Introduction to Symantec Email Security Service Anthony Holmes Cloud Architect, EMEA & APJ
Evolving Email Threat Landscape Delivery mechanism for malware Email is the #1 36% 8,000 55% 30% 72% Increase in ransomware Businesses targeted each month by BEC scams Increase in spear phishing campaigns Users opened phishing emails Incident responders use security analytics to speed detection & response Source: ISTR Report 2017, Email ISTR Report 2017, ISTR Report 2016, Verizon DBIR 2016, 2016 SANS Incident Response Survey
The Cloud Generation Email Security Solution Cloud Service or On-premises Appliance Solution Overview Protects against targeted attacks, ransomware, spear phishing & business email compromise Gives deep visibility into advanced attacks and accelerates threat response Controls sensitive data and helps meet compliance & privacy requirements Reduces business risks by training employees to recognize & report email attacks Advanced Threat Protection Threat Isolation Email Analytics Inbound/Outbound Inbound/Outbound Messaging Gateway On-Premises Email Server Third-Party Email Server Inbound/Outbound Impersonation Controls Security Awareness Data Protection Policy-Based Encryption Anti-Spam Anti-Malware
Email Security Framework PREVENT ISOLATE INTEGRATE RESPOND PREPARE CLOUD OR ON-PREM
Symantec: Most Complete Protection in the Industry Global Intelligence Network CONNECTION LEVEL MALWARE & SPAM DEFENSE LINK PROTECTION IMPERSONATION CONTROL BEHAVIOR ANALYSIS ADVANCED MACHINE LEARNING SANDBOXING SMTP firewall, sender reputation and authentication reduce risks and throttle bad connections Heuristics, reputation, and signature based engines evaluate files and URLs for email malware & spam Evaluates malicious links at email delivery and time of click with advanced phishing variant detection Blocks Business Email Compromise and other spoofing attacks Identifies new, crafted, and hidden malware by examining the behavior of suspicious email Analyzes code for malicious characteristics Detonates only truly unknown files in both physical and virtual environments MALWARE & SPAM PROTECTION PHISHING DEFENSE EMERGING THREAT PREVENTION
Business Email Compromise Attacks Are Preying on Users Simple Concept Difficult to Block Large Financial Losses Email sent from CEO requesting large money transfer or sensitive data Low volume emails with generic content and no malicious code or links Average loss from BEC attacks was $210,000 in 2016 $5B+ Exposes losses to Business Email Compromise (BEC) fraud over the past 3 years 2400% Increase in BEC attacks since 2015 Source: FBI Public Service Announcement, I-050417-PSA (May 2017)
Anatomy of a Business Email Compromise Attack Impersonated User Impersonated Domain From: joe_CEO@yourcompany.com To: XYZ user Subject Line: Request Targeted User Simple Subject Line I need you to process a wire transfer today. Please confirm so that I can forward you the instructions. Regards Joe CEO Chief Executive Officer Sent from my iPad Urgent Request No Attachment or Link Social Engineering
Symantec Blocks Unwanted Email with Multi-layered Defense Global Intelligence Network Spam and Bulk Mail Protection 1 Connection-Level Protection Slows and drops anomalous connections Proactively shuts down illegitimate messages 2 Anti-Spam Engines Inspects emails with signature-based scanners Filters known spam and bulk mail 3 Reputation Analysis Uses global intelligence to stop unwanted email Eliminates untrusted sources of email 4 Behavior Analysis Examines every email characteristic to find suspicious behavior Identifies new spam and bulk email
Link Protection Analyzes Spear Phishing Links in Real-Time Redirects to: http://eww.newtonp12345.com.br/images/fotos/fotos/a/ Redirects to: http://www.newton12345.com.br/ images/fotos/fotos/a/html/content/home/index.html Redirects to: http://www.mundo12345.com/ images/logos/z1/img.php Malicious Content Identified Evaluates phishing links without relying on blacklists or signatures Only vendor to evaluate phishing links at email delivery and click-time Intelligence Updated Link Analyzed: http://ow.ly/1234 Email Stopped In Real-time
Remediate Threats by Quarantining Dangerous Emails Enhanced mobile experience Show additional message information such as attachment names and direction Clearly differentiates between spam and information protection messages Can hold DLP violating message for quarantine admin review and release or release to an admin Quarantine data protection & image control messages Enhanced reporting options with more details on usage Copyright © 2017 Symantec Corporation
Automatically Remediate Email Threats in Office 365 Clawback emails from Office 365 after they’ve been delivered Contain threats and stop missed email attacks from spreading Speed remediation of potential issues 2 Symantec GIN 1 3 Email scanned and delivered Remediation Copyright © 2017 Symantec Corporation
Information Protection Protect Your Sensitive Data in the Cloud Safeguard Encryption Symantec Email Security.cloud Self-serve TLS encryption Secure, encrypted PDF for mobile-friendly “push” experience Symantec-branded recipient experience Customizable Control Seamless Encryption or Decryption Quick, Secure Message Delivery Advanced Detection Technologies Multi-Channel Coverage PCI GLBA HIPAA ITAR Granular DLP policies protect sensitive data and help address legal & compliance requirements Policy-based encryption policies automatically safeguard the security & privacy of confidential emails
Gain Complete and Integrated Email Security with a Single Vendor Advanced Threat Protection Email Encryption Threat Isolation Data Loss Prevention Security Awareness POLICY-BASED ENCRYPTION EMAIL SECURITY.CLOUD & MESSAGING GATEWAY CONTENT ANALYSIS ATP:EMAIL & SYMANTEC DLP PHISHING READINESS EMAIL THREAT ISOLATION
100M social engineering scams blocked last year 20,000+ Cloud applications discovered and protected 357 million new unique pieces of malware discovered last year File URL Whitelist Blacklist Certificate Machine Learning 1B malicious emails stopped last year 40B web attacks blocked a year 100M social engineering scams blocked last year 4.7M unique wi-fi networks analyzed and protected CLOUD GLOBAL INTELLIGENCE SOURCED FROM: 1 billion previously unseen web requests scanned daily 2 billion emails scanned per day 175 million Consumer and Enterprise endpoints protected 9 global threat response centers with 3500+ Researchers and Engineers Copyright © 2018 Symantec Corporation 14
Thank you