Solution Brief: Web Security Service
Bringing control to the chaos of the cloud
Today’s enterprise-security reality: Devices, data, and applications are outside of your physical control—and all of it must be managed and secured:
- Cloud apps
- Mobile devices
- Remote users
- Internet of Things (IoT)
Symantec’s Global Intelligence Network – the world’s largest civilian threat-intelligence system:
- 80 Million web proxy users
- 180 Million endpoints
- 165 Million email users
(click + to expand the contents below)
With employees accessing apps and data directly from the Internet, legacy security solutions—which require traffic to be routed back through the enterprise datacenter—are no longer effective.
Today, IT and security teams need answers to these questions:
- How do we protect users from new/evolving threats from the web and the cloud?
- How do we secure data and maintain compliance with increasingly strict regulations?
- How do we effectively manage remote access, mobile users, and unsanctioned devices?
The new reality of enterprise security calls for a comprehensive cloud-based enterprise security solution that protects your employees (in the office and on the go) and your data (wherever it resides).
SWGs, a proxy-led solution can deliver data-loss prevention (DLP) scanning, advanced threat and malware protection, and powerful application controls for cloud apps.
When selecting a cloud-based SWG solution to address security and compliance challenges, it’s essential to find an advanced solution that provides the flexibility to address a range of critical security and compliance challenges.
Look for a secure web gateway that not only can effectively categorize/filter your web traffic and enforce your acceptable use police, but can also:
- Detect and prevent advanced threats while keeping false positives to a minimum
- Orchestrate encrypted traffic to DLP solutions, either on-premises or in the cloud
- Provide cloud app-security, known as CASB controls, that offers the ability to identify and manage the use of unsanctioned SaaS applications, known as shadow IT
- Block cloud email-based threats and eliminate leakage of sensitive data
- Enforce consistent security policies across on-premises and cloud-enabled gateways
Symantec Web Security Service is a cloud-based secure web gateway that controls web and cloud access, protects users from advanced threats, and secures sensitive and regulated data. Simply put, Symantec Web Security Service ensures that your entire enterprise stays efficient, secure, and compliant. Now you can support remote and roaming users with the same robust, responsive security and compliance policies that protect internal office traffic.
All the performance of on-premises security systems, delivered with the flexibility and speed of the cloud
Symantec Web Security Service core capabilities
- URL filtering and categorization
- Threat/malware protection
- SSL Inspection
- Universal connectivity
- Unified cloud and on-premises management
URL filtering and categorization
- Accurately filters traffic into nine content-type categories to reduce risk without over-blocking
- Sets policies in more than 70 categories covering 50+ languages
- Provides dynamic, real-time ratings for the latest activity
It’s more important than ever to protect your users from the threats and impact of malware. Symantec combines real-time global web ecosystem analysis with inline malware detection to block malicious sites, malware-prone file types, and “phone- home” or botnet traffic. To prevent malware, the service uses multi-layered dual anti-virus and heuristic analysis, customized whitelist/blacklist capabilities, and file-reputation analysis. It also lets you scale up or down as your needs dictate to deliver real-time malware protection in the cloud.
Global Intelligence Network
Symantec’s Global Intelligence Network—the world’s largest civilian threat-intelligence system—is a powerful ally in your battle against malware and other cyber threats. Fed by threat data from 80 million web proxy users, 180 million endpoints, and 165 million end users, the network categorizes and analyzes threats posed by more than 1 billion previously unseen and uncategorized websites each day and more than 2 billion daily emails sent and received by our customers.
SSL inspection has become an imperative for many enterprises. With nearly 75% of Internet traffic estimated to be encrypted, it’s critical to decrypt and orchestrate traffic to security inspection engines such as DLP (which prevents data exfiltration and compliance violations) or content and malware analysis (which prevents attacks and blocks advanced threats).
The Symantec Web Security Service can be configured to intercept, decrypt, and hand off web and cloud traffic to DLP or Advanced Threat Prevention services for identification of policy violations and blocking of cyber threats. The service offers:
- Support for 39 cipher suites, allowing for broad website coverage to decrypt, inspect, and strongly re-encrypt SSL traffic after Symantec recently received an “A” rating in a third-party study that looked specifically at these capabilities.1
- The ability to set privacy rules to leave certain categories of traffic encrypted (e.g. you may choose to leave HR-related traffic encrypted).
With a vast network of distributed global data centers providing cloud access, you’ll have the freedom to connect laptops, mobile devices, firewalls, proxies, and more to your local points of presence. Getting started is as easy as making a configuration change on your firewall or proxy, or a lightweight adjustment on your end-users’ devices. Regardless of the method, all user access to the Web Security Service is encrypted. Symantec Universal Connectivity delivers:
- The ability to connect your branch offices to the cloud by simply forwarding traffic through IPSec tunnels
- Proxy chaining or proxy forwarding to send traffic from existing proxies
- The ability to connect your devices using Symantec Endpoint Protection through a lightweight agent, or by using a proxy auto-config (PAC) file
- Mobile-device configuring through profiles pushed with connections of a secure virtual private network (VPN) tunnel to the cloud service
- The ability to connect using the Symantec SD-Cloud- Connector appliance or other certified third-party SD-WAN solutions
Unified policy management: cloud and on-premises
A move to cloud-based security can become operationally complex. For example, cloud platforms might have different defensive capabilities than those designed for on-premises security, so policy rules may need to change. Additionally, if you are planning on using some cloud protection and some on-premises security, you may need to maintain and managetwo discrete systems—creating unexpected headaches as you move to the cloud.
Symantec is uniquely positioned to help organizations move to the cloud. It offers the industry’s broadest portfolio of secure web gateways, with options designed to meet any requirement—from private to public, physical, virtual, or cloud. Best of all, Symantec’s Universal Policy Enforcement allows you to take existing on-premises policies and designate them to move to Symantec’s cloud-delivered Web Security Service. If you need to create new policies, you can write them once and push them to all of your Symantec gateways for consistent enforcement, whether they are in the cloud or on-premises.
Our cloud and on-premises policy management solution enables you to:
- Simplify your organization’s transition to cloud-based security
- Create and manage consistent policies across all your Symantec systems
- Support your existing investment in policy creation
- Avoid the complexity of creating and managing policies in a mixed-vendor stack
Enterprises can also take advantage of additional components that Symantec has integrated with the Web Security Service:
- Malware scanning and analysis
- Cloud access security broker (CASB)
- Information protection (DLP)
- Web isolation
- Cloud email security
- Bandwidth control
Symantec’s solution supports a wide range of file types and, because the service scans upstream to your devices, it prevents malware and threats from reaching your network. The service detonates suspicious files, performs behavioral analysis to stop advanced threats, and provides:
- Powerful inspection capabilities that filter up to 99% of potential malware before delivery—all while minimizing false positives
- Visibility into (and blocking of) unknown and zero-day threats
- Dual detonation (virtual and/or emulation) with the ability to interact with malware
- Broad file-type support
- Behavioral and static (YARA) analysis and custom risk-scoring
Shadow IT adds to your security and compliance risks. Symantec’s CASB Audit module includes discrete attribute data from more than 21,000 apps. Seamless integration between the Web Security Service and CASB Audit automates the process of analyzing your proxy logs to reveal risks of shadow IT, helping you to:
- Identify the clouds your users are accessing
- Evaluate the risks of these clouds by examining more than 90 attributes on each
- Set access and control policies based on cloud attribute data
Symantec’s CASB solution, known as CloudSOC, has a rich set of capabilities beyond shadow IT control. It offers an additional set of access control and DLP capabilities that are integral to maintaining control and compliance in SaaS cloud apps.
Additionally, CloudSOC’s specialized threat-prevention utilizes user-behavior analytics to identify risks of compromised cloud credentials such as IDs and passwords.
The solution also allows for offline scanning of accounts in applications such as Box and Dropbox in order to catch anything your employees may have put into corporate accounts (intentionally or inadvertently).
Want to use your existing DLP? With Symantec, you can. Leverage your investment —including all the time you have spent fine-tuning your policy rules—and extend its reach to the web, cloud, and mobile traffic. We’ve made it easy to configure Symantec Web Security Service to route specific types of traffic to your existing on-premises DLP for scanning.
The integrated service supports regulatory compliance and data protection by:
- Applying your privacy and data-protection policies to all your web traffic, including traffic for mobile and remote users
- Ensuring SSL encrypted traffic that needs to be inspected can be accurately analyzed
- Continuously monitoring and auditing uploaded files
- Automatically enforcing policy controls to sensitive data
- Alerting admin and data owners when information is put at risk
Web isolation solves the challenge of providing secured access to the uncategorized and potentially risky web. By creating a secure execution environment between users and the web— and sending only a safe visual stream to users’ browsers—web isolation helps eliminate web-borne threats from ever reaching their machines.
Symantec’s threat isolation solution:
- Allows protected access to potentially risky websites
- Increases business productivity by giving employees access to a broader set of websites
- Provides secure web browsing for executives and privileged users whose access to sensitive documents and systems makes them highly prized targets for cybercriminals
- Prevents users from disclosing corporate credentials to malicious websites
Symantec Email Security.cloud:
- Stops new and sophisticated email threats such as business email compromise and ransomware with multi-layered detection technologies including advanced heuristics, deep link evaluation, and cloud-based sandboxing
- Offers strong protection against spear phishing by using deep-link evaluation to stop malicious links before an email is delivered and when they are clicked on by users (to protect against email weaponized after delivery)
- Protects sensitive data and helps address legal and compliance requirements with granular DLP policies for your cloud-based email
Powered by our Global Intelligence Network, Symantec Bandwidth Control accurately identifies cloud, business and mobile applications flows and allows you to prioritize business- relevant applications over recreational content.
- >55 global service points, with automatic closest data center selection
- Any customer can have access to any data center
- Network peering connections established with Microsoft, Amazon, Google, and more
- Standard 999% availability SLA
- Optimized TCP Window Scaling to boost performance
- Automatic IP-Address Alignment to facilitate security policy enforcement with Office 365
- Hosted at top tier infrastructure providers
- Redundant within and between locations
- World-class monitoring and reporting
When a file is scanned by Symantec’s Web Security Service,it is analyzed using information in our Global Intelligence Network. As the largest civilian threat network in the world, Symantec’s Global Intelligence Network collects, categorizes, and analyzes more than 1 billion previously unseen and uncategorized websites and 2 billion emails a day from hundreds of millions of Symantec’s users. This information is fed into Symantec Web Security Service to keep our customers one step ahead of today’s growing security threats.
How effective is the Symantec Global Intelligence Network? In 2016, we:
• Exposed 430 million new, unique pieces of malware • Stopped 1 billion malicious emails
• Blocked 100 million social engineering scams
• Denied 182 million web attacks
• Discovered and protected 21,000+ cloud applications
Let’s look at the journey of a data file being downloaded
from a website as it goes through Symantec’s comprehensive security platform. When the file is detected, it faces a gauntlet of security tests before it can be determined safe. Here’s what happens as it enters the proxy capabilities of Symantec Web Security Service:
- If the customer’s existing Web Security Service security policies define a file to be safe, it is allowed in the network (e.g. if the enterprise’s policies identify it as a “known good,” then the file is delivered and the employee requesting the file can continue with their business). If the policies uncover a potential risk, it is blocked.
- Anything not immediately blocked proceeds to the Web Security Service’s content analysis engine for inspection.
- The file’s hash reputation from multiple vendors is analyzed and determined. Custom whitelists and blacklists are used to pass known acceptable files to users.
- If the file fails the hash-reputation stage, it is then analyzed by two antivirus engines, which are updated by the Symantec Global Threat Intelligence Network.
- If the file’s signatures evaluated in Content Analysis are identified as bad, then the file is blocked.
- If the file’s safety remains unknown, a static code analysis is run to determine if anything within the file code is flagged as malicious.
- If the status of the file is still undetermined, further file behavioral analysis can occur via the optional Malware Analysis Scanning service (cloud sandbox).
Symantec Web Security Service Leadership
Symantec Web Security Service is a leading cloud-delivered Secure Web Gateway service. Symantec gateways have been listed as leaders for 10 consecutive years in the annual Gartner Magic Quadrant for Secure Web Gateways, the leader in Forrester’s first Wave report on Cloud Security Gateways, and the leader in Radacati’s Market Quadrant Report for Corporate Web Security. More than 70% of the Fortune Global 500 rely on Symantec SWGs to protect their businesses.2 When you select Symantec, you are in good company.
- Symantec offers cloud-delivered solutions, as well as virtual and true physical appliances for those who need them; all can be centrally managed.
- Symantec Web Security Service outperformed the competitive solution in a third-party threat protection comparative study while producing a 10x improvement in the rate of false positives.4
- Symantec offers Web Isolation services to secure web browsing of potentially risky sites; the closest competitive solution does not offer this critical capability.
- Symantec’s integrated CASB offering is a Leader in the recent Forrester Wave. The closest competitor was not evaluated due to lack of a legitimate CASB offering.
- Symantec’s integrated DLP solution is a perennial leader in Forrester and Gartner reports. The closest competitor was not evaluated due to lack of a robust DLP offering.
Symantec received the only “A” rating in an academic, third-party analysis of solutions for SSL visibility and inspection. All other vendors received a “C” rating or worse because of their inability to securely inspect traffic.1
Symantec’s Global Intelligence Network is the world’s largest civilian threat intelligence network, scanning traffic from hundreds of millions of users and flagging threats to all users of the Web Security Service. The competitor’s solution has threat intelligence from scanning the traffic of only 10 million users.
Every Symantec data center is available to every subscriber, ensuring all can take full advantage of industry-standard global-security coverage wherever they are. Fewer than half of our competitors’ data centers are accessible to all customers.
*Copyright Notice: All content (copy, documents & graphics) contained on this page are Copyright belonging to Symantec Corporation