Enhancing Essential

Security Controls from

the Endpoint to the Edge
Joakim Lialias, Director, Product Marketing
Michael Sholl, Senior System Engineer

1
Content
• Symantec Overview

• Introduction to Symantec Endpoint Protection (SEP)

• Symantec | Fortinet Integrations – SEP

• Introduction to Web Security Service

• Summary

• Q&A

2
Symantec Overview
Symantec Overview
Corporate Overview
Symantec Corporation (NASDAQ: SYMC),
the world’s leading cyber security company,
allows organizations, governments, and
people to secure their most important data
wherever it lives. Enterprises across the
world rely on Symantec for integrated cyber
defense against sophisticated attacks across
endpoints, infrastructure, and cloud.
More than 50 million people and families rely
on Symantec’s Norton and LifeLock Digital
Safety Platform to help protect their personal
information, devices, home networks, and
identities at home and across their devices.
Symantec takes leadership position in 5 Magic
Quadrants – EPP, DLP, MSS, SWG, and CASB.
Symantec Endpoint Protection wins AV-TEST Award for
Best Protection 2018 – 4 years in a Row
The Forrester Wave™: Cloud Security Gateways
Leader, 20185
SEP Mobile leader in IDC MarketScape: WW Mobile
Threat Management Security Software 2018 Vendor
Assessment
The Forrester Wave™: Endpoint Security Suites
Leader, 2018
And Many More…
© Fortinet Inc. All Rights Reserved. 4
Symantec’s Integrated Cyber Security Platform
Critical integrations and open ecosystem to react quickly

• One platform that unifies cloud and

on-premise security
• Best-of-breed information and threat
protection across endpoints,
networks, applications, and cloud
• Broad ecosystem support with
hundreds of third-party applications
• Shared intelligence and shared
management, powered by the
world’s largest civilian threat
intelligence network
5
Cost and Complexity Are Increasing

SECURITY OPERATING COSTS

Existing Technology Footprint Annual Security Improvement

New Regulations

Labor Cost Increases

CURRENT
SECURITY BUDGET Subscription Expense Growth
6-8% ANNUAL
BUDGET INCREASE
Maintaining a Dual Environment (Legacy and Cloud)

6
Fragmented Tools No Longer Work

There will be as many as

>80% 91%
3.5m
unfilled cyber security
Percentage of CXOs Percentage of enterprises
whose threat detection who are considering or positions in the industry
and response actively consolidating by 2021
effectiveness is impacted cyber security vendors
by too many with whom they conduct
independent point tools business
SOURCE: ESG “The Shift Toward Cybersecurity Technology Platforms” February SOURCE: Forbes “The Cybersecurity Talent Gap Is An
2019 Industry Crisis” August 9, 2018
7
What Organizations Need

01 02 03

End-to-End To Close
To Centralize and
Security Protection
Leverage the
Orchestration, Gaps Across
Value of
Automation, and Vendors and
Security Data
Remediation Product Silos

8
Symantec | Fortinet - What was announced?

• December 11th, 2018, Issued a joint Press

Release: Market Leaders Symantec and Fortinet
Partner to Deliver the Most Robust and
Comprehensive Cloud Security Service
• Broad global partnership encompassing cloud,
network and endpoint:
• Fortinet NGFW as an integrated component of
Symantec Web Security Service; sold by
Symantec
• Integration roadmap between Symantec End
Point Protection & Fortinet Fabric
• Sales teaming & marketing allowing respective
teams to be compensated on new opportunities

9
 Two Market Leaders Joining Forces
To do what leaders do best: LEAD
ENDPOINT PROTECTION PLATFORM SECURE WEB GATEWAYS NEXT GENERATION FIREWALL

Leaders that will work together to provide customers with unprecedented best-breed-security solutions
to help strengthen security posture

10
Addressing a Growing Threat Landscape

More than
4,818 unique websites were 70 million
compromised with formjacking 33% 63% records stolen or
Increase in of ransomware
leaked as a result of
code each month mobile
ransomware
attacks are in
USA poor configuration
Just 10 stolen credit cards Mobile Ransomware
could yield $2.2m per month

General Data Protection

48% of all malicious 1000% increase Regulation (GDPR)
email attachments are includes penalty of
in malicious
MS Office files 4% of turnover
Up from 5%a PowerShell for non-compliance
year ago scripts

11
Introduction to Symantec
Endpoint Protection (SEP)
Why Innovate in Endpoint Security?
ENDPOINT REALITIES HAVE ENDPOINT ARCHITECTURE ENDPOINT SECURITY MOVES
CHANGED DRAMATICALLY GROWING IN COMPLEXITY BEYOND MALWARE
Average time between endpoint
Agents for Security 7 min compromise and breach

7 and Management
(average)
+100% of recent major APTs used Active
Directory as an attack vector
Yesterday Today Challenges
of successful attacks in 2017
Traditional Endpoints Traditional Endpoints Updates
+77% utilized file-less techniques and
dual-use tools
Fixed Function Devices Fixed Function Devices Performance
increase in risky Wi-Fi
Managed Mobile Devices Managed Mobile Devices Disjointed +56% networks in 2017

BYOD (Unmanaged) Talent

Always Connected Users

2x increase in vulnerabilities driven
largely by increase of apps in 2017

increase in
On-Premises Cloud Delivered +8,500% coinminer detections

Sources: Ponemon, Symantec ISTR 2018, CVE 2017 Vulnerabilities

13
1
3
 Symantec Endpoint Protection (SEP)
Prevention against emerging malware and zero day threats

Cloud-based Emerging Threats Auto-Manage

Endpoint Prevention and Endpoint
Security Visibility Security

Discover & Deploy Easily | Secure heterogeneous devices | Swift Actions with Recommendations and Orchestration

14
 SEP | Deepest Protection
Prevention Covering the Entire Attack Chain

Patented real-time cloud lookup for scanning of suspicious files

NETWORK DEVICE ADVANCED NETWORK

MEMORY BEHAVIOR
FIREWALL & CONTROL & REPUTATION FIREWALL &
EXPLOIT MACHINE EMULATOR MONITORING DECEPTION
INTRUSION SYSTEM ANALYSIS INTRUSION
PREVENTION LOCKDOWN MITIGATION LEARNING
PREVENTION

Blocks Control file, Pre-execution Monitors and Blocks

Blocks zero- Determines
malware registry, and Pre-execution detection of blocks files that Identify malware
day exploits safety of files
before it device access detection of packed exhibit breaches by before it
against and websites
spreads to and behavior; new and malware and suspicious deceiving spreads to
vulnerabilities using the behaviors, Non
your machine whitelisting, evolving behavior attackers with your machine
in popular wisdom of the PE based, DLL
and controls blacklisting, threats analysis of bait and controls
software community Sideloading
traffic etc. scripts traffic

INCURSION INFECTION INFESTATION EXFILTRATION

Enriched Events for On-Premise and Roaming Clients for Analytics based Analysis, Detection and Response

15
Advanced Machine Learning
Blocks unknown threats and mutating malware

Collect Training sets

in Real-Time 0-day protection
against variants of the
same malware family
Training Algorithm

Detects large classes

of malware with a
Trained Machine low false positive rate

New & Retrained

Advanced ML

High efficacy with

infrequent updates
Detect on client
with Advanced
Machine Learning
16
Memory Exploit Mitigation
Blocks zero day memory attacks in popular software
• Preemptively blocks attacker exploit techniques
• Works without signatures or knowledge of the
Vulnerability Vulnerability Patch Patch vulnerability
Discovered Discovered Released Applied • Log-only mode supports testing individual techniques for
individual applications

WEEK
S
MONTH
S

ZONE OF
EXPLOITATION

17
Behavioral Monitoring
Behavioral monitoring stops zero-day and unknown threats

Artificial Intelligence Human-authored Behavioral Policy

Based Classification Engine Behavioral Signatures Lockdown

Monitors nearly 1400 file behaviors to answer:

Where did it come
What has it done? What did it contain? Who is it related to?
from?

18
File Reputation Analysis
Age, frequency, and location are used to expose unknown threats

Attack Quarantine
System

Endpoints Analysts
Good safety rating
File is whitelisted
Gateways

Honeypots
No safety rating yet
Can be blocked
Global Sensor
Network Analytics

3rd Party
Affiliates
Bad safety rating
File is blocked
Global Data Warehouse
Big Data Analytics
Collection

SYMANTEC THREAT INTELLIGENCE NETWORK

19
Emulation Capabilities
Fast and accurate detection of hidden malware

NO
EMULATION Executable
Malware hides Emulates file execution to cause
behind custom Packed, not recognized
polymorphic Packer threats to reveal themselves
packers

Emulation Environment

Executable
Lightweight solution runs in
EMULATION Packer milliseconds with high efficacy
Unpacking
Emulator ‘unpacks’
the malware in a
virtual environment Emulation Environment

Executable

Payload
Recognized

20
Symantec Complete Endpoint Defense
SEP Provides a Critical Protection Component

Symantec
Cyber Endpoint with Detection
Defense and Response
Manager Prevention + Detection
Single Console + Response
Endpoint Protection Advanced Endpoint Endpoint Detection
Hardening and Response
Symantec
Agent Symantec Endpoint Protection Symantec Endpoint Application Symantec Endpoint Detection Advanced Endpoint
Single Agent Control and Response Defense Suite
Prevent + Harden
Symantec Endpoint Protection Symantec Endpoint Application Symantec Managed Endpoint
Mobile Isolation Detection and Response
Symantec
Global Symantec Endpoint Cloud Symantec Endpoint Threat Defense
Intelligence Connect Defense for Active Directory Complete Endpoint
Network Defense Suite
Prevent + Harden +
Respond

21
Complete Endpoint Defense
Requires New Capabilities
Endpoint Detection and Response

Antimalware

Suspicious Activity
Malware Prevention
Detection

Zero Trust Extensions

Block-list White-list
Same Rights, Same Access, Unrestricted unless stopped
Jails Castles

Threats Potential Threats Unknown Potentially Good Known Good

More Malicious Threat Continuum More Exploitable

Capabilities unique to Symantec that

deliver unmatched gray activity protection

22
Complete Defense Requires Zero Trust

Endpoint Detection and Response

Antimalware

Suspicious Activity
Malware Prevention
Detection

Zero Trust Extensions

Monitor for
Run Block-list suspicious Protect against
White-listexploits,
Restricted behavior; Disallow Allow Domain Access
Jails Domain Access Castles

Threats Potential Threats Unknown Potentially Good Known Good

More Malicious Threat Continuum More Exploitable

Capabilities unique to Symantec that

deliver unmatched gray activity protection

23
Multilayer Defense Against Attacks
Single Agent Integrated Single Agent

Anti-Malware Emerging Threat Protection Mal. Analysis EDR

Prevent Advanced Malware Protection and Hardening Automatic

Sandbox Incident
Known Memory Exploit Behavioral Endpoint App Response
Threats Mitigation Analytics Isolation | Control Submission

Millions Thousands Hundreds Tens

Malware blocked File-less Attacks Files Alerts
Blocked Convicted needing response

24
 CHALLENGERS LEADERS

Trend Micro
Sophos

Kaspersky Lab
Intel Security Symantec
Microsoft

Cylance
ESET
SentinelOne
360 Enterprise Security Group McAfee
Carbon Black Symantec
F-Secure CrowdStrike Complete
Panda Security
Invincea
Endpoint
Webroot
AhnLab Malwarebytes Palo Alto
Endgame Protection
Networks
Bitdefender
Comodo Cisco
FireEye

2018
2017
G Data Software Fortinet

NICHE PLAYERS VISIONARIES Internal Use 25

Only
Customer Choice Recipient – Gartner Peer Insights
Endpoint Protection Platform
Symantec 2018 Gartner Peer Insights
Customers’ Choice for Endpoint
Protection Platforms
“Symantec Endpoint Protection
is Best in Breed in my opinion”
“SEP provides us with the total endpoint
security by its endpoint product only”
“Symantec’s vision providing a corporate
security perspective is successful”
“SEP helps us prevent any attack, that is
why we don’t have critical incidents”
“No security incidents on this product,
and low resource utilization”
26
Customer Choice Recipient – Gartner Peer Insight
Endpoint Detection and Response
2019
Symantec 2019 Gartner Peer Insights
Customers’ Choice for Endpoint
Protection Platforms
“Implementation really was
quick and painless”
“Far exceeds expectations”
“Simplicity in management, high in results”
“Easy implementation, best protection, and
fast remediation – It’s Symantec Again.”
“Great detection and response if you already
have SEP”
27
Most Awarded Endpoint Security on the Planet

Radicati Endpoint Security

Leader Forrester Wave Endpoint 2018 Endpoint Security Vendor
Market Quadrant Top Player
Security Suites 2018 of the Year
2018

SEP 14

Recommend
ed Product

SEP Mobile leader in IDC

AV-Test Best Protection Winner SC Magazine Recommended
MarketScape: WW Mobile Threat Only vendor with AAA rating for 22
four times in a row, also received
Management Security Software straight quarters “We love this product.”
Best Performance for 2018
2018 Vendor Assessment

28
Customer Validation
Royal Bank of Canada
“SEP Mobile keeps our devices, our
employees, our customers, and our data
safe from mobile threats without changing
the quality of anyone’s mobile
experience.”
David Fairman
CISO of Royal Bank of Canada
Williams Martini Racing
”Symantec Endpoint
Protection is brilliant for us.”
Graeme Hackland
Chief Information Officer
Williams Martini Racing

The Economist State of Oklahoma

“After implementing “Consolidating the State of
Symantec™ Endpoint Oklahoma’s spending on IT
Protection 14, we achieved security solutions and
some stunning results. We have standardizing on Symantec
seen a 60 percent drop in Endpoint Protection will save
malware events.” taxpayers a projected US$2.3
Vicki Gavin million over five years.”
Compliance Director Mark Gower
The Economist Chief Security Officer
State of Oklahoma
29 29
Delivering Critical Customer Advantages

Interlocking
Reduced Realize Integrated Advanced
Multi-Layered
Complexity Cyber Defense Machine Learning
Defense

• Integrated endpoint • Protect endpoints • An endpoint • Advanced Machine

defense for from all attack defense that Learning that is
traditional and vectors and threats integrates backed by the
modern endpoint with industry leading seamlessly with largest civilian
using a single agent efficacy Symantec and 3rd global intelligence
and console Party solutions network
30
Symantec Endpoint Protection
(SEP) and Fortinet FortiGate
Two Leading Endpoint and Network Solutions
Vision: Building an integrated Endpoint and Network Security Solution

COORDINATED POLICY ENFORCEMENT

Coordinated security policies with dynamic enforcement
to build the most effective endpoint | network defense
against all threats and vectors.

EXTENSIVE THREAT INSIGHTS

Unmatched sharing of rich, contextual, and actionable
threat intelligence between endpoint and network to
inform better security decisions for a more robust
security posture

FASTER DETECTION AND PREVENTION

SEP
Tightly integrated network and endpoint defense
with automated controls and remediation to quickly stop
advanced threats
FortiGate
Enhanced visibility, rich context, and automated control for a more robust
security posture from the Endpoint to the Edge
32
 GA DATE:
Use Case 1: Coordinated Policy Enforcement Q3 CY 2019

• Integration: Fabric Connector via API in both SEP Manager (SEPM) and FortiGate
• SEPM groups function as containers for the endpoints that run the client software.
• The clients that have similar security needs are organized into groups to make it easier to manage
network security.
• Fabric Connector can:
• Retrieve group names and use in NGFW policies
• Dynamically update ip/user mapping to group membership
• Enforce NGFW security policies that reflect SEPM group membership

33
Use Case 2: Extensive Threat Insights GA DATE:
To Be Announced

• Bi-Directional security intelligence sharing with automatic action and policy

• Integration:
• Fortinet Security Fabric to share security alerts with SEPM
• Security Rating Score, AV alerts, NGFW Firewall alerts, NGFW IPS alerts
• Fortinet Security Fabric (SF) Security Rating -> Action in SEP
• Fortinet SF AV alert -> Blacklist file in SEP
• Fortinet SF Firewall alert -> Block host/IP/URL in SEP FW
• Fortinet SF IPS alert -> Add IPS signature to SEP IPS
• SEPM to share security alerts with Fortinet Security Fabric
• SEP Security Rating -> Network quarantine in Fortinet SF and NGFW, etc.
• SEP AV alert -> Blacklist file in Fortinet SF and NGFW, etc.
• SEP Firewall alert -> Block host/ip/URL in Fortinet SF and NGFW, etc.
• SEP IPS alert -> Add IPS signature to Fortinet SF and NGFW, etc.

34
Use Case 3: Faster Detection and Response
Automated Controls
And Remediation
• Endpoint Visibility when
security incident is detected /
prevented at the network level
• Trigger automatic action on
SEPM which subsequently
enforces automatic
remediation at the endpoint
• Leverage Fabric API
FortiSandbox
Integration
• SEPM will submit suspicious
file detections to FortiSandbox
for inspection / analysis
• FortiSandbox Analysis results
will be relayed to SEPM for file
conviction or exoneration
• If convicted, active
remediation will take place
GA DATE:
To Be Announced
Endpoint Discovery
And Agent Compliance
• SEPM will query Fortinet in real-
time using Fabric APIs to obtain
a list of endpoints connected to
network
• SEPM will use this information to
identify devices that do not have
a SEP agent installed and
automatically trigger policy
enforcement by FortiGate
35
 Strengthening Defense Through Integration
Control FortiGuard Symantec Global
Points Advanced Intelligence Network SOC
Threat research
Threat Integration
Protection

Email
Security Ticketing
EDR

Cloud Network Orchestration &

Security SYMANTEC ENDPOINT PROTECTION Automation

Content
Analysis

Cloud App
Security ITMS Data Loss
Encryption SIEM
Prevention
(i.e FortiSIEM)
Firewall Sandbox
36
Introduction to Symantec Web
Security Services (WSS)
Need for Direct-To-Net Advanced Security
Traditional Backhaul Model Becoming Costly and Slow

Cloud App Growth

& Mobile / Remote
Workforce

Traffic Must Be Secured;

Increasingly Complex

But Backhauling Is
Web Security Service Expensive and Slow

Users Want Direct-

To-Net Access

Secure, Direct Access

to Web & Cloud
38
 Network Security for the Cloud Generation
Network Security Challenges

How do I protect our organization from SWG Proxy At Core

advanced
Webthreats hidden
Security in encrypted traffic or
Service
from malware targeting users’ web browsers?
Web Isolation Threat Prevention and
Information Security
How can I ensure compliance & security
Malware of sensitive
Analysis
NETWORK
data in O365, Dropbox, SFDC, and other cloud apps?
& Sandbox SECURITY
OPERATIONS SWG Proxy
Firewall Cloud Controls (CASB)
IPSec Terminate ♦ Decrypt DLP Inspection
VPN ♦ Inspect Before Delivery & Enforcement
♦ Orchestrate
How can I simplify the deployment and ongoing Flexible On-ramps;
operation of our increasingly complicated
SDN CASB Cloud With SEP, SD-Connector
Connect network security stack?
Controls
High-performance
How can I enable high-Accelerated Is there a way to use a mix of cloudGlobal
and Backbone
Cloud Backbone
performance, secure, direct on-prem security, but eliminate the
Telco POP Automate Policy & Elastic Cloud Content Peering & 3rd Party
Backbone Content Acceleration
access for my users, wherever SVC Structure Connection Scaling Monitoring
complexity involved in running a hybrid
they are located? environment? QoS and Performance
39
Optimization
 80M
Web Proxy Users
15,000
WWW Largest
175M Global Enterprises 163M
Protected Endpoints 6 Billion Protected Email Users
4.5 Billion daily Web Intelligence 2 Billion
new queries requests emails scanned
processed daily per day

Correlated Correlated Correlated

Data Data Data
9 global threat CORRELATION ACROSS VECTORS 3,800 researchers
response centers & engineers
Trillions of
lines of telemetry

430 million 40B Web 100M 23,000+

new unique malware attacks blocked social engineering cloud apps cataloged
files discovered scams blocked & profiled

40
Network Security for the Cloud Generation
Advanced Network Security Stack in the Cloud

SWG Proxy At Core

Web Security Service

Web Isolation Threat Prevention and

Information Security
Malware Analysis
& Sandbox
SWG Proxy Cloud Controls (CASB)
IPSec Terminate DLP Inspection
VPN Decrypt & Enforcement
Inspect before Delivery Flexible On-ramps;
Orchestrate
SDN CASB Cloud SEP(M), SD-Connector
Connect
Controls
High-performance
Accelerated
Cloud Backbone
Global Backbone
Telco POP Automate Policy & Elastic Cloud Content Peering & 3rd Party
Backbone Content Acceleration SVC Structure Connection Scaling Monitoring

Performance
41
Optimization for O365
Web Security Service Benefits

Reduce Complexity & Cost

• Direct to Net – eliminate costly backhauling
• One service - complete set of capabilities
• Integration with SEP and SEP Mobile
• SD-Cloud Connector – simplified branch on-
ramp

Improved Security
• Leading access control, threat prevention,
Web Security Service information security features

Improved Performance
• Optimized secure traffic flow to the internet
• Performance accelerating technologies
42
Network Security for the Cloud Generation
Advanced Network Security Stack in the Cloud

SWG Proxy At Core

Web Security Service Web Isolation

Malware Analysis Threat Prevention and

& Sandbox Information Security
DLP Inspection
SWG Proxy & Enforcement Cloud Controls (CASB)
IPSec Terminate
VPN Decrypt CASB Cloud
Inspect before Delivery Controls Flexible On-ramps;
Orchestrate
SDN SEP(M), SD-Connector
Connect Cloud Firewall
Service
High-performance
Accelerated
Cloud Backbone
Global Backbone
Telco POP Automate Policy & Elastic Cloud Content Peering & 3rd Party
Backbone Content Acceleration SVC Structure Connection Scaling Monitoring

Performance
43
Optimization for O365
 Web Security Service (WSS)
Cloud Firewall Service
Secure all internet traffic for
internet breakouts in customer
locations
HQ Location
• Customer-specific firewall policies
Web Traffic Cloud Firewall Proxy o Central management via WSS Portal
Branch-Office
o Full NGFW capabilities
Non-Web Traffic NGFW
o Supports fixed locations and roaming
users
Branch-Office Symantec Web Security Service • Centralized reporting
• Global footprint

Expected availability – SUMMER 2019

44
 Symantec WSS Cloud Footprint

ISO 27001 SSAE16

Symantec WSS Global Cloud Infrastructure

• Any customer / any data center
• Standard 99.999% availability SLA
• Automatic closest data center selection
• >50% capacity utilization expansion trigger
• Hosted at top tier infrastructure providers
• Redundant within and between locations
45 45
• >55 service points https://www.symantec.com/products/web-and-cloud-security/cloud-delivered-web-security-services/resources
Network Security Challenges
REQUIREMENTS WSS SOLUTION

How do I protect our organization from • Secure Encrypted Traffic Inspection

advanced threats hidden in encrypted traffic or • Isolation for threats targeting web browsers
from malware targeting user’s web browsers? • Malware Analysis & sandboxing for downloads

How can I ensure compliance & security of • DLP (cloud delivered or link to on-premises)
sensitive data in O365, Dropbox, SFDC, and other • CASB Audit + Proxy to identify & control app use
cloud apps? • Performance & Security for O365

How can I simplify the deployment and ongoing • Cloud delivered service scales as you require
operation of our increasingly complicated • Full stack of integrated advanced capabilities
network security stack? • Simplified on-ramps (SEP & SD-Cloud Connector)

• Globally available, low latency service

How can I enable high-performance, secure,
• Eliminate web traffic backhauls (direct-to-net)
direct access for my users, wherever they are?
• Simple authentication and policy enforcement

46
Summary

Joining Forces to Help Organizations

Move their Security to the Cloud

47
Q&A

48