Download presentation
Presentation is loading. Please wait.
1
Symantec Support Number
2
Revolutionizing Endpoint Security
Bulent Teksoz, Principal Systems Engineer Middle East and North Africa December 4, 2007
3
Agenda Security 2.0 1 What this is all about 2 Announcing… 3
A Complete Enterprise Security Solution 4 Migration plans 5
4
Security 2.0 New technologies are changing the way we communicate
Businesses are sharing information across their extended enterprises and engaging in more complex electronic interactions New technologies are also introducing new security risks No longer focused on just the device – it’s about the information and interactions Phishing, ID theft, malicious users and non-compliance are all risks Must keep the threats out, and ensure the information stays inside Symantec is bringing together an ecosystem of products, services and partners that help create a safe and connected world Symantec’s mission is to deliver solutions that protect customers’ connected experiences In September 2006 we held the Security 2.0 event. What was this about? All about changing landspace of security. Even in the market, you see major players getting in the security field.
5
stopped giving out personal information stopped paying bills online
Security 2.0: The Facts fear of eavesdropping fear of online fraud 53% 14% stopped giving out personal information stopped paying bills online Fear.. We know what happends when you give in the fear. Badguys win. Sources: Gartner; Cyber Security Industry Alliance, June 2005
6
Protecting Information
External Threats Such As Viruses, Spyware & Crimeware Exploiting System Vulnerabilities Internal Threats Such As Data Theft and Data Leakage Exploit Lack Of Supervision For Corporate Information Flow Non-Compliance With Policies Or Regulations (SOX, FISMA, etc) Lack Of Adequate Controls Or Evidence Collection In UK, 25 million people’s confidential recors been stoled. Happened in US before. In percentage, that’s far greater than ever in US. This is what’s known. What about all those that went without notice.
7
It’s about your business
8
Today Business Facts The threat landscape is continuously increasing and growing in complexity Vendor consolidation and technology convergence is becoming more important People are the new perimeter Let’s briefly take a look at our world by discussing some of the facts effecting our connections. The threat landscape is becoming increasingly dangerous. In the good old days virus writers would write virus to get their name in the paper. Now attacks are all about stealth and making money. For example in June a group of thieves were arrested for stealing credit card information from 45 million customers of TJ Maxx, Marshalls and other TJX Corp. stores. They would use the information to open new cards and launder money via Wal-Mart gift cards. This was all over the course of several years. This would still be happening if the thieves did not get greedy and use too many at the same store. In addition to this IT professionals like yourselves are having to manage more technologies from a wide variety of vendors with no end in sight. And don’t look now but Microsoft launched a new client OS earlier this year and will be launching a new server OS this coming year. Think of all the vulnerabilities that will pop up with by implementing these new operating systems. And last but not least Exchange has become one of the most mission critical applications in business today. Protecting your exchange server and the associated data is critical to the success of your company. Collectively, these challenges mean our connections and network is continually exposed. Microsoft OS’s: Vista and Server 2008 Exchange is a mission critical application 8 8
9
Corporate Network Is Continually Exposed
Internet Kiosks & Shared Computers Guests WANs & Extranets Change in Threat landscape Cost for Endpoint security Complexity Managing Endpoints Lack of Control SSL VPN Consultants IPsec VPN Employees Working at Home Over the last few years, companies have implemented an IT infrastructure allowing them to access network and information from pretty much anywhere any time; Employees now have access to , corporate servers and network resources using home computers, friends computers or using their own laptops from wireless networks in airports, hotel, cafes. Laptops have taken over desktops in corporate world, allowing more flexibility to employees and increased productivity but these laptops are major concern to companies as they are using unprotected networks and introducing threats in the corporate network when returning from “the wild”. All this new technology has been great from a business perspective and ability to be more responsive and effective with rapid access to information and better customer service but created holes and opportunities for the hackers and thieves which are now using vulnerabilities from web applications and volatile clients to enter corporate networks and steal confidential information like customer records, financial information, intellectual properties putting business at risk and affecting their brand and reputation. To protect themselves against these evolving and sophisticated threats, IT managers have started implemented or are in the process of implementing a series of security technologies to protect their endpoints, Initially with AV, then they added one or multiple antispyware solutions, then client firewall and/or some sort of Intrusion Prevention making endpoint security complex and costly to manage and support (multiple consoles, multiple licenses, multiple vendors, multiple agents to update separately, training tech support, etc. Now IT manager realizes that they need incremental security to defend against the evolving threat landscape; they are looking at technologies like Network Access Control, Device Control, additional protection against Zero-day attacks but can’t conceive how they will do it with the existing resources in place. That’s where Symantec is introducing its next generation of endpoint security. Security is the core aspect of a secure environment, however, it is only one aspect of secure environment. Wireless Networks Web Applications 9
10
Business Problems at the Endpoint
Number of Zero Day threats Endpoint management costs are increasing Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources Complexity is increasing as well Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007 (Note that zero-day graphic builds after last text bit) Infonetics Research Shows the average annual cost of downtime caused by security attacks. 3 types of security attacks: DOS attacks, client malware, and server malware Purple is revenue and Blue is Productivity Small is <100 Medium is – annual cost is $230,000 Large is over $31.26M When revenue generators are not able use their computer or connect to the network down this impacts the company’s revenue Measuring both the revenue and their productivity – gives cost Describe Zero Day threats Time line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected. What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k s. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positives Zero Day Process 1. Vulnerability Discovered 2. Some time later – Exploit released. The clock starts ticking 3. AV vendors write sig 4. hackers get smart and release code closer and closer to the Vuln Disc date 5. We get better with GEB = > Closer Available in SCS 6. Sometimes 0-day Exploit found in the wild for a vulnerability never seen before 7. We acquired even better technology that is behavior based – WholeSecurity Growing number of known and unknown threats Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more
11
What do these bars signify?
11 11
12
Causes of Sensitive Data Loss
The leading causes of sensitive data loss: User error3 Violations of policy12 Internet threats, attacks and hacks8 In one form or another, human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy - intended, accidental and inadvertent - is responsible for one in every four cases (25 percent). Malicious activity in the form of Internet-based threats, attacks and hacks is responsible for one in every five occurrences. ITPolicyCompliance.com, “Taking Action to Protect Sensitive Data”, Feb. 2007 12 12
13
As Threat Landscape Changes, Technology Must as Well
From Hackers & Spies…To Thieves Silent Overwhelming Variants Highly Targeted Few, Named Variants Indiscriminate Noisy & Visible OLD NEW [Build through larger graphic] A few years back, it was well understood that hackers really jut wanted notoriety from there exploits – to gain recognition from their “peers” on creating such impressive “proofs of concept” when it came to viruses. [Build to show tagline] However, we have seen a marked shift from this “graffiti” approach to one of stealth, and one of financial gain. Hackers today don’t want to be discovered, they want to attack silently and leave no trace – to steal sensitive information like credit card data, passwords, login info, etc. Simply put, they want to get rich. Moving from Disrupting Operations To Damaging Trust and Reputations
14
Endpoint Security Challenge
15
Endpoint Security Challenge
16
Endpoint Security Challenge
17
Endpoint Security Challenge
18
Endpoint Security Challenge
19
Endpoint Security Challenge
20
Complete Endpoint Security: Endpoint Protection + Endpoint Compliance
Bots, Trojan Horses ID Theft Viruses Worms Unknown Attacks X Patch Updated Service Pack Updated Personal Firewall On Antivirus Signature Updated Antivirus On Status Endpoint Security Policy Compliance Lets read this slide from right to left.. Hamlet produces 2 products … SAV AP and SNAC SAV AP provides the protection aspect of Endpoint Secuirity. Protection form known and unknown threats. SNAC provides the compliance aspect of Endpoint Security. Both will protect endpoint such as laptops, desktops and servers And Symantec is revolutionizing endpoint security providing this solution in a single agent and a single management console. What this means is, if a customer buys SAV AP and then decides SNAC, no need to redeploy and SNAC agent, it is dormant. 20
21
Symantec Endpoint Compliance Process
Discover Endpoint Attaches to Network Configuration Is Determined Step 1 Monitor Endpoint to Ensure Ongoing Compliance Step 4 Enforce Compliance of Configuration Against Policy Is Checked Step 2 ü ✗ Monitor IT Policy How does this endpoint compliance process work? [Build Discover] The first step in this process is for the access point to discover the device attempting access. [Build Enforce] From there, the solution can apply an integrity check to determine if the endpoint is compliant with current security policy. [Build Remediate] If out of policy, the system can be quarantined, remediated or given federated access to the LAN. [Build Monitor] Of course, it is also important to have ongoing checks to ensure that, if a security event occurs, that the system can be discovered/remediated at a subsequent time. [Build Altiris] and with our recent acquisition of Altiris, we also add the ability to patch systems easily from a single vendor. We have had this capability in SNAC for some time now, but with Altiris, we are able to offer an extended remediation zone. These steps ensure compliance on contact, but also the ability to have an ongoing connection to that endpoint. Remediate Take Action Based on Outcome of Policy Check Step 3 Patch Quarantine Virtual Desktop
22
Symantec Network Access Control
Ensures endpoints are protected and compliant prior to accessing network resources Choose quarantine, remediation or federated access Enforce policy before access is granted Execute updates, programs, services, etc Limit connection to VLAN, etc Broadest enforcement options of any vendor Remote connectivity (IPSec, SSL VPN) LAN-based, DHCP, Appliance Standards-based, CNAC, MSNAP This process is delivered via Symantec Network Access Control. An innovative solution that ensures endpoint compliance, and ensures it through utilizing the broadest array of enforcement options. [Build text] Whether fitting into an existing infrastructure, say Cisco or Microsoft, Symantec gives you Network Access Control capabilities right out of the box. Without the need to upgrade every switch router, server or VPN concentrator to get you there. We work within your environment to get your endpoints compliant in the fastest time. Pervasive Endpoint Coverage Unmanaged Guests, Contractors, Home Computers Central, Scalable, Flexible Policy Management Distributed servers, redundancy, data base replication, AD integration Universal enforcement (W)LAN, IPSec VPN, SSL VPN, Web Portal Integration with Existing and Emerging Standards 802.1x, Cisco NAC, Microsoft NAP, TCG’s TNC Automated Remediation Process No user intervention required Learning mode and discovery tools 22 22
23
Symantec On-Demand Protection
Layered security technology solution for unmanaged endpoints Web-based Applications Thin Client/Server Applications Traditional Client/Server Applications Traveling Executives Public Kiosk File Share Partner Extranet Ideal for use with: Outlook Web Access (OWA) Web-enabled applications Most complete On-Demand security solution Virtual Desktop Malicious Code Prevention Cache Cleaner Mini personal firewall Host Integrity Adaptive Policies Of course, there is another aspect to ensuring endpoint compliance – the unmanaged endpoint device. As stated before, IT is receiving pressure to open up access to partners, guests, and others. But while IT typically wants to accommodate such requests, the increase in risk to date has been unmanageable. This triggered the need for “on-demand” security – that is, security that could be implemented on demand, regardless of device type, location, browser, etc. Symantec On-Demand Protection gives IT that extension to the unmanaged device. A simple solution that is ideal for use with web-enabled applications like Outlook Web Access, On-Demand Protection keeps the wandering endpoint from becoming a greater security risk, as they connect to the network. 23 23
24
Today’s Endpoint Problems Addressed by Too Many Technologies…
Client Firewall O/S Protection Buffer overflow & exploit protection Anti crimeware Device controls Network IPS Host integrity & remediation Protection Technology Antispyware Antivirus Network Connection Operating System Memory/ Processes Applications Worms, exploits & attacks Viruses, Trojans, malware & spyware Malware, Rootkits, day-zero vulnerabilities Buffer Overflow, process injection, key logging Zero-hour attacks, Malware, Trojans, application injection I/O Devices Slurping, IP theft, malware Endpoint Exposures Always on, always up-to- date Data & File System One major problem that customers face when determining their endpoint security strategy is trying to decipher what protection technology they need to address which exposures. Honestly, it seems to take a PhD to make sense of this. Let’s take a look at the exposures that the endpoint is susceptible to – attacks like Viruses, Trojans and worms are typically handled by basic antivirus solutions and some have gone so far to include anti-spyware to handle spyware and adware. As network-based attacks, rootkits, buffer overflows and other types of attacks you can see that additional technologies [Build] have become a necessary addition to the basic malware coverage.
25
…even from Symantec Endpoint Exposures Protection Technology Symantec
Client Firewall O/S Protection Buffer overflow & exploit protection Anti crimeware Device controls Network IPS Host integrity & remediation Protection Technology Antispyware Antivirus Symantec Confidence Online Symantec Sygate Enterprise Protection Symantec Network Access Control Symantec Solution Symantec AntiVirus Endpoint Exposures Always on, always up-to- date Zero-hour attacks, Malware, Trojans, application injection Applications Slurping, IP theft, malware I/O Devices Buffer Overflow, process injection, key logging Memory/ Processes However, even Symantec has addressed these exposures somewhat piecemeal – using multiple products to address this ever-evolving landscape. Symantec offers a variety of solutions to combat this diverse array of attacks and exposures – and quite frankly, customers have told us that we need to make it easier for them to manage all these exposures. Malware, Rootkits, day-zero vulnerabilities Operating System Worms, exploits & attacks Network Connection Viruses, Trojans, malware & spyware Data & File System
26
Next Generation of Symantec AntiVirus
Single Agent, Single Console Reduced Cost, Complexity & Risk Exposure Increased Protection, Control and Manageability Results: Network Access Control Device Control Intrusion Prevention Firewall Symantec 5 years of strategic planning Multi million dollars investment in R&D Multiple company acquired Putting together best of breed technology and redefining what AntiVirus protection should be and evolving with threat landscape. End of life Symantec Antivirus and Client Security No price increase Providing great opportunities to you and providing value to your customers Symantec Endpoint Protection 11.0 Symantec Network Access Control 11.0 Antispyware AntiVirus 26
27
Too good to be true? Questions in mind?
28
Single Agent, Small Footprint
Symantec Endpoint Protection 11.0 Competitive Products A B ● ◔ ○ 75 MB Maximizes System Resources SNAC-ready Easy to deploy ● ○ ○ 50 MB ● ◔ ○ ● ◔ ◔ Single Agent 24 MB ● ● ● ● ● ● 28
29
Average of 80% reduction in memory usage requirements
Dispelling Myths Symantec Endpoint Protection Component Processes in Memory Baseline Memory Usage Smc.exe 8,464 kb SmcGui.exe 5,640 kb ccSvcHost.exe 5,532 kb RtvScan.exe 2,936 kb ccApp.exe 0,746 kb Total 24,218 kb We have identified two reasons why competitors and some partners and SEs doubt our claim in memory consumption. 1) Right after installation, Symantec Endpoint Protection will scan the machine and download the latest patterns/definitions. During this time, the memory consumption is higher. If a tester tries to validate our numbers right after the installation he/she will get distorted figures. 2) Symantec uses the advanced memory optimization features offered by Windows XP, 2003 Server and Vista. These features are not available in Windows While the reduction in memory consumption is considerable it is not as high as in the current versions of Windows. If a tester tries to validate our numbers on Windows 2000 Workstation or Windows 2000 Server he will not see same reduction. Average of 80% reduction in memory usage requirements 29 29
30
What IS an AGENT? The Symantec definition of an Agent
AV-AS-FW-IPS-DC-NAC Server/Console Network Client Looking at Symantec single agent; we’ve already seen our competitors starting to claim they have a single agent as well; when in reality, their definition of agent is different than ours. Symantec’s agent includes all the security functions and requires a single update for all technologies. Our competitors claim having one agent talking to the server, that is true; but in addition, they have multiple pieces of software for each technology; all of them requiring individual updates and their management console also need individual updates making it very difficult and costly to manages their solution. Lets see what our beta customers are saying about Symantec Endpoint Protection. The competition defines an Agent as… Each requires updates, deployment, reporting AV AS FW Agent IPS DC Server/Console Network Client NAC Endpoint Security 30 30
31
Preliminary Beta Customer Value Data
Single console Customers who participated reduced man-hours by 75% Security Related Reporting One customer expects to save 97% of the man hours on weekly security related reporting Application Control One customer: anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 PCs per week Recovering over 600 man hours a week from analyst and technicians’ time. Another: anticipates recovering over $2.0 million from network outages caused by un-authorized peer to peer applications Controlled beta conducted the Alchemy Solutions Group from April – September “Value Delivery Research” available soon, in October 2007. Single console Ability to manage complete IT Security Operations from a single console with zero latent visibility to the endpoint will reduce the current state man hours an average of 75% for those customers who participated Security Related Reporting One customer expects to save 97% of the man hours on weekly security related reporting. Application Control One customer anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 pc’s per week as a result of deploying Application Control. Recovering over 600 man hours a week from analyst and technicians’ time. Network outages caused by un-authorized peer to peer applications is costing one customer over $2.0 million annually. -- limiting access to only approved applications at the endpoint and will be a key enabler in recovering this avoidable expense. End User -Self Diagnostics Empowering the user community to safely manage mundane desk top security related issues will reduce calls to the help desk by at least 60% for those customers who participated
32
Ingredients for Endpoint Protection
Antivirus World’s leading AV solution Most (33) consecutive VB100 Awards Symantec: Submitted all supported environments for analysis since Nov ′99 ONLY vendor to obtain 33 consecutive VB100 Awards AV - a market leader – 31consecutive VB100 passing grades Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level. 1. Installed without user’s knowledge 2. Gains admin or system-level privileges 3. Hides from detection / buries deep within the operating system 4. Used as a method to circumvent existing security tools and/or measures (optional point) FW – Leader in Gartner” s Magic Quadrant for Managed Firewall– Gartner is now creating a Endpoint Security Magic Quadrant for 2007 Symantec Proactive threat Scan, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives. Generic Signature: Uses one generic signature to block all exploits [change Generic Signatures "Vulnerability Protection". Supports the GEB positioning as best protection for Vulnerability attacks] Device Control NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have a very flexible implementation options Antivirus 32
33
Ingredients for Endpoint Protection
Antispyware Best rootkit detection and removal VxMS engine = superior Rootkit protection AV - a market leader – 31 consecutive Vb100 passes Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level. 1. Installed without user’s knowledge 2. Gains admin or system-level privileges 3. Hides from detection / buries deep within the operating system 4. Used as a method to circumvent existing security tools and/or measures (optional point) FW – Leader in Gartner” s Magic Quadrant for Managed Firewall– Gartner is now creating a Endpoint Security Magic Quadrant for 2007 Proactive Threat Scan, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives. Generic Signature: Uses one generic signature to block all exploits [change Generic Signatures "Vulnerability Protection". Supports the GEB positioning as best protection for Vulnerability attacks] Device Control NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have a very flexible implementation options Antispyware Antivirus Source: Thompson Cyber Security Labs, August 2006 33
34
Ingredients for Endpoint Protection
Firewall Industry-leading endpoint firewall technology Gartner MQ “Leader” – 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading Firewall AV - a market leader – 30 consecutive Vb100 passes Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level. 1. Installed without user’s knowledge 2. Gains admin or system-level privileges 3. Hides from detection / buries deep within the operating system 4. Used as a method to circumvent existing security tools and/or measures (optional point) FW – Leader in Gartner” s Magic Quadrant for Managed Firewall– Gartner is now creating a Endpoint Security Magic Quadrant for 2007 Symantec Proactive Threat Protection technology, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or worrying about of false positives. Generic Signature: Uses one generic signature to block all exploits [change Generic Signatures "Vulnerability Protection". Supports the GEB positioning as best protection for Vulnerability attacks] Device Control NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have a very flexible implementation options Antispyware Antivirus 34
35
Ingredients for Endpoint Protection
Intrusion Prevention Combines NIPS (network) and HIPS (host) Proactive Threat Scan Generic Exploit Blocking (GEB) One signature to proactively protect against all variants Granular application access control Intrusion Prevention Firewall The dirty little secret of IPS. False Positive rates. One reason why customers deploy IDS but not IPS. Describe Zero Day threats Time line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected. What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k s. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positives Zero Day Process 1. Vulnerability Discovered 2. Some time later – Exploit released. The clock starts ticking 3. AV vendors write sig 4. hackers get smart and release code closer and closer to the Vuln Disc date 5. We get better with GEB = > Closer Available in SCS 6. Sometimes 0-day Exploit found in the wild for a vulnerability never seen before 7. We acquired even better technology that is behavior based – WholeSecurity Antispyware Antivirus 35
36
Intrusion Prevention System (IPS) Combined technologies offer best defense
Intrusion Prevention (IPS) The key thing to understand is that not all Intrusion Prevention is the same. Most vendors will claim that they have it, but may only have one aspect of it. We realized that we needed to deliver IPS in two flavors – Network-based and Host-based. The simple difference being NIPS looks at network traffic to and from the system, and host-based looks at application and system behaviors to provide greater protection. We introduced several technologies separately in this space, and now we are bringing them together to increase protection. [Greater detail is self-explanatory – walk them through each of the features listed under each category.] (N)IPS Network IPS (H)IPS Host IPS Vulnerability-based (Sigs for vulnerability) Generic Exploit Blocking Behavior-based (Whole Security) Proactive Threat Scan Signature–based (Can create custom sigs, SNORT-like) Deep packet inspection Rules-based (System lockdown by controlling an application’s ability to read, write, execute and network connections) Application Control 36
37
Proactive Threat Scan Detects 1,000 threats/month not detected by top 5 leading antivirus engines 6 months testing with Norton consumer technology Very low false positive rate (0.004%) Only 40 FP for every 1M computers No set up or configuration required 37
38
Ingredients for Endpoint Protection
Device Control Device Control Prevents data loss (slurping), social engineering Restrict Access to devices (USB keys, CD-RW drives) W32.SillyFDC (May 2007) Intrusion Prevention Firewall W32.SillyFDC Targets removable memory sticks Spreads by copying itself onto removable drives such as USB memory sticks Automatically runs when the device is next connected to a computer Yet another benefit of the Sygate acquisition was that we gained the ability to protect from attacks and data leakage that occurs through the use (or abuse) of I/O devices such as USB memory keys, media players, etc. Story of ‘Tiger Attach’ to Savings and Loan Company via 20 USB “keys” – 15 retrieved, 8 inserted in machines – got password and login data, etc. One recent example of an attack using this method was “W32.SillyFDC” which used a USB key as the means to deposit a Trojan horse onto a system. With our technology, you can determine which of these devices have write access to the system, and even what data can be written to the I/O device. We do it by Device Class ID, offering many possibilities on how to create different policies based on device type. We can restrict autorun option too. Antispyware Antivirus 38 38
39
Solution for Endpoint Compliance
Network Access Control Network Access Control Device Control Network access control – ready Agent is included, no extra agent deployment Simply license SNAC when you wish Intrusion Prevention Firewall Antispyware Antivirus 39
40
Redefining Antivirus Protection
Required Endpoint Technologies Symantec Endpoint Protection 11.0 Competitive Products A B C Network Access Control * ● ◔ ○ ○ Device Control ● ○ ○ ○ Intrusion Prevention ● ◔ ○ ○ Firewall ● Single Agent ◔ ◔ ◒ Antispyware ● ● ● ● Antivirus ● ● ● ● * Same agent, separate license 40
41
Symantec Endpoint Protection
Unmatched Protection Symantec Endpoint Protection Secure Simple Seamless Unmatched combination of technologies Much more than antivirus Backed by the industry standard Symantec Global Intelligence Network Single agent Single console Single license Single support program Fits into your network Easily configurable, use only what you need Combines essential Protection and compliance functions Symantec Endpoint Protection is Secure, Simple & Seamless. The unmatched combination of endpoint protection technologies, improved Client and administrator UI and seamless integration with Network Access Control gives customers the ability to gain unprecedented control over their endpoints. 41 41
42
New Client User Interface
Client User Interface (UI) Client UI focused on ease-of-use for end-users Enable users to quickly view settings and navigate The improvements in the UI will help with client education. This will ultimately reduce helpdesk calls as users have greater visibility into the status of their individual system security. Of course, the Client UI can be hidden from the user and is configurable by the admin (show/not show) Green is GOOD. Red is BAD. 42 42
43
New Console & Reporting
Comprehensive Reporting 50+ canned reports Customizable Dashboard Monitors Comprehensive Reporting Sample reports built and customizable Now integrated with Active Directory! Risk reports Infected and at Risk Computers Risk Detection Action Summary Risk Detection Count New Risks Detected in the Network Top Risk Detections Correlation Risk Distribution Summary Risk Distribution Over Time Comprehensive Risk Report Proactive Threat Detection Results Proactive Threat Distribution Proactive Threat Detection Over Time Action Summary for Top 10 Risks Number of Notifications Weekly Outbreaks Audit Policies Used Behavioral Blocking – Top 10 Groups with Most Alerted Behavioral Logs Top 10 Targeted Blocks Top 10 Devices Blocked Compliance Network Compliance Status Compliance Status Clients by Compliance Failure Summary Compliance Failure Details Non-compliant Clients by Connection Type Computer Status Virus Definition Distribution Computers not Checked in to Server Symantec Endpoint Security Product Versions Intrusion Prevention Signature Distribution Clients by Memory, Processor, and OS Client Online Status Clients with Latest Policy Client Hardware information by Group Security Status Summary Proactive Protection Content Versions
44
Enterprise Grade Management Console
Role Based access Hierarchical views Integration with Active Directory More eye candy.
45
Flexible Deployment Options
Complete Endpoint Security Solution Comprehensive Endpoint Protection deployment Network Access Control Device Control Device Control Standard deployment Firewall Firewall Intrusion Prevention* Intrusion Prevention Intrusion Prevention One thing that we haven’t mentioned so far is the fact that all the various security functions can be enabled or disabled as needed. Some of you may see benefits in the advanced technology of SEP but not ready to activate them right away. “Out of the box”, the software can be installed with hardly any configuration or set up enabling AV-AS and taking advantage of the Generic Exploit Blocking and Proactive Threat Scan which require little to get running. Right away, customers will benefits from advanced threat protection from unknown threats while simplifying management and increasing performance. In 6-12 months or whenever ready, additional components like Device control or firewall can be configured. Obviously, for those ready for more complete endpoint security solution, all the modules including network access control (licensed separately) can be activated at once. Important to mention that only ONE deployment happens, then it’s a matter of updating policies and enabling desired functions. Antispyware Antispyware Antispyware Antivirus Antivirus Antivirus Security Functions enabled as needed
46
Intelligent Client Install
Install Tool Options: SMS, Manual, SEPM install tools Symantec Endpoint Protection v 11.0 Symantec Endpoint Protection v 11.0 Symantec Endpoint Protection v 11.0 Symantec Endpoint Protection v 11.0 Symantec Endpoint Protection v 11.0 Symantec Endpoint Protection v 11.0 Symantec Endpoint Protection v 11.0 Overinstall Overinstall Overinstall Overinstall Overinstall Overinstall Overinstall This example show how the new agent will install on top of existing Symantec agents SAV SAV SAV SCS SCS SEP SPA 5.1
47
Compliment Security with Management
Symantec Endpoint Protection Integrated Component Streamline migrations Initiate scans or agent health tasks Dashboards integrate security and operational information Altiris Software Delivery Suite Apply Patches Ensure software is installed and stays installed Report machines not connecting Identify missing hard-drives Altiris Client Management Suite Policy-based software delivery Application Management Software Virtualization Patch Management Backup and Recovery Application Usage Remote Control Symantec Endpoint Protection Integrated Component is a free solution. Streamline client migrations Initiate scans or agent health tasks from within the Altiris console Dashboards integrate security and operational information Altiris Software Delivery Suite is a subset of Client Management Suite. Apply Patches quickly and easily Ensure that required software is installed and stays installed Report machines not connecting to the environment for a certain number of days Identify missing hard-drives from corporate managed machines Altiris Client Management Suite offers customers even more ways to save time and money through easy to use management of endpoints. Policy-based software delivery Application Management Software Virtualization Patch Management Backup and Recovery Application Usage Remote Control
48
Migration Made Easy – Replace, Deploy, Configure
Deployment & Uninstall Deploy and Configure with Altiris CMS Uninstall, run other tasks, i.e., backup When looking to deploy an upgrade to Symantec Endpoint Protection 11.0 it gets really easy using Altiris Client Management Suite. Customers can combine several tasks into the rollout, including backup, uninstalling other security software and deploying & configuring the client.
49
Migration Assistance online
An extensive set of tools and resources is made available to customer using this website. Services: Education/Training services, Consulting Services and Support Services and Remote Expert Installation Services Tools: Online guides and tutorials, wizards, policy mapping tools Software deployment options: Integrates with Altiris endpoint management solutions to make it easier to distribute software packages, migrate older Symantec AntiVirus or other antivirus packages and view new agent rollout status and activity. Note: Symantec Endpoint Protection 11.0 can also be deployed through other software deployment tools, such as Tivoli, SMS and HP OpenView
50
Redefining Endpoint Security
Symantec Endpoint Security Solution Endpoint Protection Endpoint Compliance Endpoint Protection proactively protects laptops, desktops and servers from known and unknown malware such as viruses, worms, Trojans, spyware, adware and rootkits by combining these capabilities: Antivirus Antispyware Desktop firewall Intrusion Prevention (Host & Network) Device & Application Control Endpoint Compliance securely controls entry into networks Ongoing endpoint integrity checking Centralized endpoint compliance policy management Automated remediation Host based enforcement of access policies Monitor and report System configuration checking, remediation & enforcement Definition But moving beyond today, I wanted to illustrate the depth of our Endpoint Security product line. We’ve taken great strides to simplify our offerings, while also ensuring broad coverage for a diverse array of devices, such as mobile devices, critical servers and unmanaged systems. Complete Endpoint Security is comprised of two areas: Endpoint Protection and Endpoint Compliance. Symantec has the best and most complete offering in the market, and customers trust us to continually deliver the most innovative, high-quality solutions. Symantec Endpoint Protection Symantec Network Access Control 11.0 Also available in a Starter Edition * SNAC-ready out of the box Key Products Symantec Mobile Security Symantec Critical System Protection Symantec On-Demand Protection (for OWA & Web Apps) Other Products
51
Symantec Global Intelligence Network
4 Symantec SOCs 74 Symantec Monitored Countries + 40,000+ Registered Sensors in 180+ Countries + + 8 Symantec Security Response Centers >6,200 Managed Security Devices + Advanced Honeypot Network 120 Million Systems Worldwide 30% of World’s Traffic 200,000 malware submissions per month Millions of security alerts per month Millions of threat reports per month Hundreds of MSS customers Redwood City, CA Santa Monica, CA Calgary, Canada San Francisco, CA Dublin, Ireland Pune, India Taipei, Taiwan Tokyo, Japan Twyford, England Munich, Germany Alexandria, VA Sydney, Australia Six key international locations Santa Monica, Calif. (Response headquarters) American Fork, Utah Sydney, Australia Calgary, Canada Dublin, Ireland Tokyo, Japan Worldwide sensor network from DeepSight 180 countries >20,000 sensors AV submissions from 120,000,000 customers This is a powerful slide as it illustrates how Symantec offers the most complete information on threats from around the world to the media. It’s a great visual of how strong Symantec’s information and expertise it. You should be sure to explain what “18,000 sensors in 180 countries” exactly means and how we can watch what is happening around the Internet. You may also want to add that Symantec’s Managed Security Services also adds another view of the Internet. Global technical support Springfield, Oregon Toronto, Canada
52
For More Information… www.symantec.com/endpointsecurity
Remember to visit us online – this site is your single source for information on our new products. Check it out at: And make sure you try out the beta – you will love it!
53
Thank You! www.symantec.com
Bulent Teksoz +971 (4) Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.