Symantec Email-Protection aus der Cloud
Hakan Arslanboga
Security Specialist
Symantec (Deutschland) GmbH
Hans-Peter Dietrich
Solution Manager
Controlware GmbH
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Typische Kunden, NächsteSchritte & Lizenzierung5Aktuelle Bedrohungslage Email
Herausforderungen bei Kunden
Architektur, Lösungsansätze & Module
1
Agenda
2
3
„Viele der existierende Email-Gateways müssen jetzt neu bewertet werden, ob sie den veränderten Bedrohungen und Angriffen noch genügen“
Warum Email Security.cloud?4
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Evolving Email Threat Landscape
Source: ISTR Report 2017, Email ISTR Report 2017, ISTR Report 2016, Verizon DBIR 2016, 2016 SANS Incident Response Survey
36%Increase in ransomware
72%Incident responders use
security analytics to speed detection & response
Delivery mechanism for malwareEmail is the #1
55%Increase in spear
phishing campaigns
8,000Businesses targeted each
month by BEC scams
30%Users opened
phishing emails
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Challenges / Chaos
EVO
LVIN
G TH
REA
T LAN
DSC
AP
EP
OIN
T P
RO
DU
CTS
= D
ISJO
INTE
D S
ECU
RIT
Y
SHORTAGE OF SECURITY PERSONNEL
OPERATIONAL COMPLEXITY
BUSINESS EMAIL COMPROMISE
SPEAR PHISHING
RANSOMWARE
TARGETED & ADVANCED
THREATS
EMAIL VENDOR
ENDPOINT VENDOR
DLP VENDOR
WEB VENDOR
VULNERABLE ORGANIZATIONS
Sensitive data shared
Uninformedusers
Cloud Migration Social Engineered Poor Visibility Attacks
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
What Is Cloud Generation Email?
SECURE CLOUD & ON-PREMISES EMAIL• Office 365 and G Suite cloud email
• Exchange and other on-premises email
• Seamless migration to the cloud
COMPLETE EMAIL SECURITY STACK• Multi-layered with advanced threat protection
• Strong threat isolation prevents sophisticated attacks
• Deep visibility via advanced analytics
• Comprehensive impersonation defense and security awareness
EMAIL WITH INTEGRATED CYBER DEFENSE PLATFORM• Integrated with endpoint, web security and DLP
• Holistic messaging security via CASB add-on
• Open APIs for SOC automation, ticketing systems integration, and orchestrated response
OPERATIONAL EFFICIENCY AT LOW TCO• Single, strategic vendor
• Industry-leading SLAs
• Highest efficacy and accuracy
CLOUDGENERATION
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
The Cloud Generation Email Security Solution
Solution Overview
• Protects against targeted attacks, ransomware, spear phishing & business email compromise
• Gives deep visibility into advanced attacks and accelerates threat response
• Controls sensitive data and helps meet compliance & privacy requirements
• Reduces business risks by training employees to recognize & report email attacks
Cloud Service or On-premises Appliance
On-Premises Email Server
Third-Party Email Server
Inbound/Outbound
Inbound/Outbound
Inbound/Outbound
ImpersonationControls
Security Awareness
Data ProtectionPolicy-Based Encryption
Anti-SpamAnti-Malware
Advanced Threat Protection
Threat Isolation
Email Analytics
Messaging Gateway
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
SLA Performance Metrics
Quelle: https://www.symantec.com/products/email-security-cloud/sla-performance-metricsService Beschreibung: https://www.symantec.com/about/legal/repository?prod=email-security-cloud&lang=de
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Integrated
Solution
Cloud Generation Email Security Portfolio
PREVENT DATA LEAKAGE• Advanced Detection Technologies
• Multi-Channel Data Protection
• Policy-Driven Controls
• Push & Pull Encryption
PROACTIVELY PREVENT ATTACKS• Customizable Security Assessments
• Detailed Reporting & Visibility
• Integrated User Education
ISOLATE DANGEROUS THREATS• Malicious URL Isolation
• Attachment Isolation
• Credential Theft Protection
PROTECT AGAINST EMERGING THREATS• Machine Learning & Sandboxing
• Click-Time Protection
• Advanced Email Security Analytics
• SOC Integration
• Threat Remediation
STOP PHISHING ATTACKS• Link Protection
• Impersonation Controls
• Phishing Variant Detection
• Behavioral Analysis
BLOCK COMMON THREATS• Heuristics
• Reputation Analysis
• Connection-level Detection
• AV Engine
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Framework
CLOUD ORON-PREM
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Framework
CLOUD ORON-PREM
Email Security.cloudMessaging Gateway:
BLOCK
REPORT
DISCOVER
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Prevent Overview
Strong prevention technologies lower security risk and improve productivity
USE CASE #1 USE CASE #2 USE CASE #3
Ransomware Spam & Bulk MailImpersonation
“I need to prevent ransomware threats from reaching my
endpoints.”
“I want to eliminate spam and bulk mail, which hamper user
productivity.”
“I need to protect specific executives or all users from
attacks impersonating a user.”
?
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Blocks Unwanted Emailwith Multi-layered Defense
1 Connection-Level ProtectionSlows and drops anomalous connections
3 Reputation AnalysisUses global intelligence to stop unwanted email
2 Anti-Spam EnginesInspects emails with signature-based scanners
Proactively shuts down illegitimate messages
Filters known spam and bulk mail
Eliminates untrusted sources of email
Identifies new spam and bulk email
Spam and Bulk Mail Protection
4 Behavior AnalysisExamines every email characteristic to find suspicious behavior
Global Intelligence Network
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain Comprehensive Protection Against Evolving Ransomware
Sandboxing
• Deep Code Analysis• File Decomposition
• Advanced Machine Learning• Behavioral & Network Analysis
1. Email with Malicious Attachment or Link
• Link Protection at Email Delivery• Link Protection at Click-Time• Advanced Phishing Variant Detection
Email Threat Isolation
• Malicious URL Isolation• Malicious Attachment Isolation
Link ProtectionBehavior Analysis
2. Malicious Email Blocked
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Strongest Protection Against Impersonation Attacks
Impersonation
Sender Authentication
• SPF Validation• DKIM Validation• DMARC Validation
Business Email Scam Analyzer
• Advanced Heuristics• Typo Squatting• Spoofed and Phishing
Domain Intelligence
Impersonation Controls
• User Impersonation• Domain Impersonation• Whitelist Trusted
Senders
Detection Controls
Reports/Logs API DatafeedAdvanced Email Security Analytics
Stop BEC /CEO Fraud Emails
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Message Anatomy
Business Email Compromise Scam
15
From: Greg Clark <[email protected]>To: Finance or Accounting userSubject Line: Request
I need you to process a wire transfer today. Please confirm so that I can forward you the instructions.
RegardsGreg ClarkChief Executive Officer
Sent from my iPad
Impersonated User
Simple Subject Line
Urgent Request
Social Engineering
Targeted User
No Attachment or Link
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Defends Against Business Email Compromise
Email Impersonation Control Impersonation Controls
User Impersonation ControlsBlocks attacks masquerading as a user in your organization
Stops scams impersonating senior executives
1
Domain Impersonation ControlsPrevents attacks imitating a legitimate email domain in your
organization
Identifies attacks using spoofed or cousin domains
2
Email Attribute ControlsGuards against attacks exhibiting suspicious behavior such
as mismatched email headers
Blocks attacks that spoof display names
3
Global Intelligence Network
Business Email
Compromise Scam
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Framework
CLOUD ORON-PREM
Email Threat Isolation
INSULATE
ANALYZE
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Threat Isolation Overview
Take prevention to the next level with threat isolation
USE CASE #1 USE CASE #2 USE CASE #3
Isolate Malicious URLs Stop Credential TheftIsolate Malicious Attachments
“I want elevated levels of protection for my users against spear phishing
and advanced attacks.”
“I want to stop users from submitting corporate passwords and sensitive information to malicious websites.”
“I want to prevent ransomware and other malware from infecting endpoints
with weaponized attachments.”
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Phishingemail
Isolated site+
Read-only
User clickson link
Mail serverSymantec Cloud Email Security
Links transformed to redirect through Web Isolation
Email Isolation Portal
How Email Threat Isolation Works
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
How Email Threat Isolation Works
20
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Prevent Credential Theft with Read-only Protection
Eliminate phishing and its risks by rendering websites in read-only mode
Prevent sensitive information from being enter into malicious web forms
Requires no hardware or software
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Allow Link & Attachment
Trusted Websites
Stop Spear Phishing Attacks with Holistic Link Protection
Isolate Links and
Attachments
Email Threat Isolation Isolate Attack
Spear PhishingAttack
3
Symantec Cloud Email Security
Evaluate LinksAt Delivery Time
1Block Attack
Users Evaluate LinksAt Click Time
2 Block Attack
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Framework
CLOUD ORON-PREM
123
ATP:Email
PRIORITIZE
INVESTIGATE
EXPOSE
CONTAIN
RESOLVE
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Detect and Respond Overview
Stop targeted and advanced email attacks in their tracks
USE CASE #1 USE CASE #2 USE CASE #3
Visibility RemediationHunting
“I need deep visibility into sophisticated attacks and prioritization of incidents
to accelerate threat response.”
“I want to contain threats and orchestrate response across my
security controls.”
“I want to hunt threats in my email and correlate events across my
security environment.”
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain the Deepest Visibility Into Targeted & Advanced Attacks
Advanced Email Security Analytics
60+ Data Points on Clean and Blocked Emails
Email Volume
Malicious Email Senders & Recipients
Severity Level
Sandbox Detonation Information
Malware Category
URLInformation
Malicious Email Theme or Topic
Detection Method
File Hashes
ATP Platform
Symantec Managed Security
Services
Correlation & Response
Export Intelligence
Identify targeted attack recipients
Correlate threats with endpoints
Feed URLs into web proxy
Find patterns in threats
Monitor email logs
Benefits
Accelerate Threat Response
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Copyright © 2017 Symantec Corporation
Enhanced mobile experience
Show additional message information such as attachment names and direction
Quarantine data protection & image control messages
Clearly differentiatesbetween spam andinformation protection messages
Enhanced reportingoptions with more details on usage
Can hold DLP violating message for quarantine admin review and release or release to an admin
Remediate Threats by Quarantining Dangerous Emails
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Automatically Remediate Email Threats in Office 365
Clawback emails from Office 365 afterthey’ve been delivered
Contain threats and stop missed email attacks from spreading
Speed remediation of potential issues
Copyright © 2017 Symantec Corporation
Email scanned and delivered
Remediation
Symantec GIN1
23
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Framework
CLOUD ORON-PREM
Security Awareness
BENCHMARK
TRAIN
SIMULATE
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Prepare Overview
Reduce your business risks with effective security training
USE CASE #1 USE CASE #2 USE CASE #3
Assessment EducationTracking
“I want to assess employee readiness to email attacks by
simulating real-world threats.”
“I want to reduce my security risks by educating users to recognize
sophisticated email attacks.”
“I want to track progress of my employee security awareness
over time.”
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
• Mimic the latest, real-world email threats
• Create custom assessments with templates and landing pages
• Quickly deploy and manage security assessments
Easily Tailor Assessments to Your Needs
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
• Understand user behavior with executive dashboards and detailed reporting
• Identify key trends by comparing results to previous assessments
• Develop user risk profiles by combining assessment results with email threats
Improve Security Awareness With Integrated Insights
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
• Alert vulnerable users to complete required security education
• Teach users to spot sophisticated email attacks through training
• Customize training alerts and landing pages to the needs of your business
Condition Employees to Recognize and Report Email Attacks
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email Security Framework
CLOUD ORON-PREM
CASB
SIEM
ENCRYPTION
ENDPOINT
WEB
DLP
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Integrate Overview
Harness the power of an Integrated Cyber Defense platform
USE CASE #1 USE CASE #2 USE CASE #3
Integrated Information Protection
Security Infrastructure
Secure Cloud Adoption
“I want advanced information protection across my email channel.”
“I want to leverage existing investments by integrating email security with the
rest of my security infrastructure.”
“I want to securely move my infrastructure to the cloud.”
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec?
• Prevents the most advanced email attacks with strong email isolation
• Deepest visibility into email attack campaigns
• Best protection for data and storage via integration with Symantec DLP and CASB
Superior Protection for Office 365
“We’re moving to Office 365 and are relying on their built-in security, which has poor protection against sophisticated attacks”
Poor protection against new and emerging threats such as spear phishing, ransomware, and Business Email Compromise attacks due to minimal Office 365 security
Symantec Cloud Email Security solution
Symantec CASB
Symantec DLP
• Multi-layered defense, email isolation
• Advanced, multi-channel DLP policies
• CASB policies
NEED
CHALLENGE
PRODUCT
CAPABILITIES
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete, Multi-
layered
Security
Strong Endpoint and
Web Integrations
Deep Threat Visibility
Advanced DLP
and Encryption
Orchestrated Threat
Response
“Symantec is positioned in the Leaders
category in this IDC MarketScape
because of its cloud-first strategy.”
- IDC MarketScape: Worldwide
Software-as-a-Service Email Security
2016 Vendor Assessment
Visionary Innovation & Performance
Email Security Market Leadership
“Symantec is the overall revenue leader in
messaging security and in the software-as-a-
service and software on-premise categories.”
- IDC MarketScape: Worldwide Email
Security 2016 Vendor Assessment
“Symantec operates one of the world’s
largest civilian cyber intelligence
networks, allowing it to see and protect
against the most advanced threats.”
SaaS Report Overall Report
- Radicati Group Secure Email Gateway
Market Quadrant 2016
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain Complete and Integrated Email Security with a Single Vendor
Email Security
Advanced Threat
Protection
Email Encryption
Threat Isolation
Data Loss Prevention
Security Awareness
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email with Integrated Cyber Defense
CLOUD GENERATION
THREAT ANALYTICS
ENDPOINT SIEM
CASB TELEMETRY
TICKETING AUTOMATION
SECURITYORCH.
WEB
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Orchestrate Response Across Emails and Endpoints
39
Symantec Email Security
Global IntelligenceNetwork
Endpoint Protection
Administrator
Symantec Advanced Threat
Protection
Blacklist and remediate threats from emails on the endpoint
Blacklist and remediate threats and attacks from endpoints in email
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Email Security • Protect against advanced attacks in
external email
Symantec CASB • Protect against advanced attacks in internal
email and content for Office 365 apps
• Control access to apps and content
Protect Office 365 with Comprehensive Cloud Security
CASB
DLP
Symantec DLP• Protect data in email and Office 365 apps
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Granular DLP policies protect sensitive data and help address legal & compliance requirements
Policy-based encryption policies automatically safeguard the security & privacy of confidential emails
Protect Your Sensitive Data in the Cloud
Information Protection
Sensitive Information Protected
Symantec Email Security.cloud Symantec Data Loss Prevention
CustomizableControl
Seamless Encryption or
Decryption
Quick, Secure Message Delivery
Multi-Channel Coverage
Advanced Detection
Technologies
Symantec DLP integration prevents data leakage with advanced detection technologies & multi-channel coverage
PCI GLBAHIPAA ITAR
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Delivering Protection in The Cloud Generation
• Open Interface to Symantec and Third-Party Technologies
• Structures and Unifies Telemetry
• Control of Event Information for Regulatory Adherence
• Long-Term Correlation of Event and Telemetry Data
• Provides Automated Actions for Control Points
• Integration Point for External Control Structures
• MSP• Artificial Intelligence / Machine Learning• Orchestration
INTEGRATED CYBER DEFENSE EXCHANGE (ICDx)
ICDx
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
The Symantec DifferenceKey Capabilities Symantec Vendor A Vendor B Vendor C
Preve
nt
Link Protection(checks blacklists) (checks blacklists)
Threat Protection Efficacy(Avg Efficacy) (Avg Efficacy)
Isolate
Comprehensive Malware Isolation (Email, Endpoint)
Credential Phishing Protection
Re
spo
nd
Advanced Threat Analytics(no clean email visibility)
Multi-Vector Correlation & Response (Email, Endpoint, Web)
Pre
pare
Security Awareness Training
Inte
grate
Strongest Office 365 Security (Email, CASB, DLP)(only basic DLP & CASB)
Holistic Messaging Security (Email, Slack, FB, etc.)(only basic CASB)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Source: Symantec TASER testing
• Low efficacy scores due to OEM technology
• Relies heavily on standard signatures & blacklists
• Poor protection against spear phishing, ransomware, and business email compromise
Poor Effectiveness
• Lacks granular policy definition
• Less advanced scanning & limited workflows
• Protects O365 & Exchange on-premises data only
Basic Data Loss Prevention
• Unproven sandbox with virtual execution only
• Little detailed reporting on blocked attacks
• Poor visibility into targeted attack campaigns
Marginal Threat Protection
Office 365 Security Is Not “Good Enough”
“How to Enhance the Security of Office 365” – Gartner Research, November 2017
By 2020, 50% of organizations using Office 365 will rely on non-Microsoft security tools to maintain consistent security policies across their multivendor ‘SaaSscape’.”
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec: Most Complete Protection in the Industry
CONNECTION LEVEL
MALWARE & SPAM DEFENSE
ADVANCED MACHINE LEARNING
LINK PROTECTION
BEHAVIOR ANALYSIS
IMPERSONATION CONTROL
SANDBOXING
SMTP firewall, sender reputation and authentication
reduce risks and throttle bad connections
Evaluates malicious links at
email delivery and time of click with
advanced phishing variant detection
Analyzes code for malicious
characteristics
Heuristics, reputation, and signature based
engines evaluate files and URLs for email malware & spam
Detonates only truly unknown files in
both physical and virtual
environments
Global Intelligence Network
MALWARE & SPAM PROTECTION
Identifies new, crafted, and hidden
malware by examining the
behavior of suspicious email
PHISHING DEFENSE EMERGING THREAT PREVENTION
Blocks Business Email Compromise and other spoofing
attacks
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Typische Kunden, Nächste Schritte & Lizensierung
- Vereinbarung eines individuellen Beratungstermins/ Workshops über controlware
- Konzeption der idealen Lösungsansätze, Auswahl der Module etc. (Lizensierung)
- Planung und Buchung einer „Testinstallation“ (Ablauf)
- Gemeinsame Ausarbeitung von Testszenarien
- Durchführung eines POCs zur Validierung der Szenarien mit definierten Zielen
- Einführung /Überführung der neuen Lösung
Thank You
Backup-Slides
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Prevent Threats ending up in End User Inbox
Use Case
Prevent Threats from ending up in
the mailbox
“I want to prevent sophisticated threats to be stopped on the way
in”
49
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
90% of Cyber Attacks Come Through Email & Web
• Spear phishing is the most widely used infection vector in 2017
• 55% increase YoY in spear phishing campaigns
• Business Email Compromise (BEC) scams cost businesses over $3.1 billion dollars
55% Of Large Enterprise were
Targeted by Spear Phishing
83% Growth in Active
Phishing URLs
of Users Click Untrusted
Links or Attachments12%
Email and
Phishing Threats
Source: Symantec Internet Security Threat Report 2018, FBI Public Service Announcement I-050417-PSA May 4, 2017 50
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Aktuelle Fragen unserer Kunden
• Brauche ich für MS Office 365
überhaupt noch eine separate Email-
Schutzlösung?
• Was sind die Vor-/Nachte zwischen
OnPremise und Cloud-Lösung?
• Gibt es Vorteile von Maschine
Learning / KI im Bereich Email?
• Welche Vorteile bietet Symantec zu
Mitbewerbern wie Cisco oder
Proofpoint?
• Gibt es etwas Neues im Bereich
Email-Verschlüsselung?
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
File
UR
L
Wh
itel
ist
Bla
cklis
t
Cer
tifi
cate
Mac
hin
e Le
arn
ing
40B web attacks blocked a year
357 millionnew unique piecesof malware discovered last year
20,000+ Cloud applications discovered and protected
100Msocial engineering scams blocked last year
1Bmalicious emails stopped last year
175 million Consumer and Enterprise endpoints
protected
9 global threat response centers with
3500+ Researchers and Engineers
1 billion previously unseen web requests
scanned daily
2 billion emails scanned per day
CLOUD GLOBAL INTELLIGENCE SOURCED FROM:
4.7M unique wi-fi networks analyzed and protected
54Copyright © 2018 Symantec Corporation
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain Complete and Integrated Email Security with a Single Vendor
Email Security
Advanced Threat
Protection
Email Encryption
Threat Isolation
Data Loss Prevention
Security Awareness
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete, Multi-
layered
Security
Strong Endpoint and
Web Integrations
Deep Threat Visibility
Advanced DLP
and Encryption
Orchestrated Threat
Response
“Symantec is positioned in the Leaders
category in this IDC MarketScape
because of its cloud-first strategy.”
- IDC MarketScape: Worldwide
Software-as-a-Service Email Security
2016 Vendor Assessment
Visionary Innovation & Performance
Email Security Market Leadership
“Symantec is the overall revenue leader in
messaging security and in the software-as-a-
service and software on-premise categories.”
- IDC MarketScape: Worldwide Email
Security 2016 Vendor Assessment
“Symantec operates one of the world’s
largest civilian cyber intelligence
networks, allowing it to see and protect
against the most advanced threats.”
SaaS Report Overall Report
- Radicati Group Secure Email Gateway
Market Quadrant 2016
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Email with Integrated Cyber Defense
CLOUD GENERATION
THREAT ANALYTICS
ENDPOINT SIEM
CASB TELEMETRY
TICKETING AUTOMATION
SECURITYORCH.
WEB
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
The Symantec DifferenceKey Capabilities Symantec Vendor A Vendor B Vendor C
Preve
nt
Link Protection(checks blacklists) (checks blacklists)
Threat Protection Efficacy(Avg Efficacy) (Avg Efficacy)
Isolate
Comprehensive Malware Isolation (Email, Endpoint)
Credential Phishing Protection
Re
spo
nd
Advanced Threat Analytics(no clean email visibility)
Multi-Vector Correlation & Response (Email, Endpoint, Web)
Pre
pare
Security Awareness Training
Inte
grate
Strongest Office 365 Security (Email, CASB, DLP)(only basic DLP & CASB)
Holistic Messaging Security (Email, Slack, FB, etc.)(only basic CASB)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Cloud Email Security User Stories
CLOUD EMAIL SECURITY
Targeted Attack Investigation and Response
Advanced Confidential Data Protection
Superior Protection for Office 365
Complete Ransomware Protection
Advanced Business Email Compromise Protection
Comprehensive Spear Phishing Defense
Security Awareness & Education
UserStories
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Superior Protection for Office 365
“We’re moving to Office 365 and are relying on their built-in security, which has poor protection against sophisticated attacks”
Poor protection against new and emerging threats such as spear phishing, ransomware, and Business Email Compromise attacks due to minimal Office 365 security
Symantec Cloud Email Security solution
Symantec CASBSymantec DLP
• Multi-layered defense, email isolation• Advanced, multi-channel DLP policies • CASB policies
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (USER)LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec?
• Prevents the most advanced email attacks with strong email isolation
• Deepest visibility into email attack campaigns
• Best protection for data and storage via integration with Symantec DLP and CASB
Superior Protection for Office 365
“We’re moving to Office 365 and are relying on their built-in security, which has poor protection against sophisticated attacks”
Poor protection against new and emerging threats such as spear phishing, ransomware, and Business Email Compromise attacks due to minimal Office 365 security
Symantec Cloud Email Security solution
Symantec CASB
Symantec DLP
• Multi-layered defense, email isolation
• Advanced, multi-channel DLP policies
• CASB policies
NEED
CHALLENGE
PRODUCT
CAPABILITIES
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Source: Symantec TASER testing
• Low efficacy scores due to OEM technology
• Relies heavily on standard signatures & blacklists
• Poor protection against spear phishing, ransomware, and business email compromise
Poor Effectiveness
• Lacks granular policy definition
• Less advanced scanning & limited workflows
• Protects O365 & Exchange on-premises data only
Basic Data Loss Prevention
• Unproven sandbox with virtual execution only
• Little detailed reporting on blocked attacks
• Poor visibility into targeted attack campaigns
Marginal Threat Protection
Office 365 Security Is Not “Good Enough”
“How to Enhance the Security of Office 365” – Gartner Research, November 2017
By 2020, 50% of organizations using Office 365 will rely on non-Microsoft security tools to maintain consistent security policies across their multivendor ‘SaaSscape’.”
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain Comprehensive Protection Against Evolving Ransomware
Sandboxing
• Deep Code Analysis• File Decomposition
• Advanced Machine Learning• Behavioral & Network Analysis
1. Email with Malicious Attachment or Link
• Link Protection at Email Delivery• Link Protection at Click-Time• Advanced Phishing Variant Detection
Email Threat Isolation
• Malicious URL Isolation• Malicious Attachment Isolation
Link ProtectionBehavior Analysis
2. Malicious Email Blocked
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Strongest Protection Against Impersonation Attacks
Impersonation
Sender Authentication
• SPF validation
• DKIM validation
• DMARC validation
Business Email Scam Analyzer
• Advanced Heuristics
• Typo Squatting
• Spoofed and Phishing Domain Intelligence
Impersonation Controls
• User Impersonation
• Domain Impersonation
• Whitelist Trusted Senders
Detection Controls
Reports/Logs API DatafeedAdvanced Email Security Analytics
Stop BEC Email
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain the Deepest Visibility Into Targeted & Advanced Attacks
Advanced Email Security Analytics
60+ Data Points on Clean and Blocked Emails
Email Volume
Malicious Email Senders & Recipients
Severity Level
Sandbox Detonation Information
Malware Category
URLInformation
Malicious Email Theme or Topic
Detection Method
File Hashes
ATP Platform
Symantec Managed Security
Services
Correlation & Response
Export Intelligence
Identify targeted attack recipients
Correlate threats with endpoints
Feed URLs into web proxy
Find patterns in threats
Monitor email logs
Benefits
Accelerate Threat Response
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec CASB
API and/or
Gateway
Symantec CASB Protects Internal Emails and Office 365 Apps
Coverage of All Office 365 Apps
• At-Rest in Office 365 apps
• In-Motion between users and Office 365 apps
Office 365 Exchange
Internet
Yammer
Sharepoint
OneDrive
Teams
Office 365 Emails
• Internal Emails between users in the same org
• At-Rest Emails in the O365 inbox or outbox
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Data Protection for Exchange, OneDrive and SharePoint
Symantec DLP Prevents Data Leakage Across Office 365
Extends DLP to Exchange Online, OneDrive & SharePoint Online
Inspects and blocks real-time inline traffic
Scans data at rest on OneDrive & SharePoint via DLP and CloudSOC
Deeply inspects content with advanced detection not available in Office 365
DLP
Enables strong file encryption on OneDrive & SharePoint via Information Centric Encryption
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
What's New in DLP Cloud Services?
1.Powerful, cloud-based content detection - Rigorously examines all of youroutbound email traffic for sensitive data in Microsoft Office 365 Exchange Online and Gmail for Work.
2.New cloud-based management console, DLP Cloud Console - Makes iteasy to manage content detection policies, investigate and remediate policyviolations, and monitor what’s going on with a sleek design and a user-friendly interface.
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete Email Security for Office 365 and Gmail
Introducing the DLP Cloud Service for Email with Cloud Console
Leverages and enhances Symantec Email Security.cloud
Adds a powerful layer of data protection to strengthen outbound email security
Complete with inbound protection against malware, spam and bulk email
100% cloud-based solution makes it easy to deploy and manage
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete Cloud Email Security• Superior inbound and outbound email
protection for Office 365 and Gmail
• 100% cloud-based solution deploys easily – no software or hardware!
Email Protection• Safeguards users from inbound email
threats such as phishing, malware, spam
• Stops ransomware and business email compromise with multi-layered detection
Sensitive Data Protection• Catches data loss other solutions miss with
powerful, cloud-based content detection
• A sleek cloud console makes it easy to manage polices and violations
• Dozens of built-in policy templates get you up and running quickly
Superior Cloud Email ProtectionWith industry-leading email security and data loss prevention
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
DLP Cloud Console: Dashboard View
72
Get an at-a-glance view of policy violations
Top users / violators across the company
Most recent violations in real-time
Top policies violated
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
73
DLP Cloud Console: Policy Authoring
• Content and context-aware detection minimizes false positives
• Keywords, regexes, file properties, built-in Data Identifiers (100+)
• Highly targeted policies for specific users and groups
• Automated and manual actions• Alert, block and notify, mask, modify
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
74
DLP Cloud Console: Violation Remediation
View violated policies and drill down in one click
View every instance that violated the policy
View details about the email, including message content
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec?
• Prevents the most advanced email attacks with strong email isolation
• Deepest visibility into email attack campaigns
• Best protection for data and storage via integration with Symantec DLP and CASB
Superior Protection for Office 365
“We’re moving to Office 365 and are relying on their built-in security, which has poor protection against sophisticated attacks”
Poor protection against new and emerging threats such as spear phishing, ransomware, and Business Email Compromise attacks due to minimal Office 365 security
Symantec Cloud Email Security solution
Symantec CASB
Symantec DLP
• Multi-layered defense, email isolation
• Advanced, multi-channel DLP policies
• CASB policies
NEED
CHALLENGE
PRODUCT
CAPABILITIES
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
• Multi-layered protection
• Email isolation
• Targeted & advanced attack visibility
• Security awareness & education
Why Symantec?
• Prevents the most advanced spear phishing attacks with strong email isolation
• Stops spear phishing links with the strongest link protection in the industry
• Gives the deepest visibility into phishing attacks with 60+ data points on clean & malicious emails
Comprehensive Spear Phishing Defense
“I need to protect my users from phishing emails, which are becoming more targeted and sophisticated”
Spear phishing emails are on the rise. These attacks are increasingly targeting specific users and becoming more advanced
Symantec Email Security.cloud + Advanced Threat Protection for Email + Email Threat Isolation
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
HQ
Stop Spear Phishing Attacks with the Most Comprehensive Defense
Spear phishing email sent to organization protected by Symantec Email Security solution in the cloud or on-premises
1
Symantec analyzes email with Link Protection and Advanced Phishing Variant Detection capabilities2
Security Operations Center team uses Indicators of Compromise (IOCs) to respond to spear phishing attack4
Compromised users learn to recognize spear phishing attacks with phishing awareness and education
5
MSSATP Platform
Spear Phishing Attack Visibility4
1
2 Spear Phishing Protection
Link Protection at Email Delivery
Link Protection at Time of Click
Advanced Phishing Variant Detection
Symantec isolates malicious links and prevents credential phishing with Email Threat Isolation3
Third-PartyMail Server
5 Spear Phishing Awareness & Education
Spear Phishing Isolation
3
Email Threat Isolation
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Link Protection Analyzes Spear Phishing Links in Real-Time
Link Analyzed:http://ow.ly/1234
Redirects to:http://eww.newtonp12345.com.br/images/fotos/fotos/a/
Redirects to:http://www.newton12345.com.br/images/fotos/fotos/a/html/content/home/index.html
Malicious Content
Identified
Intelligence Updated
Email Stopped In Real-time
Redirects to:http://www.mundo12345.com/images/logos/z1/img.php
Evaluates phishing links without relying on blacklists or signatures
Only vendor to evaluate phishing links at email delivery and click-time
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Has Unparalleled Spear Phishing Defense
Gives deep visibility into spear phishing attacks with 60+ data points on clean and malicious emails
Accelerates response by speeding threat hunting and correlation of phishing attacks
Detects new phishing attacks thattraditional email security solutions miss
Real-time evaluation of phishing links performed at email delivery and again at click-time
Isolates malicious links & attachments while rendering phishing websites in read-only mode
Insulates users from spear phishing emails while stopping credential phishing attacks
Identifies spear phishing links that are variants of known phishing threats
Sniffs out phishing attacks that reuse code with advanced phishing variant detection
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Advanced Business Email Compromise Protection
“I need to stop my users from falling for Business Email Compromise scams”
Business Email Compromise attacks are targeting vulnerable users and growing rapidly
Symantec Email Security.cloud + Advanced Threat Protection for Email
• Impersonation controls
• Sender authentication controls
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Business Email Compromise Attacks Are Preying on Users
Difficult to Block
Low volume emails with generic content and no malicious code or links
Large Financial Losses
Average loss from BEC attacks was
$210,000 in 2016
Simple Concept
Email sent from CEO requesting large money
transfer or sensitive data
$5B+ Exposes losses to Business Email Compromise (BEC) fraud over the past 3 years
Source: FBI Public Service Announcement, I-050417-PSA (May 2017)
2400% Increase in BEC attacks since 2015
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
I need you to process a wire transfer today. Please confirm so that I can forward you the instructions.
RegardsJoe CEOChief Executive Officer
Sent from my iPad
Anatomy of a Business Email Compromise Attack
From: [email protected]: XYZ userSubject Line: Request
Impersonated User
Simple Subject Line
Urgent Request
Social Engineering
Impersonated Domain
Targeted User
No Attachment or Link
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Strongest Protection Against Impersonation Attacks
Impersonation
Sender Authentication
• SPF Validation
• DKIM Validation
• DMARC Validation
Business Email Scam Analyzer
• Advanced Heuristics
• Typo Squatting
• Spoofed and Phishing Domain Intelligence
Impersonation Controls
• User Impersonation
• Domain Impersonation
• Whitelist Trusted Senders
Detection Controls
Reports/Logs API DatafeedAdvanced Email Security Analytics
Stop BEC Email
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Defend Your Business from BEC Attacks with Impersonation Controls
Proactively block Business Email Compromise and other spoofing attacks with impersonation controls
• Protect specific executives or all users from attacks impersonating an user
• Stop attacks that impersonate email domains
• Whitelist specific users, domains, and IP addresses
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Symantec Stops BEC Attacks with Sender Authentication Controls
Impersonation
Coming from a service with new or neutral reputation and probably passing sender authentication
From:[email protected]
From:[email protected]
Symantec Cloud Email Security
DNS
Attack sends impersonation email to organization protected by Symantec Cloud Email Security1
Symantec uses sender authentication (SPF, DKIM, DMARC) to check the identity of the sender2
Symantec blocks the impersonation email after it fails sender authentication checks3
1
2
3
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec?
• Blocks BEC attacks with powerful, easy-to-configure impersonation controls
• Protects your company brand with sender authentication controls and brand protection
• Gives the deepest visibility into BEC attacks with 60+ data points on clean and malicious emails
Advanced Business Email Compromise Protection
“I need to stop my users from falling for Business Email Compromise scams”
Business Email Compromise attacks are targeting vulnerable users and growing rapidly
Symantec Email Security.cloud + Advanced Threat Protection for Email
• Impersonation controls
• Sender authentication controls
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Complete Ransomware Protection
“I need to stop ransomware attacks from holding my organization hostage”
Email is the #1 threat vector for ransomware attacks, which are increasingly targeting enterprises
Symantec Email Security.cloud + Advanced Threat Protection for Email + Email Threat Isolation
• Behavior analysis and sandboxing• Link protection • Email isolation
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
How Do Ransomware Attacks Work Over Email?
5. Call C&C Server
2. Malicious Email Delivered
1. Email with Malicious Attachment or Link
3. Malicious Email Opened
DOC SCRIPT
6. Encryption4. Malware Installed
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain Comprehensive Protection Against Evolving Ransomware
Sandboxing
• Deep Code Analysis• File Decomposition
• Advanced Machine Learning• Behavioral & Network Analysis
1. Email with Malicious Attachment or Link
• Link Protection at Email Delivery• Link Protection at Click-Time• Advanced Phishing Variant Detection
Email Threat Isolation
• Malicious URL Isolation• Malicious Attachment Isolation
Link ProtectionBehavior Analysis
2. Malicious Email Blocked
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
File Decomposition Can Identify Even the Most Hidden Ransomware
PDF ContainsMaliciousJavaScript
Zip Contains a DOC,Which Contains an EXE,
Which Contains aMalicious URL
ZIP
DOC EXE URL
PDF JSCRIPT
EXAMPLE
EXAMPLE
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Header
OLE/Storage/Word
Header Analyzer
Text Analyzer
Word Analyzer
OLE Analyzer
Excel Analyzer
VBA Analyzer Script/VBA
@DOC
Email with Word Doc
OLE/Container
Text
OLE/Storage/Excel
OLE/Stream/01Table
OLE/Stream/Word Document
Email Items Analyzer Plug-InsHeuristicModules
Symantec Decomposes & Examines Documents for Ransomware
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Block Targeted & Advanced Attacks Faster with Sandboxing
Broad coverage: Office docs, scripts, PDFs, Java, containers, portable executables, and more
Quick, accurate analysis of nearly all types of potential malicious content
Detect threats designed to evade VMs using physical and virtual machines
Designed to draw out VM-aware malware; executes & analyzes the results
Advanced machine learning,behavior analysis, and network traffic analysis
Detects stealthy and persistent threats and command and control traffic that traditional defenses miss
“Symantec sandboxing detected a trojanized version of a legitimate software package that a member of my security team
downloaded. It saved us from a massive security breach.” –Leading food provider
“Symantec sandboxing detected a targeted attack from a nation state as it came in and enabled our security operations team to
respond to it quickly.” – International electric company
Conviction and intelligence always available within minutes not hours.
Rapid updates as malware evolves to avoid detection
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Allow Link & Attachment
Trusted Websites
Get Complete Ransomware Link Protection
Isolate Links and
Attachments
Email Threat Isolation Isolate Attack
RansomwareAttack
3
Symantec Cloud Email Security
Evaluate LinksAt Delivery Time
1Block Attack
Users Evaluate LinksAt Click Time
2 Block Attack
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Shield applications from weaponized attachments
Automatically isolate suspicious executable
attachments
Suspicious -> Full Isolation
Good File -> No Restriction
Monitor download activity and auto classify downloaded
attachments
Executable Files
Content Files
Defend Against Ransomware in Weaponized Attachments with SEP Hardening
Shield email clients from attacks
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec?
• Prevents the most advanced ransomware with strong email isolation
• Stops ransomware links with the strongest link protection in the industry
• Identifies the most stealthy ransomware attacks with behavior analysis & sandboxing
Complete Ransomware Protection
“I need to stop ransomware attacks from holding my organization hostage”
Email is the #1 threat vector for ransomware attacks, which are increasingly targeting enterprises
Symantec Email Security.cloud + Advanced Threat Protection for Email + Email Threat Isolation
• Behavior analysis and sandboxing
• Link protection
• Email isolation
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Targeted Attack Investigation and Response
“I need to accelerate and orchestrate my response to advanced attacks across my security environment”
Traditional email security tools lack the deep visibility and orchestrated response need to remediate advanced attacks
Symantec Advanced Threat Protection solution
• Targeted & advanced attack visibility
• SOC integration
• Response across multiple vectors
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Responding to Targeted & Advanced Attacks Requires Advanced Analytics
• Was this attack targeted? If so, what type of attack is this?
• Who’s targeting me and where’s it coming from?
Who’s Targeted?
• Who was targeted and was anybody infected?
• Was my network or endpoint security able to stop the attack?
Effective ReportingIs This Targeted?
• Were malicious links or attachments used?
• Can I block this attack on my endpoint or network?
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Gain the Deepest Visibility Into Targeted & Advanced Attacks
Advanced Email Security Analytics
60+ Data Points on Clean and Blocked Emails
Email Volume
Malicious Email Senders & Recipients
Severity Level
Sandbox Detonation Information
Malware Category
URLInformation
Malicious Email Theme or Topic
Detection Method
File Hashes
ATP Platform
Symantec Managed Security
Services
Correlation & Response
Export Intelligence
Identify targeted attack recipients
Correlate threats with endpoints
Feed URLs into web proxy
Find patterns in threats
Monitor email logs
Benefits
Accelerate Threat Response
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Hunt threats across your security environment with data such as file hashes, IP addresses, and URLs
Correlate security events across email, endpoints, and network
Feed information such as malicious URLs and file hashes into your web proxy
Get real-time visibility into email attack campaigns with a campaigns dashboard
Understand the threat landscape with dashboards on attack trends, malware, phishing, and spam
Seamlessly Hunt Threats via SOC Integration
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Copyright © 2017 Symantec Corporation
Enhanced mobile experience
Show additional message information such as attachment names and direction
Quarantine data protection & image control messages
Clearly differentiatesbetween spam andinformation protection messages
Enhanced reportingoptions with more details on usage
Can hold DLP violating message for quarantine admin review and release or release to an admin
Remediate Threats by Quarantining Dangerous Emails
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Automatically Remediate Email Threats in Office 365
Clawback emails from Office 365 afterthey’ve been delivered
Contain threats and stop missed email attacks from spreading
Speed remediation of potential issues
Copyright © 2017 Symantec Corporation
Email scanned and delivered
Remediation
Symantec GIN1
23
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Orchestrate Response Across Emails and Endpoints
102
Symantec Email Security
Global IntelligenceNetwork
Endpoint Protection
Administrator
Symantec Advanced Threat
Protection
Blacklist and remediate threats from emails on the endpoint
Blacklist and remediate threats and attacks from endpoints in email
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Why Symantec?
• Deepest visibility into email attack campaigns
• Tightly integrated with 3rd party SIEMs and other security tools
• Orchestrated response across email and endpoints
Targeted Attack Investigation and Response
“I need to accelerate and orchestrate my response to advanced attacks across my security environment”
Traditional email security tools lack the deep visibility and orchestrated response need to remediate advanced attacks
Symantec Advanced Threat Protection solution
• Targeted & advanced attack visibility• SOC integration• Response across multiple vectors
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Advanced Confidential Data Protection
“I need to protect sensitive data shared over email to meet security, legal & compliance requirements”
Sensitive data can be exposed as employees share confidential information over email
Symantec Email Security.cloud + Symantec DLP + Policy-Based Encryption Advanced
• Granular DLP policies
• Policy-based encryption controls
• Multi-channel DLP with advanced detection
NEED
CHALLENGE
PRODUCT
CAPABILITIES
LIST (EMAIL)
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Granular DLP policies protect sensitive data and help address legal & compliance requirements
Policy-based encryption policies automatically safeguard the security & privacy of confidential emails
Protect Your Sensitive Data in the Cloud
Sensitive Information Protected
Symantec Email Security.cloud Symantec Data Loss Prevention
CustomizableControl
Seamless Encryption or
Decryption
Quick, Secure Message Delivery
Multi-Channel Coverage
Advanced Detection
Technologies
Symantec DLP integration prevents data leakage with advanced detection technologies & multi-channel coverage
PCI GLBAHIPAA ITAR
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Keep Your Emails Secure and Private with Policy-based Encryption
• Self-serve TLS encryption
• Secure, encrypted PDF for mobile-friendly “push” experience
• Symantec-branded recipient experience
Email Security.cloudPolicy-based Encryption
Advanced Add-on
• Secure pickup portal for “pull” encryption experience
• PGP and S/MIME support
• Granular controls with message expiration and recall options
• Customizable branding