Professional Documents
Culture Documents
You see the results daily. How many go undetected and unreported?
Total Data
Breaches
JANUARY 2014 DECEMBER 2014
312
Total Identities
Exposed
JANUARY 2014 DECEMBER 2014
348
MILLION
1 months to detection
5 DB admins compromised
80 million medical records stolen
Medical records 10 times more valuable
than credit cards on black market
Even with the best prevention technologies, can you stop advanced
persistent threats?
PREPARE
PREVENT
DETECT
RESPOND
RECOVER
Understanding Where
Important Data Is &
Who Can Access It
Stopping Incoming
Attacks
Finding Incursions
Containing &
Remediating Problems
Restoring Operations
PREVENT
DETECT
RESPOND
RECOVER
Understanding Where
Important Data Is &
Who Can Access It
Stopping Incoming
Attacks
Finding Incursions
Containing &
Remediating Problems
Restoring Operations
Our Future:
Symantec Advanced
Threat Protection
CORRELATION
and
Prioritization
INVESTIGATION
REMEDIATION
Detect once,
Find everywhere
Global Intelligence
Exported Data
ENDPOINT
NETWORK
3RD PARTY
More Intelligence | Better Detection & Faster Response | Correlated Across Control Points | Integrated with Endpoint Protection
Advanced
Threat Protection
Unparalleled Prevention
Consistent leader in endpoint & email protection
Global Intelligence
Exported Data
Prioritize
Investigate
Remediate
Unbeatable Response
Prioritize via correlation with the endpoint and enterprise context
Investigate efficiently: Where is a threat? How did it get in?
Contain the threat across the enterprise & remediate with one click
Endpoint
Network
3rd party
ATP in Action
Suspicious File via Email
Email with
Suspicious File
or URL
Cynic
Synapse
ATP
Email
ATP
Endpoint
TM
2
Symantec Confidential. Subject to NDA
TM
High
priority
event
Portal
ATP
Network
Comprehensive Detection
Detection Pipeline
Technologies tested and proven on >200 M endpoints for faster more accurate detection
Blacklist, Whitelist
Vantage
File
Insight
Cynic
Blocks malware as it
tries to spread over
the network
C&C detections
GIN
Antivirus Engine
Vulnerability and
Exploit blocking
Auto Protect
Malheur
On Box
Symantec Confidential. Subject to NDA
Domain/IP Reputation
File Reputation
Android APK Reputation
Various Windows,
Office, Adobe,
versions
Bare Metal for VMevasive payloads
Cloud
SYMANTEC CYNIC
SYMANTEC SYNAPSE
Effective Prioritization:
Prioritizes high for active
infection or low for blocked
infection
Forensic Investigation:
Intelligent grouping for
campaigns, threat
evolution, and resolution
Cloud Advantages:
Innovative techniques such
as malware clustering, and
scales to meet demands
SATP:N
BLACKLIST
Blacklist
Vantage Insight
AV
Mobile Insight
Synapse Correlation
Conviction, Actionable
intelligence
Symantec Confidential. Subject to NDA
13
Endpoints, Users
Internet
ATP Endpoint Detection Pipeline Focuses on what SEP does not block
Cynic
In the
Symantec Cloud
Symantec Confidential. Subject to NDA
Criterion
On the
Appliance
Agent
(i.e. SEP 12.1)
Email Security.cloud
Core service
Connection Process
Brightmail
Symantec AV
Cynic
Malware analysis finds
unknown malware that
bypassed the pipeline
Skeptic
Real-time
Link Following
Various Windows,
Office, Adobe versions
Bare metal for VMevasive payloads
Detection Type
Where else Symantec has seen the file, and by what name.
Often, newer detections havent been seen before
Pivot to endpoints
Email Security.cloud
Malware name
To Header RFC5322
Source IP - sender IP address
Geo-location of source
Mail From Envelope Sender RFC5321
Malware by category,
detailed breakdown of
threats inbound and
outbound
Thank you!
Copyright 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by
law. The information in this document is subject to change without notice.