SlideShare a Scribd company logo

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

Symantec
Symantec

What is machine learning and how can it be used to detect unknown threats? What makes Symantec’s approach to machine learning different? Defense in depth: Symantec Endpoint Protection 14

Technology
1 of 11
Download to read offline
Part 1: Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning Chris Diya Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?
5-Part Webinar Series: Endpoint Protection…what really matters? Title: Date: Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning (Register) January 26, 2017 Part 2 of 5 Block The Risk Of Ransomware (Register) February 23, 2017 Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It (Register) March 23, 2017 Part 4 of 5 Easy Ways To Improve Your Security Posture (Register) April 20, 2017 Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response (Register) May 18, 2017 https://www.symantec.com/about/webcasts
Agenda Copyright © 2016 Symantec Corporation What is machine learning and how can it be used to detect unknown threats? What makes Symantec’s approach to machine learning different? Defense in depth: Symantec Endpoint Protection 14
What is Machine Learning? • Training a machine to think like a human analyst! • Classification of attributes.
One of the largest civilian cyber intelligence networks 3.7 Trillion rows of security-relevant data The Largest Civilian Global Threat Intelligence Network in the World Diverse data, advanced algorithms, highly-skilled threat experts 5 175M Consumer and Enterprise endpoints protected 57M attack sensor in 157countries 182M web attacks blocked last year Discovered 430 million new unique pieces of malware last year 9 threat response centers Billions of email traffic scanned/day 1 Billion web requests scanned daily 12,000 Cloud applications protected Symantec Endpoint Protection 14
Advanced Machine Learning Copyright © 2016 Symantec Corporation 6 Collect Training sets in Real-Time Training Algorithm Trained Machine New & Retrained Adv. ML Classifiers Detect variant on client with Advance ML classifiers The Advanced Machine Learning Engine helps detect more bad files. – Machine Learning builds a classifier • Input: Pre-labeled samples • Output: Classifier that can take unknown samples and produce a percentage guess of the correct label – Symantec’s dedicated team of ML scientists and ML experts – Leverages Symantec’s massive in field presence to gather the best training data – Leverages Symantec’s telemetry submissions to verify lab results Customer Benefit:  0-day Protection against unknown malware  Infrequent updates – The Advanced ML Engine is designed to be incrementally updated which are small and infrequent.  High effectiveness. – Internal tests show very high detection efficacy.
Multi- dimensional Relationships cannot be ‘gamed’ Continual learning Different user types (power users/novices, consumer/enterprise) have objects with differing levels of risk associated with them. Intelligence from this continues to work very well even when attackers change tactics Without any manual retraining, tomorrow’s protection algorithm evolves to be better than today’s Use of deep learning and neural networks to continually update algorithms Best-in-class characteristics used in our ML .. .. rendering rapidly changing attacks ineffective Intelligence derived from relationships Each technique by itself has industry-leading efficacy. Combined, they are unmatched in efficacy/false positive results Relationship- based ML Attribute-based ML Behavior-based ML What Makes Symantec’s Machine Learning Approach Different? 7 Copyright © 2016 Symantec Corporation
Copyright © 2016 Symantec Corporation Superior Protection and Response Across the Attack Chain Stop Targeted Attacks and Zero-Day Threats with layered protection INCURSION INFESTATION and EXFILTRATIONINFECTION ANTIVIRUS NETWORK FIREWALL & INTRUSION PREVENTION APPLICATION AND DEVICE CONTROL BEHAVIOR MONITORING MEMORY EXPLOIT MITIGATION REPUTATION ANALYSIS ADVANCED MACHINE LEARNING EMULATOR Patented real-time cloud lookup for scanning of suspicious files NETWORK FIREWALL & INTRUSION PREVENTION INNOCULATION POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN SECURE WEB GATEWAY INTEGRATION EDR CONSOLE (ATP:ENDPOINT)
Superior Protection and Response Across the Attack Chain 9 Inbound Communication Payload execution Outbound Communication Payload delivery Next gen IPS Tamper Protection and Lockdown Reputation ML Behavioral ML Advanced ML * Anti Virus signatures Stateful Firewall Browser protection Real-time response to rapidly changing threat landscape Threat vector learning at scale Next-gen IPS Application control Clustering Emulation* Signature based Non signature based Machine learning and deep learning Machine Learning Network Big Data Hardening AV Exploit Protection* Copyright © 2016 Symantec Corporation NEW
Summary • SEP14’s Advanced Machine Learning – An attribute-based detection engine useful for new and evolving threat families. – More accurate due to the huge sample set obtained from Symantec’s Global Intelligence Network. • Why Symantec? – Elite group of machine learning experts – Lower false positives = more time spent on other things • Next-gen Defense-in-Depth Endpoint Security – Machine learning, Memory Exploit Mitigation, Cloud Intelligence • We’ll be at RSA 2017! – https://www.symantec.com/about/events/rsa-2017 Copyright © 2016 Symantec Corporation 10
Q&A Copyright © 2016 Symantec Corporation 11

Recommended

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Sree Harsha Boyapati
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
MindRiver Group
 
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
Symantec
 
Ambesh
AmbeshAmbesh
Ambesh
Ambesh Sharma
 
Introduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptxIntroduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptx
Arrow ECS UK
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14
Aventis Systems, Inc.
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionSYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration Introduction
Dsunte Wilson
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
Symantec
 

Recommended

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Sree Harsha Boyapati
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
MindRiver Group
 
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
Symantec
 
Ambesh
AmbeshAmbesh
Ambesh
Ambesh Sharma
 
Introduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptxIntroduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptx
Arrow ECS UK
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14
Aventis Systems, Inc.
 
SYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration IntroductionSYMANTEC ENDPOINT PROTECTION Administration Introduction
SYMANTEC ENDPOINT PROTECTION Administration Introduction
Dsunte Wilson
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
Symantec
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device Control
Symantec
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
Iftikhar Ali Iqbal
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
Can Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successCan Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster success
Symantec
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
Symantec
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
SOCIALware Benelux
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
Jimmy Saigon
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
Invincea, Inc.
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
Panda Security
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp
Jessica Hirst
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
Symantec investor presentation february 2017
Symantec investor presentation february 2017Symantec investor presentation february 2017
Symantec investor presentation february 2017
InvestorSymantec
 
Design in Tech Report 2017
Design in Tech Report 2017Design in Tech Report 2017
Design in Tech Report 2017
John Maeda
 

More Related Content

What's hot

Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
Symantec
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
Jimmy Saigon
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp
Jessica Hirst
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 

What's hot (20)

Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device Control
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 
Can Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster successCan Symantec reboot its own blockbuster success
Can Symantec reboot its own blockbuster success
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Panda Security - Endpoint Protection
Panda Security - Endpoint ProtectionPanda Security - Endpoint Protection
Panda Security - Endpoint Protection
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 

Viewers also liked

Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)
Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)
Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)
Amazon Web Services Korea
 
A project report on awareness of mutual funds 1
A project report on awareness of mutual funds 1A project report on awareness of mutual funds 1
A project report on awareness of mutual funds 1
Nirali Nayi
 

Viewers also liked (19)

Symantec investor presentation february 2017
Symantec investor presentation february 2017Symantec investor presentation february 2017
Symantec investor presentation february 2017
 
Design in Tech Report 2017
Design in Tech Report 2017Design in Tech Report 2017
Design in Tech Report 2017
 
What is A Cloud Stack in 2017
What is A Cloud Stack in 2017What is A Cloud Stack in 2017
What is A Cloud Stack in 2017
 
AgensGraph: a Multi-model Graph Database based on PostgreSql
AgensGraph: a Multi-model Graph Database based on PostgreSqlAgensGraph: a Multi-model Graph Database based on PostgreSql
AgensGraph: a Multi-model Graph Database based on PostgreSql
 
Comparing 30 MongoDB operations with Oracle SQL statements
Comparing 30 MongoDB operations with Oracle SQL statementsComparing 30 MongoDB operations with Oracle SQL statements
Comparing 30 MongoDB operations with Oracle SQL statements
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365
 
Protecting Against Ransomware
Protecting Against RansomwareProtecting Against Ransomware
Protecting Against Ransomware
 
Getting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 minsGetting started with microsoft azure in 30 mins
Getting started with microsoft azure in 30 mins
 
Startup Sales Stack Report 2017
Startup Sales Stack Report 2017Startup Sales Stack Report 2017
Startup Sales Stack Report 2017
 
Symantec Appliances Strategy Launch
Symantec Appliances Strategy LaunchSymantec Appliances Strategy Launch
Symantec Appliances Strategy Launch
 
Symantec - State of European Data Privacy
Symantec - State of European Data PrivacySymantec - State of European Data Privacy
Symantec - State of European Data Privacy
 
Europe ai scaleups report 2016
Europe ai scaleups report 2016Europe ai scaleups report 2016
Europe ai scaleups report 2016
 
Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)
Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)
Cross-regional Application Deplolyment on AWS - Channy Yun (JAWS Days 2017)
 
Keynote & Introduction
Keynote & IntroductionKeynote & Introduction
Keynote & Introduction
 
A project report on awareness of mutual funds 1
A project report on awareness of mutual funds 1A project report on awareness of mutual funds 1
A project report on awareness of mutual funds 1
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
The Benefits of Cloud Computing
The Benefits of Cloud ComputingThe Benefits of Cloud Computing
The Benefits of Cloud Computing
 
Symantec Advanced Threat Protection
Symantec Advanced Threat ProtectionSymantec Advanced Threat Protection
Symantec Advanced Threat Protection
 
Healthcare IT Security And Risk Management Study
Healthcare IT Security And Risk Management StudyHealthcare IT Security And Risk Management Study
Healthcare IT Security And Risk Management Study
 

Similar to Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
IBM Security
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
webhostingguy
 
How to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetHow to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budget
Lumension
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
Symantec
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...
IJECEIAES
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
Bryan Fendley
 

Similar to Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning (20)

4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
Harnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdfHarnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Cybersecurity - Needs and Barriers of SMEs
Cybersecurity - Needs and Barriers of SMEsCybersecurity - Needs and Barriers of SMEs
Cybersecurity - Needs and Barriers of SMEs
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
 
How to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetHow to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budget
 
10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 

More from Symantec

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning

  • 1. Part 1: Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning Chris Diya Systems Engineer Symantec 5-Part Webinar Series: Endpoint Protection…what really matters?
  • 2. 5-Part Webinar Series: Endpoint Protection…what really matters? Title: Date: Part 1 of 5 Tackling Unknown Threats with Symantec Endpoint Protection 14 Machine Learning (Register) January 26, 2017 Part 2 of 5 Block The Risk Of Ransomware (Register) February 23, 2017 Part 3 of 5 Achieving Zero-Day Attacks and What To Do About It (Register) March 23, 2017 Part 4 of 5 Easy Ways To Improve Your Security Posture (Register) April 20, 2017 Part 5 of 5 A Step-By-Step Approach for Endpoint Detection & Response (Register) May 18, 2017 https://www.symantec.com/about/webcasts
  • 3. Agenda Copyright © 2016 Symantec Corporation What is machine learning and how can it be used to detect unknown threats? What makes Symantec’s approach to machine learning different? Defense in depth: Symantec Endpoint Protection 14
  • 4. What is Machine Learning? • Training a machine to think like a human analyst! • Classification of attributes.
  • 5. One of the largest civilian cyber intelligence networks 3.7 Trillion rows of security-relevant data The Largest Civilian Global Threat Intelligence Network in the World Diverse data, advanced algorithms, highly-skilled threat experts 5 175M Consumer and Enterprise endpoints protected 57M attack sensor in 157countries 182M web attacks blocked last year Discovered 430 million new unique pieces of malware last year 9 threat response centers Billions of email traffic scanned/day 1 Billion web requests scanned daily 12,000 Cloud applications protected Symantec Endpoint Protection 14
  • 6. Advanced Machine Learning Copyright © 2016 Symantec Corporation 6 Collect Training sets in Real-Time Training Algorithm Trained Machine New & Retrained Adv. ML Classifiers Detect variant on client with Advance ML classifiers The Advanced Machine Learning Engine helps detect more bad files. – Machine Learning builds a classifier • Input: Pre-labeled samples • Output: Classifier that can take unknown samples and produce a percentage guess of the correct label – Symantec’s dedicated team of ML scientists and ML experts – Leverages Symantec’s massive in field presence to gather the best training data – Leverages Symantec’s telemetry submissions to verify lab results Customer Benefit:  0-day Protection against unknown malware  Infrequent updates – The Advanced ML Engine is designed to be incrementally updated which are small and infrequent.  High effectiveness. – Internal tests show very high detection efficacy.
  • 7. Multi- dimensional Relationships cannot be ‘gamed’ Continual learning Different user types (power users/novices, consumer/enterprise) have objects with differing levels of risk associated with them. Intelligence from this continues to work very well even when attackers change tactics Without any manual retraining, tomorrow’s protection algorithm evolves to be better than today’s Use of deep learning and neural networks to continually update algorithms Best-in-class characteristics used in our ML .. .. rendering rapidly changing attacks ineffective Intelligence derived from relationships Each technique by itself has industry-leading efficacy. Combined, they are unmatched in efficacy/false positive results Relationship- based ML Attribute-based ML Behavior-based ML What Makes Symantec’s Machine Learning Approach Different? 7 Copyright © 2016 Symantec Corporation
  • 8. Copyright © 2016 Symantec Corporation Superior Protection and Response Across the Attack Chain Stop Targeted Attacks and Zero-Day Threats with layered protection INCURSION INFESTATION and EXFILTRATIONINFECTION ANTIVIRUS NETWORK FIREWALL & INTRUSION PREVENTION APPLICATION AND DEVICE CONTROL BEHAVIOR MONITORING MEMORY EXPLOIT MITIGATION REPUTATION ANALYSIS ADVANCED MACHINE LEARNING EMULATOR Patented real-time cloud lookup for scanning of suspicious files NETWORK FIREWALL & INTRUSION PREVENTION INNOCULATION POWER ERASER HOST INTEGRITY SYSTEM LOCKDOWN SECURE WEB GATEWAY INTEGRATION EDR CONSOLE (ATP:ENDPOINT)
  • 9. Superior Protection and Response Across the Attack Chain 9 Inbound Communication Payload execution Outbound Communication Payload delivery Next gen IPS Tamper Protection and Lockdown Reputation ML Behavioral ML Advanced ML * Anti Virus signatures Stateful Firewall Browser protection Real-time response to rapidly changing threat landscape Threat vector learning at scale Next-gen IPS Application control Clustering Emulation* Signature based Non signature based Machine learning and deep learning Machine Learning Network Big Data Hardening AV Exploit Protection* Copyright © 2016 Symantec Corporation NEW
  • 10. Summary • SEP14’s Advanced Machine Learning – An attribute-based detection engine useful for new and evolving threat families. – More accurate due to the huge sample set obtained from Symantec’s Global Intelligence Network. • Why Symantec? – Elite group of machine learning experts – Lower false positives = more time spent on other things • Next-gen Defense-in-Depth Endpoint Security – Machine learning, Memory Exploit Mitigation, Cloud Intelligence • We’ll be at RSA 2017! – https://www.symantec.com/about/events/rsa-2017 Copyright © 2016 Symantec Corporation 10
  • 11. Q&A Copyright © 2016 Symantec Corporation 11