Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Il Cloud a difesa della mail e del web
1. Il cloud a difesa delle email e del web
Antonio Ricci
Symantec.cloud
2. Email and Web usage
Users’ behaviour is changing
Benefits
Risks
• Job • Phishing attacks
optimization • Confidentiality
• Improving team • Loss of sensitive
collaboration information
• Information • Social
always available engineering
• Quick access to
information
Il cloud a difesa delle email e del web 2
3. The Convergence of Threats:
Botnets, Spyware, Viruses and Spam
Spyware
Spammer
Viruses Uses botnet to send spam Spam
Il cloud a difesa delle email e del web 3
4. SPAM – Unsolicited Bulk Email
www.symanteccloud.com/intelligence
Il cloud a difesa delle email e del web 4
5. Email containing Virus
www.symanteccloud.com/intelligence
Il cloud a difesa delle email e del web 5
6. Phishing Distribution and Targets
Automated Toolkits 21.8%
Other Unique Domains 58.7%
IP Address Domains 4.1%
Free Web Hosting Sites 13.3%
Typosquatting 2.0%
Financial 85.7%
Information Services 11.6%
Others 2.6%
Government 0.2%
www.symanteccloud.com/intelligence
Il cloud a difesa delle email e del web 6
7. Email misuse impacts
Loss of
• Sensitive data sent via email
information
Loss of
• Improper content sent via email
reputation
Il cloud a difesa delle email e del web 7
8. Protecting email infrastructure
Cloud solutions
• Clean Pipe
• Opex vs Capex
• Workload optimization
• Easy to Implement
Symantec.cloud
• Global Intelligence Network
• 10.7 million SaaS users
• Service Level Agreement
• 24x7 Support
Il cloud a difesa delle email e del web 8
9. Symantec.cloud SLA
Actual Aug
SLA 2010
17 Million pieces of
Malware captured
in August 2010
AntiSpam
effectiveness
99% 99.99997%
Spam false
0.0003% 0.000007%
1 Billion Web
requests
per day in August
positive rate
AntiVirus false
positive rate
0.0001% 0.000006%
Email & Web
6 Billion emails
scanned by
Skeptic
Service
Availability
100% 100%
Il cloud a difesa delle email e del web 9
10. Email flow
ACME.COM
10 mail1.acme.com
20 mail2.acme.com
XYZ.COM
> > host–t–t type mx ACME.COM
host type mx ACME.COM ACME.COM
10 mail1.acme.com
10 cluster.symanteccloud.com
20 mail2.acme.com
20 clusterA.symanteccloud.com
Il cloud a difesa delle email e del web 10
11. Email protect and Control
Il cloud a difesa delle email e del web 11
12. Web Security Challenges
Defending Against Malware
• Attackers use the Web to deliver viruses, spyware, and other malware
Web Misuse
• Reduces productivity, consumes bandwidth, and creates
exposure to security and legal risk
Enforcing a Web Acceptable Use Policy
• Often difficult and time consuming
An Increasingly Mobile Workforce
• Extending security and policy enforcement can be difficult when
workers are located away from the corporate LAN
Il cloud a difesa delle email e del web 12
13. Web Threat Landscape
Attackers are increasing their volume and frequently use legitimate Websites…
Average amount of Website Analysis of Blocked Domains:
requests blocked by our Service:
+20%
Vs. 2009 on a per client per
10% Newly
Established
month basis. Domains
Legitimate
New Malware Sites per Day Websites
Sites with spyware = 200+ per day
90%
Legitimate Websites compromised by
Sites with Web viruses: 4000+ per day malware without the owners knowledge
Source: MessageLabs Intelligence, July 2010
Il cloud a difesa delle email e del web 13
14. Protecting Web Navigation
Cloud solutions
• Easy to Implement
• Scalability
• Roaming users control
• Cost prediction
Symantec.cloud
• Global Intelligence Network
• 14 Datacenters in the world
• URL filtering based on 90 categories
• Strong security focus
• Protection against known and unknown malware
Il cloud a difesa delle email e del web 14
15. Web Security.cloud
How it works
A user initiates a Web request which is Policies determine whether traffic is sent
checked against the customer policies on, flagged or denied. Each request is logged.
Firewall
Internet
Web content is retrieved by Multi-layer scanning detects Clean content is delivered
Symantec.cloud Web-borne threats without noticeable delay
Firewall
Il cloud a difesa delle email e del web 15
17. Summary
Email and Web usage
• Benefits and threats
Threat landscape is evolving quickly
• Need for protection
Migration to the cloud
• Benfits
Symantec.cloud protection:
• Leader in security protection
• SLA
• Email and Web Protection integration
Il cloud a difesa delle email e del web 17
18. I prossimi appuntamenti online:
> 28 novembre
“Symantec Endpoint Protection 12.1”
> 13 dicembre
“Integrare Data Loss Prevention con Encryption per una
più efficace protezione delle informazioni”
Registrati sul sito:
www.emea.symantec.com/blackmarket/it
Il cloud a difesa delle email e del web 18
19. Contatti
Stop Black Market
twitter.com/stopblackmarket
@ blackmarket@messagegroup.it
Il cloud a difesa delle email e del web 19
Notes de l'éditeur
• Customers point their Mail Exchange (MX) records to Symantec.cloud Infrastructure• Inbound and outbound email is directed by Symantec.cloud, where it is scanned • Our perimeter defenses detect and reject known malware and spam originating from known sources• Proprietary Skeptic™ heuristic technology provides a vital layer of security, identifying and stopping new or unknown threats and proactively detecting and rejecting spam from unknown origins.• Email containing a virus is blocked and quarantined for 30 days, and the recipient is notified. Email containing Spam will be acted on according to your policy. Actions can include, block and delete, quarantine for 14 days or pass through with a tagged subject line or appended header• ‘Link following’ technology checks all web pages referenced within an email for viruses and other threats, blocking the email if malware is found on the linked sites. Suspicious links confirmed as viral will have a signature created for them so that future emails containing that link will be treated as being infected and are quarantined• Administrators and / or end users manage quarantined email and spam pens as well as approved and blocked sender lists
Difesa dell’email in cloudClean pipeOpexottimizzazioneDifesa delle email con Sym.cloudGINUpdate auotomatici e in tempo realeSLA
Hosted services enable organizations to lower total cost of ownership and simplify administration by replacing on-site hardware and software with infrastructure managed by a service provider in the cloud. As with any service arrangement with a third party, it’s critical to know what you’re paying for. One way to tell hosted service providers apart is by looking at the targets and redress policies that are outlined in their Service Level Agreement (SLA). Symantec.cloud has spent more than a decade developing highly accurate, effective, and reliable hosted services for securing and managing information delivered via email, Web, and instant messaging. We have invested heavily in proprietary heuristics for detecting malware and spam, a global infrastructure presence with 14 data centers spread across 4 continents, redundancy within and across our service delivery sites, and high quality technical support delivery. Together, these investments enable us to offer an aggressive, comprehensive and industry leading Service Level Agreement. Email SecurityAntiVirus Effectiveness – 100% protection against known and unknown email viruses AntiVirus Accuracy - no more than 0.0001% false positives AntiSpam Effectiveness – 99% spam capture (95% for email with Asian characters) AntiSpam Accuracy - no more than 0.0003% false positives Email Delivery – 100% email delivery Latency – average email scanning time within 60 seconds Availability – 100% service uptime Web SecurityAntiVirus – 100% protection against known web viruses Latency – average Web content scanning time within 100 milliseconds Availability - 100% service uptime
Unlike competitors, we have made tremendous investments in our architecture to deliver the highest levels of accuracy with the fewest false positives possible. We believe the best approach is to have multiple layers of protection: Traffic management slows down bad traffic at the TCP/IP layer Connection management uses heuristics to block unwanted email and prevents attacks at the user layer. Next, multiple commercial scanners are used to identify known viruses while our proprietary Skeptic technology is used to identify unknown, zero-hour, or emerging threats. Skeptic includes engines and heuristics (10 patents granted and pending) that cannot be tested by attackers. As a result of this unique technology, we capture threats that others miss.When all is said and done, customers benefit from a cleaner inbox, more regained bandwidth, and greater threat protection than they can receive through competitor offerings.
Common Web Security challenges that organizations are facing today include:Malware – malicious software designed to steal information or system resources. Without proper defense measures, web-borne malware can cause system downtime, cause data loss, or reduce productivity.Web Misuse – can reduce employee productivity, consume valuable bandwidth resources, and introduce legal risks to organizations in cases where inappropriate material is being viewed by users in view of peers.Enforcing a Web Acceptable Use Policy – implementing a Web Acceptable Use Policy is critical for controlling web misuse. However, without the proper tools, policies are difficult to monitor and enforce. An Increasingly Mobile Workforce– Remote workers and the need to travel for business have made protection for users who access the Web away from the corporate LAN a necessity for many businesses.
This slide will help you understand how Web Security.cloud works. Web Security.cloud examines the web traffic requests your users initiate and checks them against the policies you create. If a policy rule is triggered, the web request is either logged and allowed to pass or is denied. If no policy rules are triggered the web request is allowed to pass Web page requests are retrieved and scanned by Symantec.cloud using multi-layer malware scanning technologies. If a threat is detected, the web page request is denied and the user is notified with a message in their web browser (which you may choose to customize) If no threats are found, page content is delivered with no noticeable delay
This image shows a screenshot of the ClientNet dashboard reporting console for Symantec.cloud customers detailing the service activities and virus threats processed by our Email AntiVirus.cloud and Email AntiSpam.cloud services. Domains and reflected time period are configurable to the desired level of detail.