Professional Documents
Culture Documents
Symantec-Fortinet Joint Solutions
Symantec-Fortinet Joint Solutions
1
Content
• Symantec Overview
• Summary
• Q&A
2
Symantec Overview
Symantec Overview
Corporate Overview
Symantec takes leadership position in 5 Magic
Symantec Corporation (NASDAQ: SYMC), Quadrants – EPP, DLP, MSS, SWG, and CASB.
the world’s leading cyber security company,
Symantec Endpoint Protection wins AV-TEST Award for
allows organizations, governments, and Best Protection 2018 – 4 years in a Row
people to secure their most important data
wherever it lives. Enterprises across the The Forrester Wave™: Cloud Security Gateways
world rely on Symantec for integrated cyber Leader, 20185
defense against sophisticated attacks across SEP Mobile leader in IDC MarketScape: WW Mobile
endpoints, infrastructure, and cloud. Threat Management Security Software 2018 Vendor
Assessment
More than 50 million people and families rely
on Symantec’s Norton and LifeLock Digital The Forrester Wave™: Endpoint Security Suites
Safety Platform to help protect their personal Leader, 2018
information, devices, home networks, and
And Many More…
identities at home and across their devices.
New Regulations
CURRENT
SECURITY BUDGET Subscription Expense Growth
6-8% ANNUAL
BUDGET INCREASE
Maintaining a Dual Environment (Legacy and Cloud)
6
Fragmented Tools No Longer Work
>80% 91%
3.5m
unfilled cyber security
Percentage of CXOs Percentage of enterprises
whose threat detection who are considering or positions in the industry
and response actively consolidating by 2021
effectiveness is impacted cyber security vendors
by too many with whom they conduct
independent point tools business
SOURCE: ESG “The Shift Toward Cybersecurity Technology Platforms” February SOURCE: Forbes “The Cybersecurity Talent Gap Is An
2019 Industry Crisis” August 9, 2018
7
What Organizations Need
01 02 03
End-to-End To Close
To Centralize and
Security Protection
Leverage the
Orchestration, Gaps Across
Value of
Automation, and Vendors and
Security Data
Remediation Product Silos
8
Symantec | Fortinet - What was announced?
9
Two Market Leaders Joining Forces
To do what leaders do best: LEAD
ENDPOINT PROTECTION PLATFORM SECURE WEB GATEWAYS NEXT GENERATION FIREWALL
Leaders that will work together to provide customers with unprecedented best-breed-security solutions
to help strengthen security posture
10
Addressing a Growing Threat Landscape
More than
4,818 unique websites were 70 million
compromised with formjacking 33% 63% records stolen or
Increase in of ransomware
leaked as a result of
code each month mobile
ransomware
attacks are in
USA poor configuration
Just 10 stolen credit cards Mobile Ransomware
could yield $2.2m per month
11
Introduction to Symantec
Endpoint Protection (SEP)
Why Innovate in Endpoint Security?
ENDPOINT REALITIES HAVE ENDPOINT ARCHITECTURE ENDPOINT SECURITY MOVES
CHANGED DRAMATICALLY GROWING IN COMPLEXITY BEYOND MALWARE
Average time between endpoint
Agents for Security 7 min compromise and breach
7 and Management
(average)
+100% of recent major APTs used Active
Directory as an attack vector
Yesterday Today Challenges
of successful attacks in 2017
Traditional Endpoints Traditional Endpoints Updates
+77% utilized file-less techniques and
dual-use tools
Fixed Function Devices Fixed Function Devices Performance
increase in risky Wi-Fi
Managed Mobile Devices Managed Mobile Devices Disjointed +56% networks in 2017
increase in
On-Premises Cloud Delivered +8,500% coinminer detections
Discover & Deploy Easily | Secure heterogeneous devices | Swift Actions with Recommendations and Orchestration
14
SEP | Deepest Protection
Prevention Covering the Entire Attack Chain
15
Advanced Machine Learning
Blocks unknown threats and mutating malware
WEEK
S
MONTH
S
ZONE OF
EXPLOITATION
17
Behavioral Monitoring
Behavioral monitoring stops zero-day and unknown threats
18
File Reputation Analysis
Age, frequency, and location are used to expose unknown threats
Attack Quarantine
System
Endpoints Analysts
Good safety rating
File is whitelisted
Gateways
Honeypots
No safety rating yet
Can be blocked
Global Sensor
Network Analytics
3rd Party
Affiliates
Bad safety rating
File is blocked
Global Data Warehouse
Big Data Analytics
Collection
19
Emulation Capabilities
Fast and accurate detection of hidden malware
NO
EMULATION Executable
Malware hides Emulates file execution to cause
behind custom Packed, not recognized
polymorphic Packer threats to reveal themselves
packers
Emulation Environment
Executable
Lightweight solution runs in
EMULATION Packer milliseconds with high efficacy
Unpacking
Emulator ‘unpacks’
the malware in a
virtual environment Emulation Environment
Executable
Payload
Recognized
20
Symantec Complete Endpoint Defense
SEP Provides a Critical Protection Component
Symantec
Cyber Endpoint with Detection
Defense and Response
Manager Prevention + Detection
Single Console + Response
Endpoint Protection Advanced Endpoint Endpoint Detection
Hardening and Response
Symantec
Agent Symantec Endpoint Protection Symantec Endpoint Application Symantec Endpoint Detection Advanced Endpoint
Single Agent Control and Response Defense Suite
Prevent + Harden
Symantec Endpoint Protection Symantec Endpoint Application Symantec Managed Endpoint
Mobile Isolation Detection and Response
Symantec
Global Symantec Endpoint Cloud Symantec Endpoint Threat Defense
Intelligence Connect Defense for Active Directory Complete Endpoint
Network Defense Suite
Prevent + Harden +
Respond
21
Complete Endpoint Defense
Requires New Capabilities
Endpoint Detection and Response
Antimalware
Suspicious Activity
Malware Prevention
Detection
Block-list White-list
Same Rights, Same Access, Unrestricted unless stopped
Jails Castles
22
Complete Defense Requires Zero Trust
Antimalware
Suspicious Activity
Malware Prevention
Detection
23
Multilayer Defense Against Attacks
Single Agent Integrated Single Agent
24
CHALLENGERS LEADERS
Trend Micro
Sophos
Kaspersky Lab
Intel Security Symantec
Microsoft
Cylance
ESET
SentinelOne
360 Enterprise Security Group McAfee
Carbon Black Symantec
F-Secure CrowdStrike Complete
Panda Security
Invincea
Endpoint
Webroot
AhnLab Malwarebytes Palo Alto
Endgame Protection
Networks
Bitdefender
Comodo Cisco
FireEye
2018
2017
G Data Software Fortinet
SEP 14
Recommend
ed Product
28
Customer Validation
Royal Bank of Canada Williams Martini Racing
“SEP Mobile keeps our devices, our ”Symantec Endpoint
employees, our customers, and our data Protection is brilliant for us.”
safe from mobile threats without changing
Graeme Hackland
the quality of anyone’s mobile Chief Information Officer
experience.” Williams Martini Racing
David Fairman
CISO of Royal Bank of Canada
Interlocking
Reduced Realize Integrated Advanced
Multi-Layered
Complexity Cyber Defense Machine Learning
Defense
SEP
Tightly integrated network and endpoint defense
with automated controls and remediation to quickly stop
advanced threats
FortiGate
Enhanced visibility, rich context, and automated control for a more robust
security posture from the Endpoint to the Edge
32
GA DATE:
Use Case 1: Coordinated Policy Enforcement Q3 CY 2019
• Integration: Fabric Connector via API in both SEP Manager (SEPM) and FortiGate
• SEPM groups function as containers for the endpoints that run the client software.
• The clients that have similar security needs are organized into groups to make it easier to manage
network security.
• Fabric Connector can:
• Retrieve group names and use in NGFW policies
• Dynamically update ip/user mapping to group membership
• Enforce NGFW security policies that reflect SEPM group membership
33
Use Case 2: Extensive Threat Insights GA DATE:
To Be Announced
34
Use Case 3: Faster Detection and Response GA DATE:
To Be Announced
• Endpoint Visibility when • SEPM will submit suspicious • SEPM will query Fortinet in real-
security incident is detected / file detections to FortiSandbox time using Fabric APIs to obtain
prevented at the network level for inspection / analysis a list of endpoints connected to
• Trigger automatic action on network
• FortiSandbox Analysis results
SEPM which subsequently will be relayed to SEPM for file • SEPM will use this information to
enforces automatic conviction or exoneration identify devices that do not have
remediation at the endpoint a SEP agent installed and
• If convicted, active automatically trigger policy
• Leverage Fabric API remediation will take place enforcement by FortiGate
35
Strengthening Defense Through Integration
Control FortiGuard Symantec Global
Points Advanced Intelligence Network SOC
Threat research
Threat Integration
Protection
Email
Security Ticketing
EDR
Content
Analysis
Cloud App
Security ITMS Data Loss
Encryption SIEM
Prevention
(i.e FortiSIEM)
Firewall Sandbox
36
Introduction to Symantec Web
Security Services (WSS)
Need for Direct-To-Net Advanced Security
Traditional Backhaul Model Becoming Costly and Slow
But Backhauling Is
Web Security Service Expensive and Slow
40
Network Security for the Cloud Generation
Advanced Network Security Stack in the Cloud
Performance
41
Optimization for O365
Web Security Service Benefits
Improved Security
• Leading access control, threat prevention,
Web Security Service information security features
Improved Performance
• Optimized secure traffic flow to the internet
• Performance accelerating technologies
42
Network Security for the Cloud Generation
Advanced Network Security Stack in the Cloud
Performance
43
Optimization for O365
Web Security Service (WSS)
Cloud Firewall Service
Secure all internet traffic for
internet breakouts in customer
locations
HQ Location
• Customer-specific firewall policies
Web Traffic Cloud Firewall Proxy o Central management via WSS Portal
Branch-Office
o Full NGFW capabilities
Non-Web Traffic NGFW
o Supports fixed locations and roaming
users
Branch-Office Symantec Web Security Service • Centralized reporting
• Global footprint
How can I ensure compliance & security of • DLP (cloud delivered or link to on-premises)
sensitive data in O365, Dropbox, SFDC, and other • CASB Audit + Proxy to identify & control app use
cloud apps? • Performance & Security for O365
How can I simplify the deployment and ongoing • Cloud delivered service scales as you require
operation of our increasingly complicated • Full stack of integrated advanced capabilities
network security stack? • Simplified on-ramps (SEP & SD-Cloud Connector)
46
Summary
47
Q&A
48