harvest the victim’s login. and password information for future attacks

How do Attacks Happen?1.Compromised accounts send malicious links 2.Links direct users to:

a. site resembling a Facebook login b. a page with malware downloads3.Criminals harvest the victim’s login. and password information for future attacks

Nearly 2 million workers spend over an hour per day 'Facebooking' at work

13% of employees aged 18-29, and 13% of employees aged 30-43 now use social networking sites for work purposes


Web Security.cloudOverview


Web Security.cloudHow it works

Clean content is delivered without noticeable delay

3 Web content is retrieved by Symantec.cloud

Multi-layer scanning detects Web-borne threats

A user initiates a Web request which is checked against the customer policies

1

Firewall

Firewall

Policies determine whether traffic is sent on, flagged or denied. Each request is logged.

Internet

2


Roaming Support Options Smart Connect for Web Security.cloud

8

Web protection and policy management for Mobile UsersSeamlessly connects users

from:

•Seamlessly logs in users in a variety of network environments•Ideal for “road-warrior” users and frequent travelers•Enforces policies and protects users as if they were inside your corporate LAN

Public Wi-Fi

Hotspots;Pay-for-use

portals

Home Offices

Corporate LAN & Regional

Offices

Data center


9

Smart Connect Roaming Agent Customer Benefits

• Automatically adjusts to differences in networking environments

• Location awareness connects user to optimal infrastructure point Flexible

• No ‘sign-on’ with compliant Web usage and transparent to user

• Same protection and usage policies whether on or off LANSeamless

• Simple add-on to existing ClientNet policies and user groups

• Standard agent install package for easy distributionEasy to Manage

• Interoperable with captive portals/pay for use hotspots

• Tested with leading endpoint security products to avoid conflictsCompatible

• Protected with SSL encryption

• System authenticated for roaming usage

• Users are authorized for individual Web usage policiesSecure


Benefits of Using Web Security.cloud• Internet-level, multi-layer scanning uses multiple commercial

engines and proprietary heuristics • Global threat intelligence helps protect against new and

converged threats• URL filtering draws from 67 million URLs and over 80 categories

Accurate Defenses

• Global Infrastructure of 14 data centers in 4 continents processes billions of Web requests each month

• Load-balanced servers help maintain minimal Web latency• Rapid deployment and automatic updates

Strong Coverage

• Dashboard, summary, detailed and scheduled reporting options for insight into service activities

• Detailed reporting options include: browse time by category, individual URL and bandwidth consumption by users and groups

Comprehensive Reporting

Our Aggressive Service Level Agreement: 100% protection against known web viruses 100% service uptime

Average scanning of Web content within 100 ms Response times for critical, major, and minor

support calls10Web Security .cloud – January 2011

What Makes Our Approach Unique?

Security that exceeds point solutions• All Web content is scanned by our service, promoting enhanced accuracy above services

that rely solely on URL filtering for threat detection• Our services share threat intelligence across email Web and IM for enhanced accuracy

Strong URL categorization• Large amount of categories available allowing you to create more granular policies• More categories means: less unclassified content, greater accuracy and stronger policy

enforcement

Comprehensive options to enforce your Web Policy • Flexible quota management allows administrators to set limits for browse time and bandwidth consumption• Create custom rules based on time of day, user, group and location to suit your organization

Roaming and remote worker support options• Options for both remote and roaming workers are available to suit your needs• Our roaming agent possesses location and network intelligence capabilities to provide the

best browsing experience


Delivered Using a Global Infrastructure

• Incorporating 14 data centers spanning four continents• Every data center is scalable and secured to the highest standards• Clustered high performance servers, each cluster has full redundancy

within itself and all other hardware is duplicated12Web Security .cloud – January 2011

Part of a Portfolio of Integrated Cloud-based Services

Web

IM

Email

EndPoint

Content ControlImage Control

URL Filtering

Boundary EncryptionPolicy Based Encryption

Archiving

Continuity

Content Control

RecoverSecureControlProtect

AntiVirus

AntiSpam

AntiVirusAntiSpam

AntiVirus

AntiSpyware

Skep

ticT

M

EndPoint.cloud


Summary• Advanced multi-layered protection from Web threats

• Comprehensive URL Filtering with over 80 categories to promote service accuracy

• Delivered through a highly available global infrastructure

• Low latency service - Scanning performed in under 100 ms

• Helps you make Web use more productive and compliant

• Provides SaaS Advantages

• Support for mobile workforce

• Backed by an industry leading Service Level Agreement


Next Steps

• Begin a free trial of Web Security.cloud • See a demo• Request a quote• Visit www.messagelabs.com for additional information


Thank you!

SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLYCopyright © 2010 Symantec Corporation. All rights reserved.

Thank you!

16

Chris [email protected]+61 (0) 2 9086 8285



Web Threat LandscapeCommon entry points

Comprehensive Protection Needed Across Email, Web, and IM

‘Spoofed’ Email with Web Link

Fraudulent IM with Web Link

Compromised Website Hosting Malware

Attackers frequently use multiple protocols to evade point solutions

• When threats are found in our other services, this information is shared with the Web Security service for increased accuracy in detecting new and converging threats


Dangers of Web Misuse (v2)The Case for URL Filtering and Policy Enforcement

“the browser is now your employees'

gateway out-and an attacker's gateway in…new attack techniques are exploiting browser flaws and leading to the compromise of

data. ”

“the browser is now your employees'

gateway out-and an attacker's gateway in…new attack techniques are exploiting browser flaws and leading to the compromise of

data. ”







InformationWeek :The Browser As Attack Vector, August 7, 2010 (From the August 9, 2010 issue; eWeek: How to Protect Your Business from Web 2.0 Risks , Bob Walters, 2010-02-01 MessageLabs Intelligence: 2009 Annual Security Report December, 2009

Comprehensive URL Filtering is needed to control Web traffic, protect bandwidth and enforce your Acceptable Use Policies


Market Leadership


Email and Web Converged ThreatsExample Phishing Attack

Malicious URLs appear in emails designed to appear legitimate

Spoofed or compromised website is used to capture account

information or install malware


Web Security Deployment Options

Business Need On Premise Software or Appliance

Symantec.cloud Service

Block Threats Outside the Network

Automatic URL, Virus Signature, and Product Updates

Roaming User Traffic Not Routed Through Corporate Network

Predictable Costs Managed as OPEX

Rapid Deployment

Service Level Agreements

Unlimited Scalability

Built-in High Availability

Complimentary 24 / 7 Support


Roaming Support Options Remote Connect

23

Web protection & policy management for Small & Home Office Users

VPN VPN

For your remote workers connecting from:

Home Offices

Regional Offices

•Easily activated within ClientNet administrative interface•Ideal for less mobile users located in remote offices or home offices•Enforces policies and protects users as if they were inside your corporate LAN


Defense against Converging Threats Web Security.cloud and Email Security.cloud Services

• Convergence of Web and email threats call for a hosted services expert in both protocols

• Symantec .cloud provides integrated Web, email and IM hosted security services

• One trusted supplier and management interface

• Saves time and money, while increasing visibility and control

• Convergence of Web and email threats call for a hosted services expert in both protocols

• Symantec .cloud provides integrated Web, email and IM hosted security services

• One trusted supplier and management interface

• Saves time and money, while increasing visibility and control


Management InterfacePortal dashboard

• Reporting• Policy

Management• User

Administration• Online Help


Web Security.cloud ReportingDashboard, Summary, Detailed and Audit reports

• Dashboard – snapshot view of service statistics

• Summary – graphs, tables and key statistics

• Audit – information on individual user activities


Web Security.cloud ReportingDetailed reports

• Options include:• AntiVirus &

AntiSpyware Activities

• URL Filtering Activity• Bandwidth by User• Browse time by URL

category, individual URL

• Bandwidth by Individual URL , URL Category

• Web Audit


Web Security.cloud Dashboard

The Dashboard provides a quick view of recent trends and activity of the service:

• URL Filtering intercepts

•Top 5 URL Categories

•Top 5 Content Types


Web Security.cloud - URL Filtering Policy building for categories & content

•Over 80 Categories to Select from

• Multiple category support for a single website URL


Web Security.cloud - URL Filtering Policy building for users & groups

•Policies may be configured to block access by users and groups:


Web Security.cloud - URL FilteringURL Lookup Tool

31

•Aids in the creation of custom policies


Web Security.cloud - URL Filtering Quota based policies

Policies may be configured to restrict access for users and groups to specific websites or site categories by:

• time of day• browse time • bandwidth

consumption


What Makes Us Different

• The ‘In the cloud’ SaaS pioneer• Skeptic AntiVirus ‘zero hour’ protection unsurpassed: Each day, Skeptic stops

200 unique strains of malware that traditional, signature based antivirus engines miss

• Continued investment in our technology and infrastructure• Unbeatable Service Level Agreements• 24/7 global client support team• Global infrastructure, global presence


Supp

ort

Emai

l

Web

Industry Leading Service Level AgreementAntiVirus Protection 100% protection from known and

unknown email virusesCredit is offered if a client infected by a virus

Virus False Positives 0.0001% FP capture rateCredit is offered if we do not meet this commitment

Spam Capture Rate 99% capture rate (95% for emails containing Asian characters)

Credit is offered if we do not meet this commitment

Spam False Positives 0.0003% FP capture rateCredit is offered if we do not meet this commitment

Latency Average roundtrip time of 100% of email delivered in less than 60 seconds

Credit is offered if latency exceeds 1 minute

Delivery 100% delivery guaranteeClient may terminate if we do not meet this

Service Availability 100% uptimeCredit is offered if availability falls below 100%

Client may terminate if availability falls below 95%

AntiVirus Protection 100% protection against known viruses

Credit is offered if a client infected by a virus

Latency Average scanning time of 100% of web content is within 100 milliseconds

Credit is offered if latency exceeds 100 milliseconds

Service Availability 100% uptimeCredit is offered if availability falls below 100%


Arch

ivin

g Service Availability Guarantee 99.9% uptime for archiving network


Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost

Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls

within 8hrsCredit is offered if we do not meet this commitment


SaaS is Strong in Messaging Security

SaaS in General • Quick and easy set up• Predictable, low cost• Redundancy• Platform independent• No maintenance or

version control

Messaging Security•Preserves bandwidth (removes up to 80% of emails in cloud)

•Better protection

SaaS BENEFITSBARRIERS to SaaS

• Concerns over security• Concerns over network reliability / availability

• Configurability of services


Web Security.cloud Roaming Use Cases

VPN User

Payment authorization traffic

VPN Traffic

Hotel/ Hotspot

Corporate LAN

Non-Corporate LAN

Roaming Web User

Internet

Data center


Agent state is Off LAN Protected

System Authentication Network Discovery Logged On User Info

Smart Connect Flow Diagram

Symantec .cloud Confidential 37

4

User/Group filters URL filters Content Scanning Logging/Reporting

‘Trip’ Infrastructure

RAS Proxies

Session authentication

NED Servers Geo-location and NED DB

Source IP lookup Country of origin Trip assignment

Initial Authentication Connection details Session certificate

1 2

5

3

Technology

Web Security and Network Security