Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Symantec Endpoint Protection 12.1 Unrivaled Security. Blazing Performance. Built for Virtual Environments. May 2011.

Similar presentations


Presentation on theme: "1 Symantec Endpoint Protection 12.1 Unrivaled Security. Blazing Performance. Built for Virtual Environments. May 2011."— Presentation transcript:

1 1 Symantec Endpoint Protection 12.1 Unrivaled Security. Blazing Performance. Built for Virtual Environments. May 2011

2 2 Disclaimer “This information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.” 2

3 Social Networks and socially engineered attacks Virtualization had become the rule Increased Cost of Incidents Targeted & Rapidly Mutating Attacks Symantec Endpoint Protection Driven by Key IT Security Trends Symantec Endpoint Protection 12.1

4 Jan, ,000 viruses Dec, 2010 – over 288 million 4 Symantec Endpoint Protection 12.1

5 Malware Authors Have Switched Tactics 5 From: A mass distribution – one worm hits millions of PCs  Storm made its way onto millions of machines across the globe To: A micro distribution model.  Hacked web site builds a trojan for each visitor  The average Harakit variant is distributed to 1.6 users! 75% of malware is “rapidly mutating” Symantec Endpoint Protection 12.1

6 Only malware mutates If we track every file on the internet... New or mutated files will stick out How often has this file been downloaded? Where is it from? Have other users reported infections? Is the source associated with infections? How will this file behave if executed? How old is the file? How many people are using it? Is the source associated with SPAM? Is the source associated with many new files? Does the file look similar to malware? Is the file associated with files that are linked to infections? Who created it? Does it have a security rating? Is it signed? What rights are required? Who owns it? Insight spots rapidly changing & mutated files What does it do? How new is this program? How many copies of this file exist? Have other users reported infections? 6 Which lead us to think... Symantec Endpoint Protection 12.1

7 2 Prevalence Age Source Behavior 3 4 Look for associations Check the DB during scans Rate nearly every file on the internet5 Provide actionable data1 Build a collection network Associations Is it new? Bad reputation? 175 million PCs 2.5 billion files How Symantec™ Insight Works Symantec Endpoint Protection 12.1

8 Symantec Endpoint Protection Family Ideal for less than 100 users Maintain your own infrastructure All data stored on premise Small Business Edition Scales from hundreds to thousands of users Powerful central management Ideal for virtual environments Symantec Endpoint Protection Hosted management Monthly subscription No need to manage hardware Endpoint Protection.Cloud 8 Symantec Endpoint Protection 12.1

9 Great Performance Powerful Protection Antivirus Antispyware Firewall Intrusion Prevention Fastest, Most Effective, Simple 9 Symantec Endpoint Protection SBE Symantec Endpoint Protection 12.1

10 Reduced Cost, Complexity & Risk Exposure Increased Protection, Control & Manageability Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Single Agent, Single Console 10 Built for Virtualization Version 12.1 Symantec Endpoint Protection Symantec Network Access Control Symantec Endpoint Protection Symantec Endpoint Protection 12.1

11 Up to 70% reduction in scan overhead Smarter Updates Faster Management What’s New Powered by Insight Real Time Behavior Monitoring with SONAR Tested and optimized for virtual environments Higher VM densities 11 Unrivaled Security Built for Virtual Environments (SEP only) Blazing Performance Symantec Endpoint Protection 12.1

12 The Security Stack – for 32 & 64 bit systems 12 Network IPS & Browser Protect & FW Insight Lookup Heuristics & Signature Scan Real time behavioral SONAR IPS & Browser Protection Firewall Network & Host IPS Monitors vulnerabilities Monitors traffic Looks for system changes Stops stealth installs and drive by downloads Focuses on the vulnerabilities, not the exploit Improved firewall supports IPv6, enforces policies Symantec Endpoint Protection 12.1

13 Insight – Provides Context 13 Network IPS & Browser Protect Insight Heuristics & Signature Scan Real time behavioral SONAR Insight Reputation on 2.5 Billion files Adding 31 million per week Identifies new and mutating files Feeds reputation to our other security engines Only system of its kind Symantec Endpoint Protection 12.1

14 File Scanning 14 Network IPS & Browser Protect Insight Real time behavioral SONAR File Scanning Cloud and Local Signatures New, Improved update mechanism Most accurate heuristics on the planet. Uses Insight to prevent false positives Heuristics & Signature Scan Symantec Endpoint Protection 12.1

15 SONAR – Completes the Protection Stack 15 Network IPS & Browser Protect Insight Lookup File Based Protection – Sigs/Heuristics Real time behavioral SONAR Monitors processes and threads as they execute Rates behaviors Feeds Insight Only hybrid behavioral- reputation engine on the planet Monitors 400 different application behaviors Selective sandbox (ex Adobe) Symantec Endpoint Protection 12.1

16 16 Insight - Optimized Scanning Skips any file we are sure is good, leading to much faster scan times Traditional Scanning Has to scan every file On a typical system, 70% of active applications can be skipped! Faster Scans Symantec Endpoint Protection 12.1

17 Detected 25% more threats than any other vendor tested. Detected 6x as many threats as Microsoft. Removed more threats than any other vendor tested including 36% more than McAfee more than 4x the number as Trend Micro. Scanned faster, used less memory and outperformed all products in its class Scanned 3.5x as fast as McAfee and used 66% less memory than Microsoft The Results are In: Symantec Endpoint Protection: 17 Symantec Endpoint Protection 12.1

18 Policies based on Risk Only software with at least 10,000 users over 2 months old. Finance Dept Can install medium-reputation software with at least 100 other users. Help Desk No restrictions but machines must comply with access control policies. Developers 18 Symantec Endpoint Protection 12.1

19 Built for Virtual Environments 19

20 Built for Virtual Environments 20 Optimized for VMware, Citrix and Microsoft virtual environments Easy to manage physical and virtual clients Maximizes performance and density without sacrificing security Best in class performance and security Scan Cache Symantec Endpoint Protection 12.1

21 Virtual Insight Features Virtual Image Exception Used on cloned imagesUsed on cloned images Excludes all filesExcludes all files Reduces scan impactReduces scan impact Shared Insight Cache Clients share scan results Scan files once Leverages Insight Virtual Client Tagging Identifies hypervisorIdentifies hypervisor Set group specific policySet group specific policy Search for virtual clientsSearch for virtual clients Resource Leveling Used for all virtual systems Reduce overlap of events Scans and def updates Enhances Management and Reduces Scan Impact by ~90% 21 Symantec Endpoint Protection 12.1

22 IT Analytics - Symantec Endpoint Protection Ad-hoc Data Mining – Pivot Tables – Data from multiple Symantec Endpoint Protection Servers – Break down by virus occurrences, computer details, history of virus definition distribution... Charts, Reports and Trend Analysis – Alert & risk categorization trends over time – Monitor trends of threats & infections detected by scans Dashboards – Overview of clients by version – Summary of threat categorization and action taken for a period of time – Summary of Virus and IPS signature distribution 22 Symantec Endpoint Protection 12.1

23 23 SEP Reporting Tactical View of frontline endpoint defenses. Current view of events and the state of SEP clients. IT Analytics Strategic View over time of endpoint defenses. Trend analysis and data mining via a consolidated view of multiple Endpoint Protection Managers. Symantec Protection Center 2.0 Single sign on management as well as cross-product reporting and dashboards of Symantec Endpoint Protection, Messaging Gateway, SNAC, PGP Universal Server. Symantec Endpoint Protection 12.1

24 The Symantec Endpoint Protection Family 24 Symantec Endpoint Protection 12.1

25 Symantec Endpoint Protection 12 Powered by Insight 25 Unrivaled Security Blazing Performance Built for Virtual Environments

26 26 Symantec Endpoint Protection 12.1

27 27 Symantec Endpoint Protection Appendix: Symantec Network Access Control 12.1

28 Symantec Network Access Control 28 Checks adherence to endpoint security policies Antivirus installed and current? Firewall installed and running? Required patches and service packs? Required configuration? Fixes configuration problems Controls guest access Network Access Control puts you in control of what attaches to your netwok NAC is process that creates a much more secure network Symantec Endpoint Protection 12.1

29 What to Control with Each Phase 29 Phase 3 Network Lockdown (complete) Phase 2 Network Lockdown (partial) Phase 1 Endpoint Lockdown Company-owned laptops & desktops Unmanaged Endpoints Managed Endpoints Self-Enforced with the SEP client Ingress Control Wireless, VPN, Key subnets Use Enforcer Complete Access Control for LAN & remote endpoints Complete Access for remote & LAN Guests N/A Ingress Control Wireless, VPN, Key subnets Use Enforcer Symantec Endpoint Protection 12.1

30 What Type of Enforcement to Use with Each Phase 30 Phase 3 Network Lockdown (complete) Phase 2 Network Lockdown (partial) Phase 1 Endpoint Lockdown Unmanaged Endpoints Managed Endpoints Self-Enforcement Gateway Enforcement LAN (802.1X), DHCP Enforcement N/A Gateway Enforcement LAN (802.1X), DHCP, Gateway Enforcement Start with SEP Enforcement then move to network-based enforcement Symantec Endpoint Protection 12.1

31 Symantec Network Access Control 3 Key Components SEP Management Console (SEPM) Endpoint Client (SEP) Enforcer Appliance 31 Symantec Endpoint Protection 12.1

32 2. Endpoint Evaluation Technologies Symantec Endpoint Protection 12.1 client is SNAC ready Dissolvable Agents ‘Unmanaged’ Endpoints Remote Scanner ‘Unmanagable’ Endpoints Persistent Agents ‘Managed’ Endpoints Best 32 Symantec Endpoint Protection 12.1 Better Good

33 3. Enforcers Symantec LAN Enforcer-802.1X Symantec DHCP Enforcer Symantec Gateway Enforcer Symantec Self-Enforcement Host-based Network-based (optional) 33 Symantec Endpoint Protection 12.1 Best Better Good

34 How SNAC is Packaged Central Management Console Endpoint Evaluation Technology Symantec Endpoint Protection Manager Persistent Agent (SNAC Agent) Dissolvable Agent (On-Demand Agent) Remote Vulnerability Scanner Self - Enforcement Gateway Enforcement DHCP Enforcement LAN (802.1x) Enforcement * * Add On * Symantec Network Access Control v 12.1 Symantec Network Access Control Starter Edition v 12.1 * Requires purchase of an enforcer appliance 34 Symantec Endpoint Protection 12.1

35 Global Expertise More researchers Comprehensive data sources More virus samples analyzed Extensive customer support In-depth Analysis Signatures: AV,AS,IPS,GEB, SPAM, White lists DeepSight Database IT Policies and Controls Rigorous False Positive Testing Automated Updates Fast & Accurate Variety of Distribution Methods Relevant Information Relevancy Accuracy Protection Response Centers Users Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection Symantec Endpoint Protection

36 Global Expertise More researchers Comprehensive data sources More virus samples analyzed Extensive customer support In-depth Analysis Signatures: AV,AS,IPS,GEB, SPAM, White lists DeepSight Database IT Policies and Controls Rigorous False Positive Testing Automated Updates Fast & Accurate Variety of Distribution Methods Relevant Information Relevancy Accuracy Protection Response Centers Users Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection Symantec Endpoint Protection

37 Thank you! Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 37 Symantec Endpoint Protection 12.1


Download ppt "1 Symantec Endpoint Protection 12.1 Unrivaled Security. Blazing Performance. Built for Virtual Environments. May 2011."

Similar presentations


Ads by Google