Scribd
Upload
125 views28 pages

Layered Security Why It Works Webcast

security info

Uploaded by

tyson360
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
125 views28 pages

Layered Security Why It Works Webcast

security info

Uploaded by

tyson360
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Layered Security: Why It Works

Sponsored by Symantec

2013 The SANS Institute www.sans.org

Todays Speakers
Jerry Shenk, SANS Analyst Kat Pelak, Senior Product Marketing Mgr., Symantec

2013 The SANS Institute www.sans.org

Layered SecurityIntroduction

2013 The SANS Institute www.sans.org

No Silver Bullet
Anti-virus:
On the mail server At the workstation

Firewall:
Ingress filtering (inbound) Egress filtering (outbound)

Traffic monitoring:
The latest thing
2013 The SANS Institute www.sans.org 4

2013 The SANS Institute www.sans.org

Defense In Depth
Risk analysis is the starting point:
What data is important?
Where does it reside? How could it be exploited?

2013 The SANS Institute www.sans.org

Layered Security
Roots in military science:
Deep defense or defense in depth

Goals:
Slow an attacker Cause enemy casualties

2013 The SANS Institute www.sans.org

Layered Security Defined


Layered security is a defensive strategy that uses multiple technologies to block access to confidential data long enough to discourage attacks and allow for detection, followed by defensive action.

2013 The SANS Institute www.sans.org

Key Security Layers

2013 The SANS Institute www.sans.org

Network Controls
Firewalls
Ingress restrictions Egress restrictions

Intrusion Detection System IDS/IPS Data Loss Prevention DLP

2013 The SANS Institute www.sans.org

10

Antivirus
Commonly used as a single layer Attackers work to avoid detection

Polymorphic code: Changing the executable


Heuristics: Looking for hostile behavior

2013 The SANS Institute www.sans.org

11

Reputation
File checksum:
Mathematical fingerprint Known good Known bad Unknown

IP address or domain:
Countries Addresses with detected hostile traffic
2013 The SANS Institute www.sans.org 12

Behavioral Analysis
Prevention is best but detection is a must. Baselining normal behavior with the help of:
Firewalls Routers Flow collectors Network taps

2013 The SANS Institute www.sans.org

13

Analyzing Unusual Activity


High-bandwidth traffic Stealthy traffic Web traffic DNS traffic

2013 The SANS Institute www.sans.org

14

Detection and Remediation


Log monitoring: www.sans.edu/research/securitylaboratory/article/sixtoplogcategories IDS/IPS Behavioral analysis End users Third parties

2013 The SANS Institute www.sans.org

15

The Human Layer


Perhaps the most critical point of a concentrated defense! Employee training:
If its too good to be true Catch somebody doing right

2013 The SANS Institute www.sans.org

16

Conclusion
Attackers attack various layers!

Security must be multi-layered.


There is no silver bullet. Attackers look for easy targets. Dont assume you will stop everything. Slow attackers down and detect them.

Determine key assets and identify weaknesses.


2013 The SANS Institute www.sans.org 17

Stopping Tomorrows Targeted Attacks Today


Kat Pelak
Sr. Regional Product Marketing Manager AMS
Symantec Targeted Attack Protection
18

Organizations are NOT Stopping Targeted Attacks

66%
Breaches went undetected for 30 days or more

4
Months to remediate

243
Days before detected

42%
Increase in Targeted Attacks Last Year

Symantec Targeted Attack Protection

19

Symantec IS Security Intelligence

7 Billion
File, URL & IP Classifications

1 Billion+
Devices Protected

2.5 Trillion
Rows of Security Telemetry

550
Threat Researchers

240 Million+
Contributing Users & Sensors
Symantec Targeted Attack Protection

14
Operations & Response Centers
20

Symantec Targeted Attack Protection

21

Symantec Stops Targeted Attacks

Global Intelligence
Endpoint Gateway Data Center

New
Network Threat Protection for Mac
Symantec Targeted Attack Protection

Disarm for Messaging Gateway


22

Proactive Endpoint Protection:


Symantec Endpoint Protection

Intrusion Prevention
Symantecs patented Network Intrusion Prevention System blocks attackers from connecting over the network to your PCs and injecting their attacks.

Advanced Scanning
Symantecs nextgeneration scanning technology blocks suspicious files even those with no fingerprint before they can run and steal your data.

Insight Reputation

SONAR Symantec Behavior Blocking Maximum Repair

Our Insight System Monitors software The reality is that threats leverages the wisdom of as it runs on your occasionally get through Symantecs 100s of endpoints and Our aggressive SMR millions of users to automatically blocks technology roots out such compute safety ratings for software with suspicious entrenched infections and every single software file behaviors even if that kills them in seconds. on the planet, and uses software has never been this to block targeted seen before. attacks.

Symantec Targeted Attack Protection

23

Email Targeted Attack Trends


Most targeted attacks are sent via email Burying Zero-Day Attacks inside of an attachment is a popular method Example: RSA Breach Secure Email Gateways will not block

Other examples including malicious and/or shortened URLs

Symantec Targeted Attack Protection

24

Gateway: Proactive Protection


Email Security.cloud Skeptic Real Time Link Following

Identify anomalies
Delivery behavior, message attributes, social engineering tricks, attachment method

Detect Malware At Final Destination


Targeted Attacks, Spear Phishing, Phishing, Spam

Anticipate evolution of malware


Predictive heuristics

Evasion Tactics
Understands short URLs, freewebs, delays, multi hops, multi destination

Symantec Targeted Attack Protection

25

Thank you!
[email protected] Twitter: KatherynePelak

Copyright 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Symantec Targeted Attack Protection

26

Q&A
Please use GoToWebinars Questions tool to submit questions to our panel.

Send to Organizers
and tell us if its for a specific panelist.

2013 The SANS Institute www.sans.org

27

Acknowledgements
Thanks to our sponsor:

To our special guest:

Kat Pelak
And to our attendees:

Thank you for joining us today


2013 The SANS Institute www.sans.org 28

You might also like