1. Symantec Mail Security 8300 Series
Ramil Yafizov 1

2. Содержание Какие проблемы мы решаем 1 Как мы их решаем 2
Почему надо использовать продукты от Symantec
для обеспечения безопасности сообщений 3

3. Какие проблемы мы решаем

4. Видение безопасности Symantec!
Security Management i
Dashboard
Security
Information Risk Management
Talking points:
Symantec has historically focused on protecting the infrastructure of an organization
Whether that be through securing the endpoints or making sure that systems and data can be recovered when there is a system failure
While that is still important, what we are hearing from our customers and the market is that what they need is a way to manage not only system risk, but also new risks associated with information.
All of this must also be managed and controlled through policy. These three layers make up the strategy around the next generation of protection for the enterprise, which we have talked about as Security 2.0
(BUILD SLIDE) Today we are going to discuss the risks to information and the solution we offer for managing that risk.
Set the context of Security 2.0 Vision
Our layer is the middle layer – IRM
Set up slide to drill into middle layer
Cell Phone
Laptop
Desktop
File Server
Application Server
Messaging Server
Database Server
Infrastructure Protection

5. Управление информационными рисками
Protect
Control
Store
Discover
Simplify / Manage
Talking points:
We treat the entire messaging management space (Gateway, Groupware, Security, Archive, and IM) as a single problem. We have a comprehensive solution that covers it all “Information Foundation”.
Emphasize that today we will focus on areas 1 & 2 and how they are solved by the 8300 Series appliance.
We address these 2 areas with a 3 step solution, PROTECT again threats, CONTROL where your sensitive information goes and SIMPLIFY the entire process and related technologies.
We chose the term “Control” – analogy to “Air traffic controller” – Vontu Story
Simply: ties the Protect and Control themes together 5

6. Трудность #1: Спам продолжает «засыпать» сервера и почтовые ящики
Spammers Innovate to Beat Blocking Technologies
Spam Always Evolving
PDF Spam
Image Spam
Phishing
More Damaging
HTML
Vary message while maintaining the same look
ASCII
Simple Text
Spam as a Percentage of All
Intro to the 3 challenge slides: There are 3 main challenges that organizations face when managing their messaging infrastructure.
Key point of this Challenge slide: Spam continues to increase & evolve, making it more and more difficult to manage.
====================================================================================================
Talking points:
The first challenge is keeping spam under control.
Spam continues to evolve – they become more and more sophisticated and therefore, making it more complex to manage.
New waves of spam all the time (i.e., MP3 Spam)
New ways to attack all the time (i.e., bonets)
It’s not about comparing what all the vendors protect today, but also need to consider who can protect you from the next wave of attack
Customers need to consider which vendor will be able to protect them not only today, but also tomorrow!
8 %
75 %
2001
Severity/Complexity
2007
Source: October State of Spam Report

7. Трудность #2: Как сохранить важную информацию внутри не остановив бизнес
Key point of this Challenge slide: Controlling the flow of information as it has a nasty habit of wanting to move. Need to ensure that sensitive information does not flow into the wrong hands.
====================================================================================================
Talking points:
If we don’t look at all the places where data travels and where it lives, we’re missing a huge part of the equation.
Every day contractors and partners are plugging into your network.
Employees are taking confidential information home with them to work.
Executives are downloading customer data onto pen drives, or accessing it on their mobile phones.
Think about how much you now have on your phone – your contacts, calendar, , spreadsheets… it’s all portable. And it can easily be lost. 22% more likely to be lost actually.
Collaboration and connectivity are forcing this network of information to expand.
Selectively & intelligently decide what can go in and out of an organization
Key: tie DLP story with Enterprise Security story – need consistency across the endpoint, etc.
We must figure out a better way to protect our information no matter where it lives by controlling where it goes.
99% of data loss caused by breakdowns in process controls by good employees

8. Дороговизна управления возросшей сложностью
“We need to control instant messaging too”
VP IT
“I can’t keep up with the calls”
Help Desk
“What do you mean you blocked that Contract”
VP Sales
Systems
Effectiveness
Users
Multiple applications
Multiple protocols
Scaling systems to meet volume
Tuning / supplementing rules
Tracking down false positives
Parsing through quarantines
End user spam complaints
Quarantine management
Looking for missing s
Managing own block lists
Key point of this Challenge Slide: The messaging infrastructure has become more complex and costly to manage. By implementing a solution that helps simplify administration, organizations can reduce both indirect & direct costs.
====================================================================================================
Talking points:
One of the biggest costs associated with messaging security is the time it takes to administer. Some solutions literally expect administrators to update block lists daily while others are so inaccurate that quarantines have to be scrubbed constantly.
This has direct and indirect costs. The direct cost of the admin’s time and the indirect cost of helpdesk call and lost productivity to the end users.
One way to reduce these direct costs is to reduce the complexity of the solution. Multiple consoles, incompatible logging and reporting inconsistent alerting all add up to huge costs in time needed to manually work around those problems. Most messaging admins you talk to will relate to having to put together their own custom solution from different products from different vendors and the hastle that caused them in terms of integration and on-going management effort.
===================================================================================
Additional protocols and new technologies multiplies management requirements 8

9. Как мы их решаем

10. Что это - Symantec Mail Security 8300?
Symantec™ Mail Security 8300 gateway appliances deliver best-in-class antispam, antivirus, and compliance technologies to protect and IM against threats and reduce risks of data leakage.
Unprecedented 35th Consecutive VB100 Award Since 1999
Fourth consecutive technology of the year award from InfoWorld.
Not paid for by vendors
35 consecutive VB100 awards, only organization to pass all tests since 1999
December 2007 test, only 2 vendors passed
Explain gateway level security and point out what the 8300 does

11. Устранение проблем в области управления сообщениями
Protect
From Spam and Viruses
97% effectiveness, accuracy of 1 in 1 million
Global detection & response network
Faster updates – every 5-10 mins
Zero-day antivirus prevention
Integrated IM filtering
Control
Easily meet regulatory and compliance requirements
Selective message encryption
Integrated compliance workflow
Fingerprinting of sensitive data
Sensitive Data Flow
Talking points:
What is SMS?
It is Software or Hardened Appliance that allows you to PROTECT your messaging Systems, CONTROL where content is allowed to be sent and SIMPLIFIES management of the multiple systems and technologies required to keep you environment safe and your users productive.
Let’s start with how Symantec Mail Security 8300 can help you PROTECT your messaging environment.
To Reduce Complexity & Cost
Simplify
Out of the box reporting
Comprehensive centralized management
Granular message tracking

12. Не просто «устройство»
Twyford, England
Munich, Germany
Alexandria, VA
Sydney, Australia
Redwood City, CA
Santa Monica, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, India
Taipei, Taiwan
Tokyo, Japan
The Power Of Symantec – Global Intelligence
Over 750 Million Mailboxes protected from Viruses and Spam
Automatic updates every 5-10 minutes
Key point: comprehensive protection of Anti-Virus & Anti-Spam by leveraging Symantec Security Response (global reach)
====================================================================================
Backend is a huge advantage for us
Impressive story to set us up on Protect
We need to market this message & brand it!!!! Very strong for us.
Symantec Security Response
Symantec Security Group
Virus Protection
by Symantec Security Response
Spam Protection
by Security Group
8 Security Response Centers
Digital Immune System Infrastructure
– Over 120M systems worldwide
Over 45 Countries
24 x 365 Response
4 Operation Centers
Over 2.5 Million Decoy Accounts
Tens of Millions of Spam Processed Daily
Over 20 Countries
24 x 365 Response 12 12 12

13. Лучшая в своем классе защита от спама
Leading effectiveness with the industry’s best accuracy rates
Symantec takes the prize with superior anti-spam and anti-malware capabilities…
97% accurate
0 critical false positives
Key point: We have best in class anti-spam protection – validated by InfoWorld and Gartner
Unprecedented 4 InfoWorld Technology of the Year awards, every year that Symantec has had a product in this space.
====================================================================================
We have so many technologies – puts us in a very good position to help protect customers in the future! EG. PDF spam & MP3 Spam – we were very fast & running in protecting customers
Our reaction time is very quick vs. our competitors
... remains unsurpassed for ensuring that spam filters don’t block legitimate .

14. Лучшие в своем классе репутационные сервисы
Global reputation
Local reputation
Leverages Symantec Reputation service
Tracks open proxy senders, zombie IP addresses, suspected spammers, and safe senders
Relies on Symantec’s world-leading probes
Spam throttling tracks local reputation of remote senders
Applies connection shaping to defer connections likely spam senders
Reduces mail to be filtered by over 60%
Key point: We offer best in class reputation services – working on 2 levels (high-volume senders & low volume senders)
This is an important differentiator for us
Most competitors have global reputation
Advantage for SYM: we see more unique (25M) IP address per day
We can push out massive global IP lists
Local reputation:
Effective for regional, local, targeted attacks
Recently, seen more & more narrow attacks vs. mass global attacks; therefore it’s important to have both global & local reputation services
When you pair this up, you have a highly effective solution – powerful & a good differentiator
First, we check a sender’s global reputation. To do this, we leverage Symantec’s Sender Reputation Service. Using the reach and visibility of the Probe Network, Symantec can monitor hundreds of thousands of sources to determine how much sent from these addresses is  legitimate and how much is spam. the Firewall can act based on a sender’s global reputation as determined by Symantec.
In addition to global data, the Symantec Mail Security 8300 appliances can also looks at local traffic patterns. This means that 8300 series is tracking the number of times a given sender sends, for example, spam, to the 8300 Series over a given time. We  can dynamically analyze local traffic patterns. It can track how many times a specific sender (IP) sends spam, virus, directory harvest attempts, and so on.
Especially effective against botnets & Distributed Low Volume (DLV) attacks
Optimizes protection against high volume senders 14 14

15. Источники данных для глобальных репутационных сервисов
Global Customer Base
1Billion+ records daily
Message Scanning Verdicts
Customer
Stats
Probe
Network
Global Network
2.5M Honeypots
Symantec Reputation System
Track more IPs
Lower Latency
Add bubble for SRL
Verisign Domain Feed
Whois
ASN Feed
Botnet Intelligence
Phishing
3rd Party
Feeds
SRL 15 15

16. Как работает глобальный репутационный сервис
Global Reputation
The heart of reputation filtering involves categorizing senders by their originating IP address (which are nearly impossible to forge)
This slide shows how the sender reputation service works with the Firewall in the Series 8200.
On the left, you can see a depiction of the Symantec’s Probe Network, through which millions of messages from hundreds of thousands of sender flow every hour. Given this huge volume of spam passing through the Probe Network, Symantec can identify IP addresses of machines that are ONLY sending spam. Similarly, Symantec can also check into machines that have been hacked and have had a Trojan mail server installed to send spam. What comes out of this analysis are three lists:
Open Proxy Senders – lists of senders with open proxy vulnerabilities
Spam Senders – high volume senders who are sending virtually all spam
Safe Sender – high volume senders who are only sending legitimate mail.
These lists are dynamically regenerated every hour and deployed to 8200 Series appliances at that customer site. The Firewall can then use the updated reputation information to block or let through connections based on the source server.
Blocking based on the source is efficient. It saves resources, because the messages don’t pass the Firewall, and the Scanners don’t need to perform the rest of the checks. 16 16 16

17. Защищать как можно раньше
All suspect messages are blocked until updated patterns are available
Delivered FREE with the AV license.
Key point: Zero-day protection is critical as it allows you to protect at the earliest opportunity.
====================================================================================
Time 17

18. Надежная защита – 36 идущих подряд наград VB 100
Symantec:
Submitted all supported environments for analysis since Nov. ‘99
ONLY vendor to obtain 35 consecutive VB100 Awards
On this slide note that:
Trend failed to submit for several recent tests and allude to their recent issues with virus definition.
Highlight that Symantec has not failed in over 6 years while submitting every single time for all tests on supported platforms. Starting with the April 2006 test we have added the Linux platform, so we now support all major platforms tested by VB.
The VB 100% logo is awarded to anti-virus products that:
Detect all In the Wild viruses during both on-demand and on-access scanning in Virus Bulletin's comparative tests.
Generate no false positives when scanning a set of clean files.
Virus Bulletin's aim is to offer subscribers the best impartial advice about anti-virus security and the products on offer.
As the virus threat is continually changing, you should look for products that have achieved a succession of VB 100% awards, rather than just one or two. Developers that can best keep their products up to date are more likely to receive VB 100% awards. Virus Bulletin's tests are widely recognized within the industry. The comparative tests tend to focus on virus detection rates and scanning speed, as well as looking at how each product fares when scanning a set files that are known to be clean.
BIG WIN FOR US..
Key point: SYMC is the ONLY AV vendor to have passed every VB100 test since Nov 99. This is huge! Make the point that every other vendor has let viruses through during that time and that each virus that gets through can potentially cause massive damage.
This slide is also a proof point for our later claim that we are the only vendor with best-of-breed in one box so refer back to it .
SYMC has history to prove that we can protect you moving forward
Not just about being protected today, but also tomorrow!
Pass: Detected all "In the Wild viruses" in comparative tests (with no false positives)
Fail: Missed detection after three attempts
—: Chose not to submit for testing

19. Встроенные возможности защиты потока мгновенных сообщений
IM Platform & Control
Spim and Virus control
Visibility and Reporting
Gateway IM Protection (along side )
MSN, AOL, Yahoo and Google Talk support
Control use of IM by network
Control use of IM file transfers
Screen name registration
Group policy-based provisioning of spam and virus protection
Scan files transferred for malicious code (Requires AV license)
Scan IM content for spim and malicious code (Requires AV license)
Multiple types of spim and virus detection including heuristic based (requires AS license)
Active user reporting
Screen name visibility
Spim reporting
File transfer reporting
Key point: Instant Messaging protection is built in for free with the SMS 8300
====================================================================================
Screen name registration – allows you to map etc. – to company address so you know who these guys are 19 19 19

20. IM Manager and IM on the SMS 8300
8300 Series appliance proxies IM traffic and integrates basic IM security features
Feature
IM on 8300
IM Manager
Control and IM security from common admin interface 
Support for consumer IM networks (AOL, MSN, Yahoo, Google Talk)
Anti-SPIM control and reporting (AS license required)
Protection from IM threats (AV license required)
Usage reporting, usage statistics
Coarse grain controls to restrict/allow IM use by network
User registration
Group/user based policies for IM (spam and virus)
Content filtering for IM
Archiving of IM traffic
Support for enterprise IM systems
Disclaimers for IM 20 20

21. Selective Encryption Flexible policy creation Native TLS encryption
Rules Based Encryption
Flexible policy creation
Native TLS encryption
Integration with encryption partners
Key point:
===============================================================================
Talking points:
Per-domain and policy-based TLS encryption. To comply with internal and external regulations, many organizations must encrypt outbound messages if they contain private health or non-public personal information (e.g. drug names and social security numbers or credit card numbers).
With SMS 8300 appliance, administrators can configure a set of remote partner domains that require Transport Layer Encryption (TLS) encrypted data. Additionally, the “Deliver the message with TLS encryption” filter policy action allows administrators to create policies that automatically encrypt outbound mail based on the message content, sender, recipient, or other conditions. The TLS-based encryption can be configured on an “attempt” or “mandatory” basis, with optional certificate verification.
As for PGP - The point with PGP is that while we do have on-box native gateway-to-gateway TLS-based encryption, if customers want deeper, message-level encryption, we can accommodate the by working with our preferred encryption partner, PGP.
Per-Domain
On Policy Basis
Encrypt all messages sent to business partner
Encrypt messages that
trigger the policy 21 21 21

22. Устранение проблем в области управления сообщениями
Protect
From Spam and Viruses
97% effectiveness, accuracy of 1 in 1 million
Global detection & response network
Faster updates – every 5-10 mins
Zero-day antivirus prevention
Integrated IM filtering
Control
Easily meet regulatory and compliance requirements
Selective message encryption
Integrated compliance workflow
Fingerprinting of sensitive data
Sensitive Data Flow
Now let’s move onto CONTROL.
To Reduce Complexity & Cost
Simplify
Out of the box reporting
Comprehensive centralized management
Granular message tracking

23. Статистика потерь данных
1:400 s contain confidential information
1:50 network files are wrongly exposed
Breaches on the Rise
2005:107 companies exposed 56M individual data records
2006: In 6 months, 40 companies and government agencies have exposed nearly 30M individual data records
Customer, Employee Patient Data
Intellectual Property
Company Confidential
Vontu, a leader in the Content Monitoring and Filtering market, has observed 1 in 400 s contain confidential information and as many as 1 in 50 network files with sensitive data are exposed.
The data generally falls into three categories:
Customer, Employee and Patient sensitive data must be protected. In order to comply with regulations like Gramm Leach Bliley, State Data Privacy Acts and HIPAA that mandate protection of non-public personal information like social security numbers, credit card numbers and drivers licenses as well as protected health information like prescription drugs, treatment codes and disease names. This category is also interesting because there must also be a way to ensure that data this is needed in the performance of business transactions is communicated securely.
Intellectual Property is also important to maintain competitive advantage. Customers need to protect source code, strategy documents, product pricing, scripts, designs.
Electronic Arts – estimates they lose $50M for every week a new video game is leaked prior to GA
Motorola estimates only 3 months with a new phone design (RAZR, PEBL) before competitor copies design. Pre-GA leak lessens competitive advantage
Companies also need to control early leaks of press releases, M&A activity and other sensitive data.
====================================================================================
Regulatory Compliance
HIPAA, Gramm-Leach-Bliley, PCI, State Data Privacy
SSN, Credit Card Numbers, Health Info
Competitive
Source Code
Engineering Specs
Strategy Documents
Pricing
Reputation
Press Release
Quarterly Earnings
M&A
CEO Internal

24. Контроль: Data Loss Prevention
Classify, control & retain structured and unstructured data
Close the exits: multi-protocol, endpoint
Comprehensive protection
Advanced Data Loss Prevention 1 2 3
Set up slide: there are multiple sides to cover in order to have comprehensive data control
Info in motion: travelling, IM travelling, etc.
Info in the endpoint?: cell pone, etc.
Info at rest: what’s already proliferated on your network
Vontu connects everything in the middle
A huge differentiator for us
EX. Competing vs. Ironport – bring in Endpoint story! Have DLP on their endpoint AV
Symantec acquired Vontu in December 2007 and is integrating technology across product lines 24

25. Контроль потока важных данных
Messaging is the most common source of data leakage
Easily deploy and manage effective compliance tools
Dictionaries &
Templates
LOB Systems
Policies
Data in Motion
Clean Mail for
Delivery
Key point: We make compliance EASY by delivering pre-packaged rules & dictionaries for easy & effective deployment of content filtering.
==========================================================================
Talking points:
We worked with Vontu, a leader in DLP technology
Why is it easy to deploy? The customer doesn’t have to understand the laws, just check a box.
We’ve added the ability to fingerprint real data from their backend systems this allows them to filter actual records not just things that look like they might be.
Optional human intervention is introduced giving the ability to review potential violations then reject or release the message depending upon the determination of a manager or auditor.
Explain Graphic:
Step 1 – monitor
Step 2 – block (customers usually not confident to actually do something about it); customers worried about blocking stuff & therefore stopping business
BUT, with Workflow – allows you to take action… HOLD FOR REVIEW (new to Yosemite) – next slide
Hashing
Live Systems
Data
Hashes
Saved
Mail Held for
Review , Release
or Rejection
Exact Data Matching
Rejected Mail Returned or Escalated 25

26. Работа с инцидентами Hold for Review
Keep business moving – via human intervention
Reviewer approves or rejects based on the contents
Predetermined actions
Approve: deliver with TLS, …
Reject: archive, send a notification, block, …
Key point: Policy-driven engine to allow message reviews
===============================================================================
Talking points:
Administrators can take action – approve or reject – more intelligently decide what needs to be blocked versus what can go through
Differentiator

27. Точное сравнение данных
Protect the exact data you care about
Not just any SSN, but your patient’s specific SSN
Protect data that is difficult to describe and only important if related
Employee first name, last name and salary
Specify what actually defines DLP violation
E.g. fields required for a match
First Name
Last Name
Social Security
Hair Color
Kayla
Douglas
Black
Karen
Whitcomb
Blond
Brian
Hubert
Brown
Clare
Mata
Red
Ralph
Hansen
Felipe
Fulmer
Gray
Key point: Be specific to what you want to protect
===========================================================================
Talking points: explained in slide
EDM features in Yosemite – database table matching for outbound content
Previously?: Uses regular expressions to decide if it’s a “credit card” #, etc.
Example: a certain # of rows in a database & if seen to be sent out, stop it
Feedback from customer: more administration involved – contrary to what we say about low administration, etc. Dan says we are working on things to address this 27

28. 8300 Policy Templates 28 28

29. Устранение проблем в области управления сообщениями
Protect
From Spam and Viruses
97% effectiveness, accuracy of 1 in 1 million
Global detection & response network
Faster updates – every 5-10 mins
Zero-day antivirus prevention
Integrated IM filtering
Control
Easily meet regulatory and compliance requirements
Selective message encryption
Integrated compliance workflow
Fingerprinting of sensitive data
Sensitive Data Flow
And finally, let’s talk about how SMS 8300 appliance can help you SIMPLIFY the way you manage the multiple systems and technologies required to keep you environment safe and your users productive.
To Reduce Complexity & Cost
Simplify
Out of the box reporting
Comprehensive centralized management
Granular message tracking

30. Упрощение работы, связанной с безопасностью сообщений
Systems
Effectiveness
Users
Multiple applications
Multiple protocols
Scaling systems to meet volume
Tuning / supplementing rules
Tracking down false positives
Parsing through quarantines
End user spam complaints
Quarantine management
Looking for missing s
Managing own block lists
Key point of this Challenge Slide: The messaging infrastructure has become more complex and costly to manage. By implementing a solution that helps simplify administration, organizations can reduce both indirect & direct costs.
====================================================================================================
Talking points:
One of the biggest costs associated with messaging security is the time it takes to administer. Some solutions literally expect administrators to update block lists daily while others are so inaccurate that quarantines have to be scrubbed constantly.
This has direct and indirect costs. The direct cost of the admin’s time and the indirect cost of helpdesk call and lost productivity to the end users.
One way to reduce these direct costs is to reduce the complexity of the solution. Multiple consoles, incompatible logging and reporting inconsistent alerting all add up to huge costs in time needed to manually work around those problems. Most messaging admins you talk to will relate to having to put together their own custom solution from different products from different vendors and the hastle that caused them in terms of integration and on-going management effort.
Powerful Control Center for management and administration
Automatic system and threat updates
Integrated multi-protocol protection 30

31. Встроенная отчетность
Full set of reporting options
New Reporting in v7.6:
Dashboard
Executive Summary
New Reputation, Virus, and Compliance Summaries
Enhanced Reporting Workflow
Over 50 preset reports
Scheduled report generation
Benefits
Gain insight into performance
Identify and IM security trends
Track potential compliance issues
Key point: Reporting is made really easy
==================================================
Talking points: per slide
Key Points:
First of all, spam is a drain on productivity and resources. Our reports show the amount of spam has been caught by our anti-spam filters at the gateway. Also, we have reports that show which compliance policies fired. This can proactively identify data leakage trends and help organizations who need to demonstrate compliance with various privacy and other regulations.
Lots of reporting enhancements with v7.6. The dashboard gives you an instant view into the state of your messaging security, and the Executive Summary is ideal for sharing with executives to demonstrate efficacy and impact

32. Упрощение отслеживания сообщений1
Filter with multiple criteria
Sender
Recipient
Subject
etc. 2
Retrieve Message Status
Time message processed
Sender
Recipient
Subject of the message
Disposition (spam, virus, blocked sender, etc)
Actions Taken
Key point:
Symantec Mail Security 8300 Appliance Series offers a graphical message auditing interface that allows administrators to perform advanced tracking across multiple scanners in their network. messages can be queried using the system by subject, date and time range, envelope information or IP address.
The key message is that message tracking gives administrators the ability to quickly determine what happened to a message that passed through the system (what policies fired, what was the action, etc) 3
Drill down for detailed forensics
Enterprise Security 32 32

33. Автоматическое обновление LiveUpdate
High level status…
Which viruses am I protected against?
…and fine-grained configuration
On demand and scheduled updates push new definitions to all scanners at the site
Key point: virus definitions are automatically updated via Symantec LiveUpdate so you’re protected against the latest threats
==================================================
Talking points:
There are high level status views as well as fine-grained configuration capabilities
For examples, in the high level status, you can take a look by a click of a button for which viruses you’re protected against
And in the fine-grained configuration area, you can enable automatic updates or put updates on a schedule

34. Пользовательский карантин
Benefits
End users notification is configurable, i.e., daily/weekly about new spam with 24 hour access
Centralized message purging after x days
Search functionality for both administrators and end-users
Key point: Allow end users to be notified and look through spam before it’s purged

35. Интеграция с существующей LDAP инфраструктурой
Directory
LDAP User Authentication
Routing 1 2
Removes burden of management from administrators
Provides End User Quarantine Access
New triggers directory look-up
Routes to specific mail server based on message recipient
Mail Server
Key point:
LDAP routing. Administrators can now leverage existing LDAP directory information to route mail to an arbitrary mail host or to an arbitrary user (or both). Administrators can customize the queries to adapt to any LDAP server and LDAP schema.
Used for: Forwarding mail to specific groupware server
Supported Platform: Any LDAP server
LDAP Interaction: Direct look-up
LDAP Synchronization. This is used to prevent spammers from doing directory harvest attacks for valid users. The concept is to disallow receipt of messages that have been sent to invalid recipients. This feature is also used to enable the 8300 to utilize the existing group structure within the LDAP source for implementing group policies.
Used For: Directory Harvest Attacks & Group Policies
Supported Platform: Active Directory, Exchange 5.5 Sun JES, Lotus Domino
LDAP Interaction: Syncronization and replication
- With LDAP sync, you can enable end user features such as enabling end user allow/deny lists and/or end user language settings.
LDAP Authentication. This is used to give secure access for end users to access their quarantines and end user preferences
Used for: End user Quarantine access
Supported Platform: Any LDAP source
LDAP Interaction: Direct Look-up
The Lightweight Directory Access Protocol, or LDAP is an application protocol for querying and modifying directory services running over TCP/IP.
LDAP Synchronization
Directory Harvest Attack Protection
Drops Invalid recipients
Establish Group Policies 35 35

36. Интегрированный контроль за мгновенными сообщениями
Leading Instant Messaging Security On Box
Access control
File transfer filtering
User screen name registration
Key point: Instant Messaging protection is integrated for simplified management of your messaging infrastructure
=============================================================
Talking points: per slide

37. Symantec Mail Security 8300 – Virtual Edition
Hypervisor +
It is the Symantec Mail Security 8300 Appliance – with the 3 key ingredients of Anti-Spam, Anti-Virus and Content Filtering, but available in a “virtual” format.
The “virtual” form factor will be available as part of v7.6
The Virtual Appliance is certified for production deployments on VMWare server and ESX servers
And it is sold as the same SKU – so the customer can take the virtual option if they wish to do so.
Available as part of v7.6
Designed for production deployments on VMWare Server and ESX
Same SKU’s for Virtual or Physical appliances
User license SKU’s
Hardware SKU’s optional for physical appliances

38. Оборудование 38 38

39. Возможность выбора All-in one appliance Virtual appliance
All hardware/software included
Pre configured and hardened against security threats
Four models to choose from:
8380
8360
8340
8320
8300 Series – Virtual Edition
Deploy on hardware of your choice
Certified with:
VMware ESX Server (production)
VMware Server (testing) 39 39

40. Обзор аппаратных платформ
Model
8380
8360
8340
8320
Customer segment
Up to 150,000 Users
Up to 10,000 Users
Up to 1,000 Users
Up to 100 Users
Form factor 2U 1U
Tower PC
Redundant Power/Fans
Yes No
RAM/Storage
4GB / 6x146 GB
4GB / 2x146 GB
1.5GB / 2x80 GB
1GB / 1x80 GB
Raid
Raid 10
Raid 1
None
Key point: We have multiple product configurations to fit the different needs of organizations
=========================================================================
The Symantec Mail Security 8300 features two models, designed to accommodate varying license and performance needs.
• Symantec Mail Security 8380: Organizations with >1,000 users that need high performance, extended logging and reporting, and aggressive quarantine usage
• Symantec Mail Security 8360: Organizations with >1,000 users
• Symantec Mail Security 8240/8340: Organizations with 100–1,000 users
• Symantec Mail Security 8220/8320: Organizations with < 100 users
All models support the same level of security protection, including volume management, antispam, antivirus, content filtering, and message integrity.
Scanner appliance(s)
- Resides in DMZ
- Processes inbound and outbound mail
- Performs filtering, routing, and policy actions
- Scales horizontally for high volume sites
Control center appliance
- Centralized management appliance
- Typically resides in internal network
- Consolidates statistics and reports
Houses quarantine and centralized database
Antispam, Antivirus, Content Filtering, and IM Security
Delivered Across all Platforms
*Requires User-based SW License Purchase 40 40

41. Почему надо использовать продукты от Symantec для обеспечения безопасности сообщений

42. Признание в отрасли Proven industry leading solution…
“Takes the prize with superior anti-spam and anti-malware capabilities, strong enterprise-class features, excellent management and reporting tools, and a very polished and easy-to-use administrative interface.”
-InfoWorld 2008 Technology of the Year Awards
4th Consecutive Year
- Best Messaging Security
Talking points:
InfoWorld – not paid for by vendors! Not fake study
We are supposed to be winning this year to
Point out: these are not “paid” ads – they are independent studies (no biases)
Latest Gartner magic quadrant is delayed – they have not started interviewing yet – we expect to do very well in the Gartner MQ. Integration of IM on board, Integration of DLP – important rating points in Gartner – we have this stuff! Therefore we anticipate doing very well in MQ. 42

43. Подтверждено продуктовыми обзорами
Brightmail Anti-Spam's false-positive score speaks for itself…Brightmail Anti Spam is the best answer we know of.”
"A benchmark in the field…
Easy to install and maintain”
“Brightmail caught the highest %of spam and had the lowest false-positive rate of any of the products tested.”
“…a real "set and forget" system. “
Talking points:
Slide details how product has been received
The PC Magazine quote refers to BM’s zero false–positive showing. This writeup is excerpted from PC Magazine’s Editor’s Choice review for antispam products last year.
EWeek quote speaks to the metrics that most customers value: high effectiveness, without a significant administrative burden
Analysts comments:
Yankee Group reaffirms the key 1 in a million false positive rate
Gartner puts Symantec Brightmail AntiSpam in the Leader’s quadrant
“…spam protection mark was among the highest in our review, which makes the fact that the appliance registered no false positive especially impressive. Symantec appears to have finely tuned engines right out of the box.”

44. Довольные заказчики We protect over 750M mailboxes at over 90,000
customers, including…
- Throw in other logos if you want 44

45. Глобальное присутствие
More than 2400 highly trained global support professionals
Experts with certifications from more than 20 industry associations and technology providers including:
Microsoft, Cisco, Sun, HP, IBM, SNIA, and CISSP
Rapid resolution of multi-vendor cases provided through:
Cooperative support agreements with more than 200 vendors
TSANet board membership
Support delivered in 10 languages
Awards:
SSPA Star Award (Service and Support Professionals Assoc.)
Omega’s NorthFace ScoreboardSM Award
WebStar Award from Supportgate.com
Global programs to extend support delivery through partners
Symantec offers a global support presence. We have more than 2400 highly trained global support professionals located in 29 support centers around the world. Our reach is further extended through more than 70 regional partners who have been trained to handle support calls for specific Symantec products.
Symantec Enterprise Support experts collectively hold certifications from more than 20 industry associations and technology providers. In addition, Symantec has cooperative support agreements with more than 200 members and is on the board of TSANet, an industry association for facilitating the rapid resolution of multi-vendor cases.
We deliver support in 10 languages to ensure communication isn’t a barrier to handling customer issues.
And we’ve won numerous awards from third party organizations that measure excellence in support delivery.
We also work closely with our partners to ensure support delivery is seamless.
29 regional support centers
70 regional delivery partners

46. Достижение успеха с правильным планом поддержки
For customers who want the highest level of response
Fastest access to deep technical expertise
Personalized support delivered by a single point of contact
Proactive notifications and account planning
Flexible coverage options:
Remote Product Specialist
DataCenter
National
Global
Business Critical Services
For customers who require 24x7x365 access to technical experts
Faster response times than Basic Maintenance
Most purchased offering
Essential Support
The support plan you choose can have a significant impact on your experience with your Symantec technology investment. Symantec offers a range of plans to help customers address their unique needs:
Basic Maintenance – was designed for customers who only desire support during business hours. Product upgrades and patches are included in this offering, which is the lowest price option available from Symantec.
Essential Support – is for customers who require 24x7x365 access to technical experts. Response times are significantly faster than Basic Maintenance (goal of 30 minutes vs. 1 hour for severity one incidents). This is the most purchased offering available from Symantec and the recommended minimum for Symantec products. We recommend 24x7 support because our technology is typically in continuous operation. In addition, many heavy jobs (scanning, backup, archiving, etc.) are often scheduled to run in the middle of the night. And finally, hackers don’t keep business hours and may attempt an attack on your defenses at any time of the day.
Business Critical Services – is Symantec’s premiere support offering and was designed for customers who want the highest levels of response and the fasted access to deep technical expertise. BCS features personalized support delivered by a single point of contact who gets to know your unique operational set up and requirements. BCS also offers proactive notifications, account planning, and options for fly-to-site visits. Flexible coverage options are available at the level of a single product family, multiple products within a data center, or on a global or national basis.
For customers who only desire support during business hours
Includes product upgrades
Lowest price option
Basic Maintenance

47. Symantec Global Services: Integrated to Meet All Your Service Needs
Consulting
Advisory Services
Enablement Services
Technology Deployment
Operational Integration
Residency Services
Operational Services
Education
Skills Assessment
Classroom Training
Customized Training
Virtual Academy
Self-study
Certification
Technical Support
Business Critical Service Assessments
Incident Management
Problem Resolution
Onsite Support & Best Practices
Managed Security Services
Monitor
Manage
Respond
Early Warning Services
DeepSight Threat Management System
DeepSight Alert Services
Key point: we offer the most comprehensive services to plan, design, implement and manage a resilient infrastructure.
Talking points:
We provide the right people, processes and technology to optimize your IT infrastructure and service delivery while managing your business and IT risk. You can count on Symantec Global Services to keep your enterprise up, running, and growing—no matter what.
We provide unique insight and expertise across consulting, education, support, Managed Security Services, and Early Warning Services. Collaboration across all of our service lines delivers a seamless service approach and enhances your ability to manage a resilient infrastructure with the right people and processes as well as utilize your technology more effectively and efficiently.
More specifically related to SMS, we offer education services for the 8300 appliance.
Education service is Technical product training that is designed to help businesses gain maximum value from our security and availability products.
We offer training through the Security Academy (SYMC), Virtual Academy (VRTS-live web casts, expert mentoring, on-demand modules and hands on labs), Onsite and Classroom Training, as well as eLearning.
The Certified Professional program helps customers and partners gain proven expertise in administration, designing, integrating, managing, and implementing security and availability solutions.
==============================================================
Notes for the other services:
Discover and Alert
Our services offer you the ability to discover and alert known threats and attacks to ensure business continuity. They also allow you to proactively assess team skills (VRTS education skills assessments), and improve your organizations security posture by giving employees the knowledge they need (SYMC security awareness program).
Discover, Alert, Protect and Provision
Business Critical Services (premium support offering) offer proactive assessments, reports, alerts and ownership of high severity escalations. To be prepared for anything, it’s important that you plan for everything. With Business Critical Services, planning begins from day one and continues year-round. Year in and year out. Just one of many ways we help you prepare for—and often prevent—system disruptions.
Managed Security Services – 4300 managed security devices (represented on the global insight map slide much better)
We track vulnerabilities in more than 18,000 product versions from 2,200 vendors –more than three times our closest competitor.
We deliver detailed intelligence on real-time security incidents gathered from more than 20,000 sensors in more than 180 countries.
More than 500 companies around the world look to us to manage their security environment from one of our six Security Operations Centers—located in San Antonio, Texas; Alexandria, Virginia; Sydney, Australia; Tokyo, Japan; Berlin, Germany; and London, England.
65 million customers have utilized the free Symantec Security Check feature
More than 318 million customers launch our Live Update sessions everyday.
Early Warning
Subscription services offering that provides real-time reports around DeepSight Threat Management, DeepSight Alerts, and DeepSight Analysis.
Symantec Global Services provides you with the right people, process, and technology to optimize your IT infrastructure and service delivery while managing your business risk. We keep your enterprise up, running, and growing – no matter what happens. 47 47

48. Почему Symantec Messaging Security
Protect
From Spam/SPIM, Viruses
Catch rates high 90’s%, accuracy 1/1M
Largest detection & response network
Faster updates – every 7 mins
Zero-day protection
Instant Messaging integration
Control
Easy compliance through PCC
Selective encryption
Hold for Review
Exact data matching
Sensitive Data flow
Bring back three themes (from beginning of presentation)
To Reduce Complexity & Cost
Simplify
Out of the box reporting
Comprehensive management
Granular message tracking

49. Следующие шаги Try the product! Compare effectiveness and accuracy
30-day evaluation of physical or virtual appliance –
Compare effectiveness and accuracy
Greater than 97% effectiveness, less than 1 in a million false positives
Symantec and our partners can help assess, plan and deploy successfully! 49

50. Ramil Yafizov Ramil_Yafizov@symantec.com
Thank You
Ramil Yafizov