Presentation is loading. Please wait.

Presentation is loading. Please wait.

Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore.

Published byEdgar Vincent Vinet Modified over 5 years ago

Similar presentations

Presentation on theme: "Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore."— Presentation transcript:

1 Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore Senior Security Engineer July 10, 2018

2 Web Isolation Fundamentals
Browsing session is secured through isolation; access not blocked Everything assumed to be malicious All code and content prevented from reaching endpoints Enables access to unknown/risky content where there is a legitimate need Web isolation eliminates patient zero Isolation prevents infections before they ever happen Even zero-day vulnerabilities Malware has become extremely violent (e.g. ransomware) with close to zero dwell time for detection and remediation Isolation can be used to allow access to sites that previously would have been blocked. It does not depend on the Detect then Prevent construct. Everything is assumed to be bad. Easy to deploy and use given the way it is architected.

3 Symantec Announces Fireglass Acquisition
Web isolation changes the game for protecting against advanced threats Fireglass web isolation Established in 2014 Leader in fast growing browser/web isolation market Customer value – increased malware protection for web & mail Integrates with Secure Web Gateway (ProxySG, ASG, VSWG) to allow safe access to uncategorized/risky sites Also can work with on prem – parallel with Symantec SMG Offered stand-alone – cloud or on-prem Integrations underway with cloud-delivered Web Security Service and Symantec security solutions (SMG, .cloud) Integrate with 3rd party proxies and NGFW’s Symantec acquired Fireglass, a leader in the fast growing security category known as Isolation or Remote Browsing Adds capabilities in a few areas of our portfolio, primarily in Web and Security

4 Market View on Web Isolation
“Evaluate and pilot a remote browser solution in 2017 as one of the most significant ways an enterprise can reduce the ability of web-based attacks on users to cause damage” Web isolation is a new threat prevention approach Sometimes referred to as Remote Browsing, but has broader applications for use Identified as top technology in 2016 & 2017 Gartner predicts that over 50% of enterprises will adopt web isolation Isolation can be used to allow access to sites that previously would have been blocked. It does not depend on the Detect then Prevent construct. Everything is assumed to be bad. Easy to deploy and use given the way it is architected.

5 90% of Cyber Attacks Come Through Web and Email
& Phishing Threats Web Threats 1,400+ 83% New browser & plug-in vulnerabilities per year Growth in active phishing URLs of sites can be used to deliver malware 78% of Large Enterprise were targeted by spear phishing 55% - Security professionals often surprised to see that over 90% of cyber-attacks come through web and On the web side, it is primarily through vulnerabilities that exist in browsers or users wandering onto websites that deliver malicious content. The big vector on the side is Phishing. Every 4 seconds 12% an unknown malware is downloaded of users click untrusted links or attachments Source: Verizon DBIR, Symantec ISTR, Gartner

6 The Threat of the Unknown Web
Parameter BLOCK ALLOW / BLOCK? ALLOW? Known Good uncategorized or potentially risky* domains Unknown/Risky “How Can I Increase Security without over-blocking?” THE CHALLENGE Millions of new sites created every day 71% of all host names exist for 24 hours or less Many are legitimate, but some offer ideal cover for hackers launching attacks Difficult to assess w. traditional “detection” approaches Customizing protection without over-blocking Known Bad

7 Web Isolation Architecture
Risks Symantec Web Isolation User Web 100% safe rendering information Render Execute Download Secure Disposable Container Documents Secure Disposable Container User gestures Some key aspects to highlight in our architecture and approach: - The solution is agentless - Web session is completely isolated in a container. Container handles rendering, execution and downloading - can be deployed as an on-premise solution or as a cloud service - Any device, OS or browser Secure Disposable Container Seamless browsing experience Isolate both web and , including documents On premise, cloud and hybrid

8 Demo

9 Key Use Cases

10 Problem: Over-blocking the “Middle Ground” Sites
Web access policy: Always allow certain categories/sites Always block certain categories/sites Key Issue – Middle Ground Over-block – creates user issues Under-block – Increased risk of malware Allowed Categories Categories where some access may be required Uncategorized Threat Cats Health, Financial Services, etc. Dynamic DNS Host File Storage/ Sharing Hacking Suspicious Malicious in/out… ALLOW ALLOW or DENY… DENY… MOSTLY DENY DENY …depending on organizational needs …for security best practices at the expense of user experience. Often requires additional ops to whitelist specific domains/users Some Allow Some Allow Often requires additional ops to whitelist specific domains/users

11 Web isolation with proxy using website categories
Stop Over-blocking Web isolation with proxy using website categories Web access policy: Always allow certain categories/sites Always block certain categories/sites Middle ground categories/sites get isolated Expanded access with no malware risk Allowed Categories Categories where some access may be required Uncategorized Threat Cats Health, Financial Services, etc. Dynamic DNS Host File Storage/ Sharing Hacking Suspicious Malicious in/out… ALLOW ISOLATE DENY

12 Stop Over-blocking Web isolation with proxy using categories (with risk levels: BCIS-advanced) Web access policy: Allow certain categories and low risk sites Block certain categories and riskiest sites Middle ground categories and potentially risky sites get isolated Expanded access with no malware risk Risk Level Allowed Categories Customer Category Categories where some access may be required Uncategorized Security Concerns Health, Financial Services, etc. Category of Interest File Storage/ Sharing Dynamic DNS Host Hacking Suspicious Malicious Outbound 10 9 8 7 6 5 4 3 2 1 DENY ISOLATE ALLOW

13 Leveraging Symantec Global Intelligence Network (GIN)
21, Cloud applications discovered and protected Discovered million new unique pieces of malware last year 1B malicious s stopped last year File URL Whitelist Blacklist Certificate Machine Learning Key Points – - Up to date, accurate data, correlated and analyzed to give you the latest information on known bads…no one can argue with the importance of this - Symantec has the largest civilian threat intelligence network in the world; sourced from: >1 billion web requests scanned daily >2 billion s scanned per day Data from over 175M endpoint devices All analyzed and assessed by advanced algorithms to identify and risk score malicious sites The proof is in the results…data points in the black section of slide 182M web attacks blocked last year 100M social engineering scams blocked last year CLOUD GLOBAL INTELLIGENCE SOURCED FROM: 1 Billion previously unseen web requests scanned daily 2 Billion s scanned per day 175M Consumer and Enterprise endpoints protected 9 Global threat response centers with 3,000 Researchers and Engineers

14 Additional Protection for Privileged Users
Safeguard Privileged Users Prevent Malware with Web Access We have privileged users like executives, IT admins, HR, and finance that have extra permissions and access rights to sensitive data and systems I need to enable secure web browsing on those critical endpoints, and ensure internet delivered malware never impacts these devices C-Level Team Key IT Staff HR, Legal, Finance Malware on these endpoints has severe consequences because of unique system privileges

15 Prevent Phishing Attacks by Isolating Risky Embedded URL Links
Prevent malware/ransomware from phishing attacks Isolate websites launched from URLs embedded in Stop credential theft by preventing users from submitting corporate credentials and other sensitive information on unknown and malicious sites Protect my users from embedded URLs that links to malicious websites

16 Thank You!

Download ppt "Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore."

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
1 #UPAugusta2016. 2 3 Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.

1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
© 2015 IBM Corporation John Guidone Account Executive IBM Security 267-238-3407 IBM MaaS360.

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.

© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Similar presentations

Ads by Google