1. Symantec Support Number

2. Revolutionizing Endpoint Security
Bulent Teksoz, Principal Systems Engineer
Middle East and North Africa
December 4, 2007

3. Agenda Security 2.0 1 What this is all about 2 Announcing… 3
A Complete Enterprise Security Solution 4
Migration plans 5

4. Security 2.0 New technologies are changing the way we communicate
Businesses are sharing information across their extended enterprises and engaging in more complex electronic interactions
New technologies are also introducing new security risks
No longer focused on just the device – it’s about the information and interactions
Phishing, ID theft, malicious users and non-compliance are all risks
Must keep the threats out, and ensure the information stays inside
Symantec is bringing together an ecosystem of products, services and partners that help create a safe and connected world
Symantec’s mission is to deliver solutions that protect customers’ connected experiences
In September 2006 we held the Security 2.0 event. What was this about?
All about changing landspace of security. Even in the market, you see major players getting in the security field.

5. stopped giving out personal information stopped paying bills online
Security 2.0: The Facts
fear of eavesdropping
fear of online fraud
53%
14%
stopped giving out personal information
stopped paying bills online
Fear.. We know what happends when you give in the fear. Badguys win.
Sources: Gartner; Cyber Security Industry Alliance, June 2005

6. Protecting Information
External Threats Such As Viruses, Spyware & Crimeware
Exploiting System Vulnerabilities
Internal Threats Such As Data Theft and Data Leakage
Exploit Lack Of Supervision For Corporate Information Flow
Non-Compliance With Policies Or Regulations (SOX, FISMA, etc)
Lack Of Adequate Controls Or Evidence Collection
In UK, 25 million people’s confidential recors been stoled.
Happened in US before. In percentage, that’s far greater than ever in US.
This is what’s known. What about all those that went without notice.

7. It’s about
your business

8. Today Business Facts
The threat landscape is continuously increasing and growing in complexity
Vendor consolidation and technology convergence is becoming more important
People are the new perimeter
Let’s briefly take a look at our world by discussing some of the facts effecting our connections.
The threat landscape is becoming increasingly dangerous. In the good old days virus writers would write virus to get their name in the paper. Now attacks are all about stealth and making money. For example in June a group of thieves were arrested for stealing credit card information from 45 million customers of TJ Maxx, Marshalls and other TJX Corp. stores. They would use the information to open new cards and launder money via Wal-Mart gift cards. This was all over the course of several years. This would still be happening if the thieves did not get greedy and use too many at the same store.
In addition to this IT professionals like yourselves are having to manage more technologies from a wide variety of vendors with no end in sight.
And don’t look now but Microsoft launched a new client OS earlier this year and will be launching a new server OS this coming year. Think of all the vulnerabilities that will pop up with by implementing these new operating systems.
And last but not least Exchange has become one of the most mission critical applications in business today. Protecting your exchange server and the associated data is critical to the success of your company. Collectively, these challenges mean our connections and network is continually exposed.
Microsoft OS’s: Vista and Server 2008
Exchange is a mission critical application 8 8

9. Corporate Network Is Continually Exposed
Internet Kiosks & Shared Computers
Guests
WANs & Extranets
Change in Threat landscape
Cost for Endpoint security
Complexity Managing Endpoints
Lack of Control
SSL VPN
Consultants
IPsec VPN
Employees Working at Home
Over the last few years, companies have implemented an IT infrastructure allowing them to access network and information from pretty much anywhere any time; Employees now have access to , corporate servers and network resources using home computers, friends computers or using their own laptops from wireless networks in airports, hotel, cafes.
Laptops have taken over desktops in corporate world, allowing more flexibility to employees and increased productivity but these laptops are major concern to companies as they are using unprotected networks and introducing threats in the corporate network when returning from “the wild”.
All this new technology has been great from a business perspective and ability to be more responsive and effective with rapid access to information and better customer service but created holes and opportunities for the hackers and thieves which are now using vulnerabilities from web applications and volatile clients to enter corporate networks and steal confidential information like customer records, financial information, intellectual properties putting business at risk and affecting their brand and reputation.
To protect themselves against these evolving and sophisticated threats, IT managers have started implemented or are in the process of implementing a series of security technologies to protect their endpoints, Initially with AV, then they added one or multiple antispyware solutions, then client firewall and/or some sort of Intrusion Prevention making endpoint security complex and costly to manage and support (multiple consoles, multiple licenses, multiple vendors, multiple agents to update separately, training tech support, etc. Now IT manager realizes that they need incremental security to defend against the evolving threat landscape; they are looking at technologies like Network Access Control, Device Control, additional protection against Zero-day attacks but can’t conceive how they will do it with the existing resources in place. That’s where Symantec is introducing its next generation of endpoint security.
Security is the core aspect of a secure environment, however, it is only one aspect of secure environment.
Wireless Networks
Web Applications 9

10. Business Problems at the Endpoint
Number of Zero Day threats
Endpoint management costs are increasing
Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise
Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources
Complexity is increasing as well
Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming
Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007
(Note that zero-day graphic builds after last text bit)
Infonetics Research
Shows the average annual cost of downtime caused by security attacks.
3 types of security attacks: DOS attacks, client malware, and server malware
Purple is revenue and Blue is Productivity
Small is <100
Medium is – annual cost is $230,000
Large is over $31.26M
When revenue generators are not able use their computer or connect to the network down this impacts the company’s revenue
Measuring both the revenue and their productivity – gives cost
Describe Zero Day threats
Time line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected.
What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k s. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positives
Zero Day Process
1. Vulnerability Discovered
2. Some time later – Exploit released. The clock starts ticking
3. AV vendors write sig
4. hackers get smart and release code closer and closer to the Vuln Disc date
5. We get better with GEB = > Closer
Available in SCS
6. Sometimes 0-day
Exploit found in the wild for a vulnerability never seen before
7. We acquired even better technology that is behavior based – WholeSecurity
Growing number of known and unknown threats
Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more

11. What do these bars signify?11 11

12. Causes of Sensitive Data Loss
The leading causes of sensitive data loss:
User error3
Violations of policy12
Internet threats, attacks and hacks8
In one form or another, human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy - intended, accidental and inadvertent - is responsible for one in every four cases (25 percent). Malicious activity in the form of Internet-based threats, attacks and hacks is responsible for one in every five occurrences.
ITPolicyCompliance.com, “Taking Action to Protect Sensitive Data”, Feb. 2007 12 12

13. As Threat Landscape Changes, Technology Must as Well
From Hackers & Spies…To Thieves
Silent
Overwhelming Variants
Highly Targeted
Few, Named Variants
Indiscriminate
Noisy & Visible
OLD
NEW
[Build through larger graphic]
A few years back, it was well understood that hackers really jut wanted notoriety from there exploits – to gain recognition from their “peers” on creating such impressive “proofs of concept” when it came to viruses.
[Build to show tagline]
However, we have seen a marked shift from this “graffiti” approach to one of stealth, and one of financial gain. Hackers today don’t want to be discovered, they want to attack silently and leave no trace – to steal sensitive information like credit card data, passwords, login info, etc. Simply put, they want to get rich.
Moving from Disrupting Operations To Damaging Trust and Reputations

14. Endpoint Security Challenge

15. Endpoint Security Challenge

16. Endpoint Security Challenge

17. Endpoint Security Challenge

18. Endpoint Security Challenge

19. Endpoint Security Challenge

20. Complete Endpoint Security: Endpoint Protection + Endpoint Compliance
Bots,
Trojan Horses
ID Theft
Viruses
Worms
Unknown Attacks X
Patch Updated
Service Pack Updated
Personal Firewall On
Antivirus Signature Updated
Antivirus On
Status
Endpoint Security Policy
Compliance
Lets read this slide from right to left..
Hamlet produces 2 products … SAV AP and SNAC
SAV AP provides the protection aspect of Endpoint Secuirity. Protection form known and unknown threats.
SNAC provides the compliance aspect of Endpoint Security.
Both will protect endpoint such as laptops, desktops and servers
And Symantec is revolutionizing endpoint security providing this solution in a single agent and a single management console.
What this means is, if a customer buys SAV AP and then decides SNAC, no need to redeploy and SNAC agent, it is dormant. 20

21. Symantec Endpoint Compliance Process
Discover
Endpoint Attaches to Network
Configuration Is Determined
Step 1
Monitor Endpoint to Ensure Ongoing Compliance
Step 4
Enforce
Compliance of Configuration Against Policy Is Checked
Step 2 ü ✗
Monitor
IT Policy
How does this endpoint compliance process work?
[Build Discover] The first step in this process is for the access point to discover the device attempting access.
[Build Enforce] From there, the solution can apply an integrity check to determine if the endpoint is compliant with current security policy.
[Build Remediate] If out of policy, the system can be quarantined, remediated or given federated access to the LAN.
[Build Monitor] Of course, it is also important to have ongoing checks to ensure that, if a security event occurs, that the system can be discovered/remediated at a subsequent time.
[Build Altiris] and with our recent acquisition of Altiris, we also add the ability to patch systems easily from a single vendor. We have had this capability in SNAC for some time now, but with Altiris, we are able to offer an extended remediation zone.
These steps ensure compliance on contact, but also the ability to have an ongoing connection to that endpoint.
Remediate
Take Action Based on Outcome of Policy Check
Step 3
Patch Quarantine Virtual Desktop

22. Symantec Network Access Control
Ensures endpoints are protected and compliant prior to accessing network resources
Choose quarantine, remediation or federated access
Enforce policy before access is granted
Execute updates, programs, services, etc
Limit connection to VLAN, etc
Broadest enforcement options of any vendor
Remote connectivity (IPSec, SSL VPN)
LAN-based, DHCP, Appliance
Standards-based, CNAC, MSNAP
This process is delivered via Symantec Network Access Control. An innovative solution that ensures endpoint compliance, and ensures it through utilizing the broadest array of enforcement options. [Build text] Whether fitting into an existing infrastructure, say Cisco or Microsoft, Symantec gives you Network Access Control capabilities right out of the box. Without the need to upgrade every switch router, server or VPN concentrator to get you there. We work within your environment to get your endpoints compliant in the fastest time.
Pervasive Endpoint Coverage
Unmanaged Guests, Contractors, Home Computers
Central, Scalable, Flexible Policy Management
Distributed servers, redundancy, data base replication, AD integration
Universal enforcement
(W)LAN, IPSec VPN, SSL VPN, Web Portal
Integration with Existing and Emerging Standards
802.1x, Cisco NAC, Microsoft NAP, TCG’s TNC
Automated Remediation Process
No user intervention required
Learning mode and discovery tools 22 22

23. Symantec On-Demand Protection
Layered security technology solution for unmanaged endpoints
Web-based Applications
Thin Client/Server Applications
Traditional Client/Server Applications
Traveling Executives
Public Kiosk
File Share
Partner Extranet
Ideal for use with:
Outlook Web Access (OWA)
Web-enabled applications
Most complete On-Demand security solution
Virtual Desktop
Malicious Code Prevention
Cache Cleaner
Mini personal firewall
Host Integrity
Adaptive Policies
Of course, there is another aspect to ensuring endpoint compliance – the unmanaged endpoint device. As stated before, IT is receiving pressure to open up access to partners, guests, and others. But while IT typically wants to accommodate such requests, the increase in risk to date has been unmanageable. This triggered the need for “on-demand” security – that is, security that could be implemented on demand, regardless of device type, location, browser, etc.
Symantec On-Demand Protection gives IT that extension to the unmanaged device. A simple solution that is ideal for use with web-enabled applications like Outlook Web Access, On-Demand Protection keeps the wandering endpoint from becoming a greater security risk, as they connect to the network. 23 23

24. Today’s Endpoint Problems Addressed by Too Many Technologies…
Client Firewall
O/S Protection
Buffer overflow & exploit protection
Anti crimeware
Device controls
Network IPS
Host integrity & remediation
Protection Technology
Antispyware
Antivirus
Network
Connection
Operating
System
Memory/
Processes
Applications
Worms, exploits & attacks
Viruses, Trojans, malware
& spyware
Malware, Rootkits, day-zero
vulnerabilities
Buffer Overflow, process
injection, key logging
Zero-hour attacks, Malware, Trojans, application injection
I/O Devices
Slurping, IP theft, malware
Endpoint
Exposures
Always on, always up-to- date
Data & File System
One major problem that customers face when determining their endpoint security strategy is trying to decipher what protection technology they need to address which exposures. Honestly, it seems to take a PhD to make sense of this.
Let’s take a look at the exposures that the endpoint is susceptible to – attacks like Viruses, Trojans and worms are typically handled by basic antivirus solutions and some have gone so far to include anti-spyware to handle spyware and adware. As network-based attacks, rootkits, buffer overflows and other types of attacks you can see that additional technologies [Build] have become a necessary addition to the basic malware coverage.

25. …even from Symantec Endpoint Exposures Protection Technology Symantec
Client Firewall
O/S Protection
Buffer overflow & exploit protection
Anti crimeware
Device controls
Network IPS
Host integrity & remediation
Protection Technology
Antispyware
Antivirus
Symantec Confidence Online
Symantec Sygate Enterprise
Protection
Symantec Network Access Control
Symantec
Solution
Symantec AntiVirus
Endpoint
Exposures
Always on, always up-to- date
Zero-hour attacks, Malware, Trojans, application injection
Applications
Slurping, IP theft, malware
I/O Devices
Buffer Overflow, process
injection, key logging
Memory/
Processes
However, even Symantec has addressed these exposures somewhat piecemeal – using multiple products to address this ever-evolving landscape. Symantec offers a variety of solutions to combat this diverse array of attacks and exposures – and quite frankly, customers have told us that we need to make it easier for them to manage all these exposures.
Malware, Rootkits, day-zero
vulnerabilities
Operating
System
Worms, exploits & attacks
Network
Connection
Viruses, Trojans, malware
& spyware
Data & File System

26. Next Generation of Symantec AntiVirus
Single Agent, Single Console
Reduced Cost, Complexity & Risk Exposure
Increased Protection,
Control and Manageability
Results:
Network Access Control
Device Control
Intrusion Prevention
Firewall
Symantec 5 years of strategic planning
Multi million dollars investment in R&D
Multiple company acquired
Putting together best of breed technology and redefining what AntiVirus protection should be and evolving with threat landscape.
End of life Symantec Antivirus and Client Security
No price increase
Providing great opportunities to you and providing value to your customers
Symantec Endpoint Protection 11.0
Symantec Network Access Control 11.0
Antispyware
AntiVirus 26

27. Too good to be true?
Questions in mind?

28. Single Agent, Small Footprint
Symantec
Endpoint
Protection 11.0
Competitive Products A B ● ◔ ○
75 MB
Maximizes System Resources
SNAC-ready
Easy to deploy ● ○ ○
50 MB ● ◔ ○ ● ◔ ◔
Single Agent
24 MB ● ● ● ● ● ● 28

29. Average of 80% reduction in memory usage requirements
Dispelling Myths
Symantec Endpoint Protection Component Processes in Memory
Baseline Memory Usage
Smc.exe
8,464 kb
SmcGui.exe
5,640 kb
ccSvcHost.exe
5,532 kb
RtvScan.exe
2,936 kb
ccApp.exe
0,746 kb
Total
24,218 kb
We have identified two reasons why competitors and some partners and SEs doubt our claim in memory consumption.
1) Right after installation, Symantec Endpoint Protection will scan the machine and download the latest patterns/definitions. During this time, the memory consumption is higher. If a tester tries to validate our numbers right after the installation he/she will get distorted figures.
2) Symantec uses the advanced memory optimization features offered by Windows XP, 2003 Server and Vista. These features are not available in Windows While the reduction in memory consumption is considerable it is not as high as in the current versions of Windows. If a tester tries to validate our numbers on Windows 2000 Workstation or Windows 2000 Server he will not see same reduction.
Average of 80% reduction in memory usage requirements 29 29

30. What IS an AGENT? The Symantec definition of an Agent
AV-AS-FW-IPS-DC-NAC
Server/Console
Network
Client
Looking at Symantec single agent; we’ve already seen our competitors starting to claim they have a single agent as well; when in reality, their definition of agent is different than ours.
Symantec’s agent includes all the security functions and requires a single update for all technologies.
Our competitors claim having one agent talking to the server, that is true; but in addition, they have multiple pieces of software for each technology; all of them requiring individual updates and their management console also need individual updates making it very difficult and costly to manages their solution.
Lets see what our beta customers are saying about Symantec Endpoint Protection.
The competition defines an Agent as…
Each requires updates, deployment, reporting AV AS FW
Agent
IPS DC
Server/Console
Network
Client
NAC
Endpoint Security 30 30

31. Preliminary Beta Customer Value Data
Single console
Customers who participated reduced man-hours by 75%
Security Related Reporting
One customer expects to save 97% of the man hours on weekly security related reporting
Application Control
One customer:
anticipates a 50% reduction in calls to the support center
and the avoidance of re-imaging over 100 PCs per week
Recovering over 600 man hours a week from analyst and technicians’ time. 
Another:
anticipates recovering over $2.0 million from network outages caused by un-authorized peer to peer applications
Controlled beta conducted the Alchemy Solutions Group from April – September “Value Delivery Research” available soon, in October 2007.
Single console
Ability to manage complete IT Security Operations from a single console with zero latent visibility to the endpoint will reduce the current state man hours an average of 75% for those customers who participated
Security Related Reporting
One customer expects to save 97% of the man hours on weekly security related reporting.
Application Control
One customer anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 pc’s per week as a result of deploying Application Control.
Recovering over 600 man hours a week from analyst and technicians’ time. 
Network outages caused by un-authorized peer to peer applications is costing one customer over $2.0 million annually. -- limiting access to only approved applications at the endpoint and will be a key enabler in recovering this avoidable expense.  
End User -Self Diagnostics
Empowering the user community to safely manage mundane desk top security related issues will reduce calls to the help desk by at least 60% for those customers who participated

32. Ingredients for Endpoint Protection
Antivirus
World’s leading AV solution
Most (33) consecutive VB100 Awards
Symantec:
Submitted all supported environments for analysis since Nov ′99
ONLY vendor to obtain 33 consecutive VB100 Awards
AV - a market leader – 31consecutive VB100 passing grades
Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level.
1. Installed without user’s knowledge
2. Gains admin or system-level privileges
3. Hides from detection / buries deep within the operating system
4. Used as a method to circumvent existing security tools and/or measures (optional point)
FW – Leader in Gartner” s Magic Quadrant for Managed Firewall– Gartner is now creating a Endpoint Security Magic Quadrant for 2007
Symantec Proactive threat Scan, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives.
Generic Signature: Uses one generic signature to block all exploits [change Generic Signatures "Vulnerability Protection". Supports the GEB positioning as best protection for Vulnerability attacks]
Device Control
NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have a very flexible implementation options
Antivirus 32

33. Ingredients for Endpoint Protection
Antispyware
Best rootkit detection and removal
VxMS engine = superior Rootkit protection
AV - a market leader – 31 consecutive Vb100 passes
Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level.
1. Installed without user’s knowledge
2. Gains admin or system-level privileges
3. Hides from detection / buries deep within the operating system
4. Used as a method to circumvent existing security tools and/or measures (optional point)
FW – Leader in Gartner” s Magic Quadrant for Managed Firewall– Gartner is now creating a Endpoint Security Magic Quadrant for 2007
Proactive Threat Scan, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives.
Generic Signature: Uses one generic signature to block all exploits [change Generic Signatures "Vulnerability Protection". Supports the GEB positioning as best protection for Vulnerability attacks]
Device Control
NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have a very flexible implementation options
Antispyware
Antivirus
Source: Thompson Cyber Security Labs, August 2006 33

34. Ingredients for Endpoint Protection
Firewall
Industry-leading endpoint firewall technology
Gartner MQ “Leader” – 4 consecutive years
Rules based FW can dynamically adjust port settings to block threats from spreading
Firewall
AV - a market leader – 30 consecutive Vb100 passes
Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level.
1. Installed without user’s knowledge
2. Gains admin or system-level privileges
3. Hides from detection / buries deep within the operating system
4. Used as a method to circumvent existing security tools and/or measures (optional point)
FW – Leader in Gartner” s Magic Quadrant for Managed Firewall– Gartner is now creating a Endpoint Security Magic Quadrant for 2007
Symantec Proactive Threat Protection technology, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or worrying about of false positives.
Generic Signature: Uses one generic signature to block all exploits [change Generic Signatures "Vulnerability Protection". Supports the GEB positioning as best protection for Vulnerability attacks]
Device Control
NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have a very flexible implementation options
Antispyware
Antivirus 34

35. Ingredients for Endpoint Protection
Intrusion Prevention
Combines NIPS (network) and HIPS (host)
Proactive Threat Scan
Generic Exploit Blocking (GEB)
One signature to proactively protect against all variants
Granular application access control
Intrusion Prevention
Firewall
The dirty little secret of IPS. False Positive rates. One reason why customers deploy IDS but not IPS.
Describe Zero Day threats
Time line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected.
What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k s. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positives
Zero Day Process
1. Vulnerability Discovered
2. Some time later – Exploit released. The clock starts ticking
3. AV vendors write sig
4. hackers get smart and release code closer and closer to the Vuln Disc date
5. We get better with GEB = > Closer
Available in SCS
6. Sometimes 0-day
Exploit found in the wild for a vulnerability never seen before
7. We acquired even better technology that is behavior based – WholeSecurity
Antispyware
Antivirus 35

36. Intrusion Prevention System (IPS) Combined technologies offer best defense
Intrusion Prevention (IPS)
The key thing to understand is that not all Intrusion Prevention is the same. Most vendors will claim that they have it, but may only have one aspect of it.
We realized that we needed to deliver IPS in two flavors – Network-based and Host-based. The simple difference being NIPS looks at network traffic to and from the system, and host-based looks at application and system behaviors to provide greater protection. We introduced several technologies separately in this space, and now we are bringing them together to increase protection.
[Greater detail is self-explanatory – walk them through each of the features listed under each category.]
(N)IPS
Network IPS
(H)IPS
Host IPS
Vulnerability-based (Sigs for vulnerability)
Generic Exploit Blocking
Behavior-based (Whole Security)
Proactive Threat Scan
Signature–based (Can create custom sigs, SNORT-like)
Deep packet inspection
Rules-based (System lockdown by controlling an application’s ability
to read, write, execute
and network connections)
Application Control 36

37. Proactive Threat Scan
Detects 1,000 threats/month not detected by top 5 leading antivirus engines
6 months testing with Norton consumer technology
Very low false positive rate (0.004%)
Only 40 FP for every 1M computers
No set up or configuration required 37

38. Ingredients for Endpoint Protection
Device Control
Device Control
Prevents data loss (slurping), social engineering
Restrict Access to devices (USB keys, CD-RW drives)
W32.SillyFDC (May 2007)
Intrusion Prevention
Firewall
W32.SillyFDC
Targets removable memory sticks
Spreads by copying itself onto removable drives such as USB memory sticks
Automatically runs when the device is next connected to a computer
Yet another benefit of the Sygate acquisition was that we gained the ability to protect from attacks and data leakage that occurs through the use (or abuse) of I/O devices such as USB memory keys, media players, etc.
Story of ‘Tiger Attach’ to Savings and Loan Company via 20 USB “keys” – 15 retrieved, 8 inserted in machines – got password and login data, etc.
One recent example of an attack using this method was “W32.SillyFDC” which used a USB key as the means to deposit a Trojan horse onto a system.
With our technology, you can determine which of these devices have write access to the system, and even what data can be written to the I/O device. We do it by Device Class ID, offering many possibilities on how to create different policies based on device type.
We can restrict autorun option too.
Antispyware
Antivirus 38 38

39. Solution for Endpoint Compliance
Network Access Control
Network Access Control
Device Control
Network access control – ready
Agent is included, no extra agent deployment
Simply license SNAC when you wish
Intrusion Prevention
Firewall
Antispyware
Antivirus 39

40. Redefining Antivirus Protection
Required Endpoint
Technologies
Symantec
Endpoint
Protection 11.0
Competitive Products A B C
Network Access Control * ● ◔ ○ ○
Device Control ● ○ ○ ○
Intrusion Prevention ● ◔ ○ ○
Firewall ●
Single Agent ◔ ◔ ◒
Antispyware ● ● ● ●
Antivirus ● ● ● ●
* Same agent, separate license 40

41. Symantec Endpoint Protection
Unmatched Protection
Symantec Endpoint Protection
Secure
Simple
Seamless
Unmatched combination of technologies
Much more than antivirus
Backed by the industry standard Symantec Global Intelligence Network
Single agent
Single console
Single license
Single support program
Fits into your network
Easily configurable, use only what you need
Combines essential Protection and compliance functions
Symantec Endpoint Protection is Secure, Simple & Seamless. The unmatched combination of endpoint protection technologies, improved Client and administrator UI and seamless integration with Network Access Control gives customers the ability to gain unprecedented control over their endpoints. 41 41

42. New Client User Interface
Client User Interface (UI)
Client UI focused on ease-of-use for end-users
Enable users to quickly view settings and navigate
The improvements in the UI will help with client education. This will ultimately reduce helpdesk calls as users have greater visibility into the status of their individual system security. Of course, the Client UI can be hidden from the user and is configurable by the admin (show/not show)
Green is GOOD. Red is BAD.  42 42

43. New Console & Reporting
Comprehensive Reporting
50+ canned reports
Customizable Dashboard
Monitors
Comprehensive Reporting
Sample reports built and customizable
Now integrated with Active Directory!
Risk reports
Infected and at Risk Computers
Risk Detection Action Summary
Risk Detection Count
New Risks Detected in the Network
Top Risk Detections Correlation
Risk Distribution Summary
Risk Distribution Over Time
Comprehensive Risk Report
Proactive Threat Detection Results
Proactive Threat Distribution
Proactive Threat Detection Over Time
Action Summary for Top 10 Risks
Number of Notifications
Weekly Outbreaks
Audit
Policies Used
Behavioral Blocking –
Top 10 Groups with Most Alerted Behavioral Logs
Top 10 Targeted Blocks
Top 10 Devices Blocked
Compliance
Network Compliance Status
Compliance Status
Clients by Compliance Failure Summary
Compliance Failure Details
Non-compliant Clients by Connection Type
Computer Status
Virus Definition Distribution
Computers not Checked in to Server
Symantec Endpoint Security Product Versions
Intrusion Prevention Signature Distribution
Clients by Memory, Processor, and OS
Client Online Status
Clients with Latest Policy
Client Hardware information by Group
Security Status Summary
Proactive Protection Content Versions

44. Enterprise Grade Management Console
Role Based access
Hierarchical views
Integration with Active Directory
More eye candy.

45. Flexible Deployment Options
Complete Endpoint Security Solution
Comprehensive Endpoint Protection deployment
Network Access Control
Device Control
Device Control
Standard deployment
Firewall
Firewall
Intrusion Prevention*
Intrusion Prevention
Intrusion Prevention
One thing that we haven’t mentioned so far is the fact that all the various security functions can be enabled or disabled as needed.
Some of you may see benefits in the advanced technology of SEP but not ready to activate them right away.
“Out of the box”, the software can be installed with hardly any configuration or set up enabling AV-AS and taking advantage of the Generic Exploit Blocking and Proactive Threat Scan which require little to get running. Right away, customers will benefits from advanced threat protection from unknown threats while simplifying management and increasing performance. In 6-12 months or whenever ready, additional components like Device control or firewall can be configured.
Obviously, for those ready for more complete endpoint security solution, all the modules including network access control (licensed separately) can be activated at once.
Important to mention that only ONE deployment happens, then it’s a matter of updating policies and enabling desired functions.
Antispyware
Antispyware
Antispyware
Antivirus
Antivirus
Antivirus
Security Functions enabled as needed

46. Intelligent Client Install
Install Tool Options: SMS, Manual, SEPM install tools
Symantec Endpoint Protection v 11.0
Symantec Endpoint Protection v 11.0
Symantec Endpoint Protection v 11.0
Symantec Endpoint Protection v 11.0
Symantec Endpoint Protection v 11.0
Symantec Endpoint Protection v 11.0
Symantec Endpoint Protection v 11.0
Overinstall
Overinstall
Overinstall
Overinstall
Overinstall
Overinstall
Overinstall
This example show how the new agent will install on top of existing Symantec agents
SAV SAV SAV SCS SCS SEP SPA 5.1

47. Compliment Security with Management
Symantec
Endpoint Protection
Integrated Component
Streamline migrations
Initiate scans or agent health tasks
Dashboards integrate security and operational information
Altiris
Software Delivery
Suite
Apply Patches
Ensure software is installed and stays installed
Report machines not connecting
Identify missing hard-drives
Altiris
Client Management
Suite
Policy-based software delivery
Application Management
Software Virtualization
Patch Management
Backup and Recovery
Application Usage
Remote Control
Symantec Endpoint Protection Integrated Component is a free solution.
Streamline client migrations
Initiate scans or agent health tasks from within the Altiris console
Dashboards integrate security and operational information
Altiris Software Delivery Suite is a subset of Client Management Suite.
Apply Patches quickly and easily
Ensure that required software is installed and stays installed
Report machines not connecting to the environment for a certain number of days
Identify missing hard-drives from corporate managed machines
Altiris Client Management Suite offers customers even more ways to save time and money through easy to use management of endpoints.
Policy-based software delivery
Application Management
Software Virtualization
Patch Management
Backup and Recovery
Application Usage
Remote Control

48. Migration Made Easy – Replace, Deploy, Configure
Deployment & Uninstall
Deploy and Configure with Altiris CMS
Uninstall, run other tasks, i.e., backup
When looking to deploy an upgrade to Symantec Endpoint Protection 11.0 it gets really easy using Altiris Client Management Suite. Customers can combine several tasks into the rollout, including backup, uninstalling other security software and deploying & configuring the client.

49. Migration Assistance online
An extensive set of tools and resources is made available to customer using this website.
Services: Education/Training services, Consulting Services and Support Services and Remote Expert Installation Services
Tools: Online guides and tutorials, wizards, policy mapping tools
Software deployment options: Integrates with Altiris endpoint management solutions to make it easier to distribute software packages, migrate older Symantec AntiVirus or other antivirus packages and view new agent rollout status and activity. Note: Symantec Endpoint Protection 11.0 can also be deployed through other software deployment tools, such as Tivoli, SMS and HP OpenView

50. Redefining Endpoint Security
Symantec Endpoint Security
Solution
Endpoint Protection
Endpoint Compliance
Endpoint Protection proactively protects laptops, desktops and servers from known and unknown malware such as viruses, worms, Trojans, spyware, adware and rootkits by combining these capabilities:
Antivirus
Antispyware
Desktop firewall
Intrusion Prevention (Host & Network)
Device & Application Control
Endpoint Compliance securely controls entry into networks
Ongoing endpoint integrity checking
Centralized endpoint compliance policy management
Automated remediation
Host based enforcement of access policies
Monitor and report
System configuration checking, remediation & enforcement
Definition
But moving beyond today, I wanted to illustrate the depth of our Endpoint Security product line. We’ve taken great strides to simplify our offerings, while also ensuring broad coverage for a diverse array of devices, such as mobile devices, critical servers and unmanaged systems.
Complete Endpoint Security is comprised of two areas: Endpoint Protection and Endpoint Compliance. Symantec has the best and most complete offering in the market, and customers trust us to continually deliver the most innovative, high-quality solutions.
Symantec Endpoint Protection
Symantec Network Access Control 11.0
Also available in a Starter Edition
* SNAC-ready out of the box
Key Products
Symantec Mobile Security
Symantec Critical System Protection
Symantec On-Demand Protection (for OWA & Web Apps)
Other Products

51. Symantec Global Intelligence Network
4 Symantec SOCs
74 Symantec Monitored Countries +
40,000+ Registered Sensors in 180+ Countries + +
8 Symantec Security Response Centers
>6,200 Managed Security Devices +
Advanced Honeypot Network
120 Million Systems Worldwide
30% of World’s Traffic
200,000 malware submissions per month
Millions of security alerts per month
Millions of threat reports per month
Hundreds of MSS customers
Redwood City, CA
Santa Monica, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, India
Taipei, Taiwan
Tokyo, Japan
Twyford, England
Munich, Germany
Alexandria, VA
Sydney, Australia
Six key international locations
Santa Monica, Calif. (Response headquarters)
American Fork, Utah
Sydney, Australia
Calgary, Canada
Dublin, Ireland
Tokyo, Japan
Worldwide sensor network from DeepSight
180 countries
>20,000 sensors
AV submissions from 120,000,000 customers
This is a powerful slide as it illustrates how Symantec offers the most complete information on threats from around the world to the media. It’s a great visual of how strong Symantec’s information and expertise it. You should be sure to explain what “18,000 sensors in 180 countries” exactly means and how we can watch what is happening around the Internet.
You may also want to add that Symantec’s Managed Security Services also adds another view of the Internet.
Global technical support
Springfield, Oregon
Toronto, Canada

52. For More Information… www.symantec.com/endpointsecurity
Remember to visit us online – this site is your single source for information on our new products. Check it out at:
And make sure you try out the beta – you will love it!

53. Thank You! www.symantec.com
Bulent Teksoz
+971 (4)
Copyright © 2007 Symantec Corporation. All rights reserved.  Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.