Professional Documents
Culture Documents
1,400+
New browser & plug-in vulnerabilities
83%
Growth in active phishing URLs
per year
78%
of sites can be used to deliver malware
55%
of Large Enterprise were targeted
by spear phishing
SVG
101010011010
100101001 01
010110100 11
User gestures
110010101 10
Email Secure Disposable Container
Also:
Isolation
Service Stand-alone
offering
3rd Party
NGFW
SMG Portal App Proxy SG WSS Email.cloud SEP CASB DLP Proxies
Protection Email
Today Today Today Cloud/ April April 2018 H2 2018 Future Future
On-Premise/Hybrid 2018
Isolate
Web
3
Isolation
DLP
Uncategorized/Risky
Block Websites
2
Users Categorized
Content & Malware
Analysis Allow Bad Sites
1
1 Allow trusted sites Intelligence
Services
2 Block known bad sites
3 Isolate uncategorized/risky sites where access is needed Categorized Trusted Sites
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 14
Hybrid Integration with Symantec SWGs (cloud
and on-premises)
Web
Isolation
PROXY
Symantec Symantec
Headquarters ProxySG Web Security
Data Center Service (WSS)*
Regional
Office
Web
Isolation •
•
•
•
•
• Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 15
Key Use Cases
I need to:
Allow Block Y/N ???
• Enable broad web access and avoid “over-blocking” while
still protecting my organization from advanced threats
• Minimize support tickets requesting access
to blocked sites
Intelligence
Services
HIGH
MODERATELY Risk Level 10: Solid evidence of malicious (rated in database)
HIGH Risk Level 9: Probably malicious
Web Isolation
Risk Level 8: Stronger evidence of maliciousness
Risk Level 7: Shady behavior (including Spam, Scam, PUS, etc. but possibly malicious)
MODERATE Risk Level 6: Exercise caution; very new sites, or some evidence of shady behavior
Risk Level 5: May not be safe; no established history of normal behavior
Risk Level 4: Still probably safe (or starting to establish a history of normal behavior)
Risk Level 3: Probably Safe
MODERATELY Risk Level 2: Other top sites; consistently well-behaved
LOW Risk Level 1: Big names; long history of good behavior; huge traffic
LOW Risk Level 0: Customer Whitelist
21
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Stop Over-blocking
Web isolation with proxy using categories
(with risk levels: BCIS-advanced)
Web access policy: Risk Allowed Customer Categories where some
Uncategorized Security Concerns
Level Categories Category access may be required
• Allow certain
categories and Health, Financial Category File Storage/ Dynamic
Hacking Uncategorized Suspicious
Malicious
…
low risk sites Services, etc. of Interest Sharing DNS Host Outbound
• Block certain 10
categories and 9 DENY
riskiest sites 8
• Middle ground 7
categories and
potentially risky 6 ISOLATE
sites get isolated 5
• Expanded access 4
with no malware risk 3
ALLOW
2
1
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 22
Unified Policies for Uncategorized
and Potentially Risky Sites
Isolate
Web
3
Isolation
DLP
Uncategorized/Risky
Block Websites
2
Users Categorized
Content & Malware
Analysis Allow Bad Sites
1
1 Allow trusted sites Intelligence
Services
2 Block known bad sites
3 Isolate uncategorized/risky sites where access is needed Categorized Trusted Sites
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 23
Additional Protection for Privileged Users
Safeguard Privileged Users
Web
Isolation
Privileged
User
All Websites
Also:
Isolation
Service Stand Alone
Fireglass
3rd Party
NGFW
SMG Portal App Proxy SG WSS Email.cloud SEP DLP CASB Proxies
Protection Email
1 4 1 2 3
Tenant+User ID
2 3
Symantec
Web Isolation
Proxy
Malware Scanning
& Analysis •
Tenant+User ID
Unified Management •
(Cloud & Premise)
File •
URL
•
Whitelist
Blacklist
Certificate
Web Machine
Learning •
Isolation
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY 33
SEP and Web Isolation Integration
SEP-enforced web policies allow IT security to leverage Web Isolation to protect even remote users
•
•
•
•
x
•
• •
• •
• •
•
•
34
x x Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY- LIMITED USE ONLY
Summary
Eliminate any web threats Defeat phishing threats Minimize security overhead
• Prevent infections before they • Prevent infections via • Simplify web access policies
ever happen malicious links • Mitigate support tickets
• Stop ransomware attacks • Block users from disclosing requesting access to risky sites
• Secure access to uncategorized sensitive information (e.g. • No false negative/positive alerts
and risky sites corporate credential) • Minimize investigations and
• No detection required (!!) • Managed and unmanaged remediation
• Protect against zero-day exploits devices