Symantec Web Isolation

Secure Access to Uncategorized and Risky Sites

Protect Your Most Privileged Users
Prevent Phishing and Ransomware Attacks
Symantec Announces Fireglass Acquisition
Web isolation changes the game for protecting against advanced threats

• Fireglass web isolation

• Established in 2014
• Leader in fast growing browser/web isolation market
• Customer value – increased malware protection for web & mail
• Integrates with Secure Web Gateway (ProxySG, ASG, VSWG)
to allow safe access to uncategorized/risky sites
• Also can work with email on prem – parallel with Symantec SMG
• Offered stand-alone – cloud or on-prem
• Integrations underway with cloud-delivered Web Security Service
and Symantec email security solutions (SMG, email.cloud)

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 2

90% of Cyber Attacks Come Through
Web and Email
Web Threats Email & Phishing Threats

1,400+
New browser & plug-in vulnerabilities
83%
Growth in active phishing URLs
per year

78%
of sites can be used to deliver malware
55%
of Large Enterprise were targeted
by spear phishing

Every 4 seconds 12%

of users click untrusted links
an unknown malware is downloaded
or attachments

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 3

Source: Verizon DBIR, Symantec ISTR, Gartner
Web Browsers – The Ultimate Attack Surface

SVG

Flash & 3rd

Parties

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 4

The Threat of the Unknown Web
Parameter
ALLOW
Known
Good THE CHALLENGE
• Millions of new sites created every day
• 71% of all host names exist for 24 hours or less
ALLOW?
Unknown/ • Many are legitimate, but some offer ideal cover for hackers
“HOW CAN I INCREASE SECURITY
Risky launching attacks / WITHOUT OVER-BLOCKING?”
• Difficult to assess w. traditional “detection”BLOCK? approaches
uncategorized or potentially risky* domains
• Customizing protection without over-blocking
BLOCK
Known
Bad

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 5

The Evolution of the Proxy

Proxy 1.0 Proxy 2.0 Proxy 3.0

Cache Policy & Detection Web Isolation

• Expensive bandwidth • Web access control & • Eliminate the threat of

• Slow connectivity compliance infections
• Proxy 1.0 is mainly a cache • URL filtering & risk levels • Block or Allow • Executes web content
•
solution • SSL visibility & content not always remotely
(e.g. Cache Flow) inspection effective. • Solves challenge of
• Sandbox & Anti-malware • Malware & uncategorized websites
•
• Proxy 2.0 is a Block or phishing • Reduces overhead and
Allow solution circumvent complexity of access polices
traditional and false alerts
solutions • Eliminates over-blocking

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 6

Web Isolation Fundamentals

Browsing session is secured through isolation; access not blocked

• Everything assumed to be malicious
• All code and content prevented from reaching endpoints
• Enables access to unknown/risky content where there is a legitimate need

Web isolation eliminates patient zero

• Isolation prevents infections before they ever happen
• Even zero-day vulnerabilities
• Malware has become extremely violent (e.g. ransomware) with close to zero dwell time
for detection and remediation

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 7

Web Isolation Architecture
Symantec
Risks Web Isolation User
Web
Download Execute Render 100% safe
rendering information
101010011010
100101001 01
010110100 11
110010101 10
Documents
Secure Disposable Container

101010011010
100101001 01
010110100 11
User gestures
110010101 10
Email Secure Disposable Container

101010011010 Seamless browsing experience

100101001 01
010110100 11
110010101 10 Isolate both web and email,
Secure Disposable Container
including documents
On premise, cloud and hybrid

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 8

Isolation Integration Portfolio
GIN
SYMC+BC

Also:
Isolation
Service Stand-alone
offering

3rd Party
NGFW
SMG Portal App Proxy SG WSS Email.cloud SEP CASB DLP Proxies
Protection Email

Today Today Today Cloud/ April April 2018 H2 2018 Future Future
On-Premise/Hybrid 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 9

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 10
Demo

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

ProxySG/WSS Integration

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 13

 SWG integrated isolation capabilities

Isolate
Web
3
Isolation

DLP
Uncategorized/Risky
Block Websites
2

Users Categorized
Content & Malware
Analysis Allow Bad Sites
1
1 Allow trusted sites Intelligence
Services
2 Block known bad sites
3 Isolate uncategorized/risky sites where access is needed Categorized Trusted Sites
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 14
 Hybrid Integration with Symantec SWGs (cloud
and on-premises)
Web
Isolation

PROXY

Symantec Symantec
Headquarters ProxySG Web Security
Data Center Service (WSS)*

Regional
Office
Web
Isolation •
•
•
•
•
• Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 15
Key Use Cases

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

Key Use Cases

1 Stop Over-blocking: 2 Additional 3 Prevent phishing

Expand web protection for attacks by isolating
access by isolating privileged users risky embedded
uncategorized and URL links
potentially risky traffic

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 17

 Expand Web Access by Isolating
Uncategorized and Potentially Risky Traffic

Don’t Over-block Access to Uncategorized

or Potentially Risky Websites
Prevent Malware While Expanding Web Access

I need to:
Allow Block Y/N ???
• Enable broad web access and avoid “over-blocking” while
still protecting my organization from advanced threats
• Minimize support tickets requesting access
to blocked sites

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 18

 Problem: Over-blocking the
“Middle Ground” Sites

Web access policy: Allowed Categories where some

Uncategorized Threat Cats
• Always allow certain Categories access may be required
categories/sites Health, Financial Dynamic File Storage/ Malicious
Hacking Uncategorized Suspicious …
Services, etc. DNS Host Sharing in/out…
• Always block certain
categories/sites
ALLOW or DENY… DENY… MOSTLY
• Key Issue – …depending on …for security DENY
Middle Ground organizational needs best practices
• Over-block – at the expense Some
creates user issues of user Allow
ALLOW Some
Allow experience. DENY
• Under-block – Often requires
Increased risk additional ops
of malware Often requires additional to whitelist
ops to whitelist specific specific
domains/users domains/users

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 19

 Stop Over-blocking
Web isolation with proxy using website categories

Web access policy: Allowed Categories where some

Uncategorized Threat Cats
• Always allow certain Categories access may be required
categories/sites Health, Financial Dynamic File Storage/ Malicious
Hacking Uncategorized Suspicious …
Services, etc. DNS Host Sharing in/out…
• Always block certain
categories/sites
• Middle ground
categories/sites
get isolated
• Expanded access ALLOW ISOLATE DENY
with no malware risk

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 20

 Web Isolation With BCIS-Advanced
Using BCIS-advanced risk levels makes web isolation
more efficient

Intelligence
Services
HIGH
MODERATELY Risk Level 10: Solid evidence of malicious (rated in database)
HIGH Risk Level 9: Probably malicious
Web Isolation
Risk Level 8: Stronger evidence of maliciousness
Risk Level 7: Shady behavior (including Spam, Scam, PUS, etc. but possibly malicious)

MODERATE Risk Level 6: Exercise caution; very new sites, or some evidence of shady behavior
Risk Level 5: May not be safe; no established history of normal behavior
Risk Level 4: Still probably safe (or starting to establish a history of normal behavior)
Risk Level 3: Probably Safe
MODERATELY Risk Level 2: Other top sites; consistently well-behaved
LOW Risk Level 1: Big names; long history of good behavior; huge traffic
LOW Risk Level 0: Customer Whitelist
21
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
 Stop Over-blocking
Web isolation with proxy using categories
(with risk levels: BCIS-advanced)
Web access policy: Risk Allowed Customer Categories where some
Uncategorized Security Concerns
Level Categories Category access may be required
• Allow certain
categories and Health, Financial Category File Storage/ Dynamic
Hacking Uncategorized Suspicious
Malicious
…
low risk sites Services, etc. of Interest Sharing DNS Host Outbound

• Block certain 10
categories and 9 DENY
riskiest sites 8
• Middle ground 7
categories and
potentially risky 6 ISOLATE
sites get isolated 5
• Expanded access 4
with no malware risk 3
ALLOW
2
1
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 22
 Unified Policies for Uncategorized
and Potentially Risky Sites
Isolate
Web
3
Isolation

DLP
Uncategorized/Risky
Block Websites
2

Users Categorized
Content & Malware
Analysis Allow Bad Sites
1
1 Allow trusted sites Intelligence
Services
2 Block known bad sites
3 Isolate uncategorized/risky sites where access is needed Categorized Trusted Sites
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 23
 Additional Protection for Privileged Users
Safeguard Privileged Users

Prevent Malware with Web Access

• We have privileged users like executives, IT admins,
HR, and finance that have extra permissions and
access rights to sensitive data and systems
• I need to enable secure web browsing on those
critical endpoints, and ensure internet delivered
C-Level Key IT
malware never impacts these devices
HR, Legal,
Team Staff Finance

Malware on these endpoints has

severe consequences because of
unique system privileges
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 24
 Policies Set to Isolate All Privileged User Traffic

Web
Isolation

Isolate All Web Browsing

Privileged
User
All Websites

• Privileged users have all web browsing isolated

• Eliminates possibility of web-delivered malware
to these highly sensitive endpoints

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 25

Prevent Phishing Attacks by Isolating Risky
Embedded URL Links
Prevent malware/ransomware from phishing attacks

Isolate websites launched from URLs

embedded in email
• Stop credential theft by preventing users from
submitting corporate credentials and other
sensitive information on unknown and
malicious sites
• Protect my users from embedded URLs that
links to malicious websites

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 26

 Isolate Web-Activity Launched From Email

• Prevent users from submitting

corporate passwords and sensitive
information to malicious web sites
by rendering sites in read-only mode
• Isolates links in email so users can
safely click on them

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 27

Email Integration (Cloud and On-premises)
Symantec email isolation leverages real-time URL risk rating analysis to apply isolation accordingly

Click-time URL User clicks

Protection on link •
•
•
•
•
•

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 28

Differentiation

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

The Symantec Web Isolation Difference
Combination of Unique Portfolio, Product-Level, and Corporate Capabilities

Integrated platform Superior Product Enterprise Grade Cloud

• ProxySG + WSS
• DLP
• SEP
• Global Intelligence Network
• Content & Malware Analysis
• SMG + email.cloud
• Unified policies
• Centrally managed
• Logging and reporting
• Seamless UX
• Highest level of isolation
• Advanced functionality
• Top US Banks
• Large deployments
Symantec’s global cloud
• Enterprise SLAs
• Universal connectivity
• Multiple authentication options
• Multi-tenancy
• Peering
• World-class 24/7 support
• Single vendor
30
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Integrated Isolation Platform
GIN
SYMC+BC

Also:
Isolation
Service Stand Alone
Fireglass

3rd Party
NGFW
SMG Portal App Proxy SG WSS Email.cloud SEP DLP CASB Proxies
Protection Email

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 31

Proxy-enabled integration leveraging existing
security products and policies
Only Symantec Web Isolation maintains web session’s UserID and TenantID which allows both ProxySG and WSS to
apply existing policies (e.g. DLP, CA/MA) on isolated traffic

1 4 1 2 3
Tenant+User ID

2 3

Symantec
Web Isolation

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 32

Unmatched integration with WSS leverages existing
security services and policies on isolated traffic
Symantec Web Security
Service (WSS)
DLP
CASB

Proxy

Malware Scanning
& Analysis •
Tenant+User ID

Unified Management •
(Cloud & Premise)
File •
URL
•
Whitelist
Blacklist
Certificate

Web Machine
Learning •
Isolation
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 33
SEP and Web Isolation Integration
SEP-enforced web policies allow IT security to leverage Web Isolation to protect even remote users

•
•
•
•
x

•
• •
• •
• •
•
•

34
x x Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Summary

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

Web Isolation Benefits
Eliminate any web threats
• Prevent infections before they
ever happen
• Stop ransomware attacks
• Secure access to uncategorized
and risky sites
• No detection required (!!)
• Protect against zero-day exploits
Defeat phishing threats
• Prevent infections via
malicious links
• Block users from disclosing
sensitive information (e.g.
corporate credential)
• Managed and unmanaged
devices
Minimize security overhead
• Simplify web access policies
• Mitigate support tickets
requesting access to risky sites
• No false negative/positive alerts
• Minimize investigations and
remediation
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 36
Summary
• Symantec’s Web Isolation technology is
a key threat protection capability to add
to your security infrastructure
• Web isolation is an important and fast
growing new security technology
• Gartner research predicting >25%
enterprises adopt by 2022

• Next Step: 30-day a Proof-of-Value

Symantec Web Isolation program to experience the power of
our web isolation technology

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 37

Q&A
Appendix

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

WSS Integration
Screenshots

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

WSS + Web Isolation Integration - April 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 41

WSS + Web Isolation Integration - April 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 42

WSS + Web Isolation Integration - April 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 43

WSS + Web Isolation Integration - April 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 44

WSS + Web Isolation Integration - April 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 45

Email integration
screenshots

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY

Email.Cloud Integration - April 2018

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 47

SMG Integration

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 48

Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 49
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 50
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 51
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 52