2 Agenda Security 2.0 1 Trends at the Corporate Endpoint 2 Announcing… 3 A Complete Enterprise Security Solution4Call to Action!5
3 Security 2.0 New technologies are changing the way we communicate Businesses are sharing information across their extended enterprises and engaging in more complex electronic interactionsNew technologies are also introducing new security risksNo longer focused on just the device – it’s about the information and interactionsPhishing, ID theft, malicious users and non-compliance are all risksMust keep the threats out, and ensure the information stays insideSymantec is bringing together an ecosystem of products, services and partners that help create a safe and connected worldSymantec’s mission is to deliver solutions that protect customers’ connected experiencesIn September 2006 we held the Security 2.0 event. What was this about? We were busy managing the communication around the merger of Veritas and Symantec and we wanted to make sure that the market knew that we are the leaders – and Security 2.0 was a Visionary thing for the market to know that we are the thought leaders here.There is a new wave of threats coming and we are ahead of it. JWT likes to say we are happy to see MS involvement in the security market – though they seem to be solving yesterday’s problems.
4 stopped giving out personal information stopped paying bills online Security 2.0: The Factsfear of eavesdroppingfear of online fraud53%14%stopped giving out personal informationstopped paying bills onlineSources: Gartner; Cyber Security Industry Alliance, June 2005
5 Protecting Information External Threats Such As Viruses, Spyware & CrimewareExploiting System VulnerabilitiesInternal Threats Such As Data Theft and Data LeakageExploit Lack Of Supervision For Corporate Information FlowNon-Compliance With Policies Or Regulations (SOX, FISMA, etc)Lack Of Adequate Controls Or Evidence CollectionProtecting information, but from what?You probably know us as the company that protects computer systems and data from “bad stuff” – that is external threats like viruses, spyware, etc. But more and more these days, we are seeing the threat of the *insider.* A threat that takes the traditional notion of Trust and challenges it. What if an employee, with lots of administrative privileges, is trusted one day, but is about to resign? How do you stop that trusted employee from doing “untrustworthy” things? I’ll also talk to you about how we can help you with compliance – mostly on the security compliance side, but also show you how we help with overall IT compliance.
6 Endpoint Security & Information Foundation Provides A Real Time Defense Against Malicious ActivityInformation Risk ManagementSo, today, I’ll introduce you to our Enterprise Security framework – a way of thinking about your security strategy holistically, in three layers that help you tackle the management of risk and the challenges around compliance.[Build]First, the Endpoint Security layer. Consider this the bare minimum of systems that most organizations must procure and employ to manage the flow of information through the enterprise. In most cases, regardless of size, customers have varying types of clients, servers, app servers, servers, file servers and databases. And we employ basic security tools to keep those systems protected, such as antivirus. The idea being to build a solid security foundation by securing the endpoint.Well, most customers have also gotten very good at making information available to end users, whether through transparent access to messaging systems, file servers or databases, the flow of information is at an unprecedented level due to advances in IT. [Build] This additional layer, Information Security, is where the organizations critical assets really lie. And so, the challenges in protecting that information from all kinds of risks have increased as well.Endpoint SecurityCell PhoneLaptopDesktopFile ServerApplication ServerMessaging ServerDatabase Server
7 A Complete Enterprise Security Strategy Security ManagementPolicy ManagementVulnerability ManagementInformation ManagementEvent & Log Managementi!Information Risk Management[Build 3 times]Finally, all this information must be managed – from everyday IT policies to terabytes of events and system logs, the need for intelligent tools to manage these increasing volumes of data have increased as well. Customers are crying out for a way to make sense of the data, and to help them take action on correlated data throughout the enterprise – this layer of Security Management helps our customers make sense of the data, manage the information and get ahead of regulation, all managed by Policy in a unified and simplified fashion.Endpoint SecurityCell PhoneLaptopDesktopFile ServerApplication ServerMessaging ServerDatabase Server
9 Business Problems at the Endpoint Number of Zero Day threatsEndpoint management costs are increasingCost of downtime impacts both productivity and revenue, productivity hit largest in enterpriseCosts to acquire, manage and administer point products are increasing, as well as the demand on system resourcesComplexity is increasing as wellComplexity and man power to manage disparate endpoint protection technologies are inefficient and time consumingSource: Infonetics Research - The Cost of Network Security Attacks: North America 2007(Note that zero-day graphic builds after last text bit)Infonetics ResearchShows the average annual cost of downtime caused by security attacks.3 types of security attacks: DOS attacks, client malware, and server malwarePurple is revenue and Blue is ProductivitySmall is <100Medium is – annual cost is $230,000Large is over $31.26MWhen revenue generators are not able use their computer or connect to the network down this impacts the company’s revenueMeasuring both the revenue and their productivity – gives costDescribe Zero Day threatsTime line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected.What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k s. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positivesZero Day Process1. Vulnerability Discovered2. Some time later – Exploit released. The clock starts ticking3. AV vendors write sig4. hackers get smart and release code closer and closer to the Vuln Disc date5. We get better with GEB = > CloserAvailable in SCS6. Sometimes 0-dayExploit found in the wild for a vulnerability never seen before7. We acquired even better technology that is behavior based – WholeSecurityGrowing number of known and unknown threatsStealth-based and silent attacks are increasing, so there is a need for antivirus to do much more
11 Causes of Sensitive Data Loss The leading causes of sensitive data loss:User error3Violations of policy12Internet threats, attacks and hacks8In one form or another, human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy - intended, accidental and inadvertent - is responsible for one in every four cases (25 percent). Malicious activity in the form of Internet-based threats, attacks and hacks is responsible for one in every five occurrences.ITPolicyCompliance.com, “Taking Action to Protect Sensitive Data”, Feb. 20071111
12 As Threat Landscape Changes, Technology Must as Well From Hackers & Spies…To ThievesSilentOverwhelming VariantsHighly TargetedFew, Named VariantsIndiscriminateNoisy & VisibleOLDNEW[Build through larger graphic]A few years back, it was well understood that hackers really jut wanted notoriety from there exploits – to gain recognition from their “peers” on creating such impressive “proofs of concept” when it came to viruses.[Build to show tagline]However, we have seen a marked shift from this “graffiti” approach to one of stealth, and one of financial gain. Hackers today don’t want to be discovered, they want to attack silently and leave no trace – to steal sensitive information like credit card data, passwords, login info, etc. Simply put, they want to get rich.Moving from Disrupting Operations To Damaging Trust and Reputations
13 Protection From External Malicious Threats Protection Starts At The Corporate EndpointBroad Range Of Client Devices : Laptop, Desktop, Cell PhoneBroad Range Of Threats : Virus, Worms, Spyware … CrimewareCrimewareSpywareWormVirusAs I stated before, you probably know Symantec from our history in protecting customers from “bad stuff” happening to their computers. Like viruses, worms, spyware and the like. We know from experience that protection starts at the corporate endpoint. Whether a cell phone, a laptop or a desktop system, these client systems require increased protection today more than ever. We’ve seen an evolution in how hackers have modified their wares – as such Symantec has responded in kind. We’ve pioneered technologies and methods to counter these changing hacker tactics – but let me tell you what we’ve seen recently.Windows SmartphoneSymbian DeviceLaptop PCDesktop PC1313
14 Is Endpoint Protection Enough Protection? “What Are The Most Common Sources Of Automated Internet Worm Attacks ?”43%Employee Laptop39%Internet Through Firewall34%Non-Employee Laptop27%VPN Home SystemAs we shored up our resources on fighting the evolving hacker threat, we also saw the market need for greater control. Note that many of the threats getting into the corporate network are coming from machines that IT thought they had covered. Perimeter firewall, VPN, and then interestingly enough, *non-employee laptops.* Huh? How could that happen?It’s quite simple – employees have a desire to do business with more and more partners every day, whether guests in a conference room, temp workers, contractors, etc – some customers report allowing internet access to those “unmanaged devices.” Not that you would allow such a thing. ;-)8%Don’t Know8%OtherSource: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
15 Endpoint Security Policy The Need for Complete Endpoint Security: Endpoint Protection + Endpoint ComplianceWormsUnknown AttacksID TheftVirusesProtectionPatch UpdatedService Pack UpdatedPersonal Firewall OnAntivirus Signature UpdatedAntivirus OnComplianceEndpoint Security PolicyStatus[Build Protection]Most customers know us for our Endpoint Protection – essentially keeping the bad stuff out.[Build Compliance] But, part of what customers now need to ensure the overall health of their network, is endpoint compliance.
16 Symantec Endpoint Compliance Process DiscoverEndpoint Attaches to NetworkConfiguration Is DeterminedStep 1Monitor Endpoint to Ensure Ongoing ComplianceStep 4EnforceCompliance of Configuration Against Policy Is CheckedStep 2ü✗MonitorIT PolicyHow does this endpoint compliance process work?[Build Discover] The first step in this process is for the access point to discover the device attempting access.[Build Enforce] From there, the solution can apply an integrity check to determine if the endpoint is compliant with current security policy.[Build Remediate] If out of policy, the system can be quarantined, remediated or given federated access to the LAN.[Build Monitor] Of course, it is also important to have ongoing checks to ensure that, if a security event occurs, that the system can be discovered/remediated at a subsequent time.[Build Altiris] and with our recent acquisition of Altiris, we also add the ability to patch systems easily from a single vendor. We have had this capability in SNAC for some time now, but with Altiris, we are able to offer an extended remediation zone.These steps ensure compliance on contact, but also the ability to have an ongoing connection to that endpoint.RemediateTake Action Based on Outcome of Policy CheckStep 3Patch Quarantine Virtual Desktop
17 Symantec Network Access Control Ensures endpoints are protected and compliant prior to accessing network resourcesChoose quarantine, remediation or federated accessEnforce policy before access is grantedExecute updates, programs, services, etcLimit connection to VLAN, etcBroadest enforcement options of any vendorRemote connectivity (IPSec, SSL VPN)LAN-based, DHCP, ApplianceStandards-based, CNAC, MSNAPThis process is delivered via Symantec Network Access Control. An innovative solution that ensures endpoint compliance, and ensures it through utilizing the broadest array of enforcement options. [Build text] Whether fitting into an existing infrastructure, say Cisco or Microsoft, Symantec gives you Network Access Control capabilities right out of the box. Without the need to upgrade every switch router, server or VPN concentrator to get you there. We work within your environment to get your endpoints compliant in the fastest time.Pervasive Endpoint CoverageUnmanaged Guests, Contractors, Home ComputersCentral, Scalable, Flexible Policy ManagementDistributed servers, redundancy, data base replication, AD integrationUniversal enforcement(W)LAN, IPSec VPN, SSL VPN, Web PortalIntegration with Existing and Emerging Standards802.1x, Cisco NAC, Microsoft NAP, TCG’s TNCAutomated Remediation ProcessNo user intervention requiredLearning mode and discovery tools1717
18 Symantec On-Demand Protection Layered security technology solution for unmanaged endpointsWeb-based ApplicationsThin Client/Server ApplicationsTraditional Client/Server ApplicationsTraveling ExecutivesPublic KioskFile SharePartner ExtranetIdeal for use with:Outlook Web Access (OWA)Web-enabled applicationsMost complete On-Demand security solutionVirtual DesktopMalicious Code PreventionCache CleanerMini personal firewallHost IntegrityAdaptive PoliciesOf course, there is another aspect to ensuring endpoint compliance – the unmanaged endpoint device. As stated before, IT is receiving pressure to open up access to partners, guests, and others. But while IT typically wants to accommodate such requests, the increase in risk to date has been unmanageable. This triggered the need for “on-demand” security – that is, security that could be implemented on demand, regardless of device type, location, browser, etc.Symantec On-Demand Protection gives IT that extension to the unmanaged device. A simple solution that is ideal for use with web-enabled applications like Outlook Web Access, On-Demand Protection keeps the wandering endpoint from becoming a greater security risk, as they connect to the network.1818
19 Network Access Control + On-Demand Protection Complete endpoint compliance regardless of network access methodManaged Devices: laptops, mobile phonesUnmanaged Devices: Guest, contractor, partners, kiosksOWAKioskPartnerTempThe combination of Symantec Network Access Control and Symantec On-Demand Protection allows IT to provide unprecedented service levels, through granting access to more devices and extended user communities than ever before. It also gives IT greater control over the endpoint, ensuring that they are compliant with policy at every turn.[Note that user types have been reflected in first build: guest. Temp worker, OWA, etc]Windows SmartphoneSymbian DeviceLaptop PCDesktop PC1919
20 Today’s Endpoint Problems Addressed by Too Many Technologies… Client FirewallO/S ProtectionBuffer overflow & exploit protectionAnti crimewareDevice controlsNetwork IPSHost integrity & remediationProtection TechnologyAntispywareAntivirusNetworkConnectionOperatingSystemMemory/ProcessesApplicationsWorms, exploits & attacksViruses, Trojans, malware& spywareMalware, Rootkits, day-zerovulnerabilitiesBuffer Overflow, processinjection, key loggingZero-hour attacks, Malware, Trojans, application injectionI/O DevicesSlurping, IP theft, malwareEndpointExposuresAlways on, always up-to- dateData & File SystemOne major problem that customers face when determining their endpoint security strategy is trying to decipher what protection technology they need to address which exposures. Honestly, it seems to take a PhD to make sense of this.Let’s take a look at the exposures that the endpoint is susceptible to – attacks like Viruses, Trojans and worms are typically handled by basic antivirus solutions and some have gone so far to include anti-spyware to handle spyware and adware. As network-based attacks, rootkits, buffer overflows and other types of attacks you can see that additional technologies [Build] have become a necessary addition to the basic malware coverage.
21 …even from Symantec Endpoint Exposures Protection Technology Symantec Client FirewallO/S ProtectionBuffer overflow & exploit protectionAnti crimewareDevice controlsNetwork IPSHost integrity & remediationProtection TechnologyAntispywareAntivirusSymantec Confidence OnlineSymantec Sygate EnterpriseProtectionSymantec Network Access ControlSymantecSolutionSymantec AntiVirusEndpointExposuresAlways on, always up-to- dateZero-hour attacks, Malware, Trojans, application injectionApplicationsSlurping, IP theft, malwareI/O DevicesBuffer Overflow, processinjection, key loggingMemory/ProcessesHowever, even Symantec has addressed these exposures somewhat piecemeal – using multiple products to address this ever-evolving landscape. Symantec offers a variety of solutions to combat this diverse array of attacks and exposures – and quite frankly, customers have told us that we need to make it easier for them to manage all these exposures.Malware, Rootkits, day-zerovulnerabilitiesOperatingSystemWorms, exploits & attacksNetworkConnectionViruses, Trojans, malware& spywareData & File System
22 Ingredients for Endpoint Protection AntiVirusWorlds leading AV solutionMost (33) consecutive VB100 AwardsVirus Bulletin – Aug 2007So what are we doing about it? Well, we determined that we needed to build a better mousetrap, and that we had the best ingredients to make it happen in a single solution.We started with the world’s leading antivirus solution. Our track record speaks for itself – 30 consecutive Virus Bulletin 100% certifications – and as of April 2007, 31 consecutive passes. No other vendor has this track record of success.In addition, we have won many awards as noted on the right side here, consistently.Antivirus
23 Ingredients for Endpoint Protection AntispywareBest rootkit detection and removalRaw Disk Scan (VxMS) = superior rootkit protectionSource: Thompson Cyber Security Labs, August 2006As for spyware, one of the best things that came out of the Veritas merger was that we gained access to incredibly fast and effective scanning technology from the Backup side of the business – this technology, called “Raw Disk Scan” is already in our Consumer line of products, and catches the most Rootkits – more than any other vendor. Take a look at Microsoft in this chart – once touted as the “best” anti-spyware, the “Giant” software they acquired and subsequently included in Vista (and XP SP2), has proved ineffective at catching Rootkits.Further detail:Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level.1. Installed without user’s knowledge2. Gains admin or system-level privileges3. Hides from detection / buries deep within the operating system4. Used as a method to circumvent existing security tools and/or measures (optional point)AntispywareAntivirus
24 Ingredients for Endpoint Protection FirewallIndustry leading endpoint firewall technologyGartner MQ “Leader” – 4 consecutive yearsRules based FW can dynamically adjust port settings to block threats from spreadingFirewallAnother great thing was acquiring Sygate in October of Gartner has raved about their managed firewall capability for 4 consecutive years. Not only is it effective technology, but it is extremely light and streamlined, so we based our next-generation architecture on it. The rules-based firewall is a dynamic solution, adjusting to protect the network from threats as they attempt to spread.AntispywareAntivirus
25 Ingredients for Endpoint Protection Intrusion PreventionCombines NIPS (network) and HIPS (host)Generic Exploit Blocking (GEB) – one signature to proactively protect against all variantsGranular application access controlProactive Threat Scan (TruScanTM) - Very low (0.004%) false positive rateDetects 1,000 new threats/month - not detected by leading av enginesIntrusion PreventionFirewall25M InstallationsOnly 50 False Positivesfor every 1 Million PC’sWhen we looked at Intrusion Prevention, we realized that we needed to combine layers for IPS to be truly effective. In Symantec Client Security, we introduced Generic Exploit Blocking – an innovative way to protect against variants and polymorphism, with a single “vulnerability-based” signature. But what we realized was that we need to address Zero-day attacks in a truly “signature-less” fashion. Around the same time we acquired Sygate, we also acquired a small company called Whole Security. Their technology is heuristic based, and fine-tunes itself to reduce false positives that heuristics are prone to. We introduced this in the Consumer products, and the success has been overwhelming – as illustrated in the slide.Further detail:Symantec SONAR Technology, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives.Based on an installed base of over 25 million users, our behavior-based technology has proven to be extremely accurate and effective. We have found that since its deployment, this proactive technology has detected approximately 1,000 new threats per month that were not yet detected by any of the leading antivirus engines. Moreover, it does this with an incredibly low false positive rate of only % (less than 50 for every 1 Million users).AntispywareAntivirus2525
26 Intrusion Prevention (IPS) Intrusion Prevention System (IPS) Combined technologies offer best defenseIntrusion Prevention (IPS)The key thing to understand is that not all Intrusion Prevention is the same. Most vendors will claim that they have it, but may only have one aspect of it.We realized that we needed to deliver IPS in two flavors – Network-based and Host-based. The simple difference being NIPS looks at network traffic to and from the system, and host-based looks at application and system behaviors to provide greater protection. We introduced several technologies separately in this space, and now we are bringing them together to increase protection.[Greater detail is self-explanatory – walk them through each of the features listed under each category.](N)IPSNetwork IPS(H)IPSHost IPSGeneric Exploit BlockingVulnerability-based (Sigs for vulnerability)Proactive Threat ScanBehavior-based (Whole Security – TruScanTM)Deep packet inspectionSignature–based (Can create custom sigs, SNORT-like)Application ControlRules-based (System lockdown by controlling an application’s ability to read, write, execute and network connections)
27 Ingredients for Endpoint Protection Device ControlPrevents data leakageRestrict Access to devices (USB keys, Back-up drives)W32.SillyFDC (May 2007)Device ControlIntrusion Preventiontargets removable memory sticksspreads by copying itself onto removable drives such as USB memory sticksW32.SillyFDCautomatically runs when the device is next connected to a computerFirewallYet another benefit of the Sygate acquisition was that we gained the ability to protect from attacks and data leakage that occurs through the use (or abuse) of I/O devices such as USB memory keys, media players, etc.One recent example of an attack using this method was “W32.SillyFDC” which used a USB key as the means to deposit a Trojan horse onto a system.With our technology, you can determine which of these devices have write access to the system, and even what data can be written to the I/O device. We do it by Device Class ID, offering many possibilities on how to create different policies based on device type.AntispywareAntivirus
28 Ingredients for Endpoint Compliance Network Access ControlNetwork Access ControlNetwork access control – readyAgent is included, no extra agent deploymentSimply license SNAC EnforcementDevice ControlIntrusion PreventionFirewallMost IT professionals are familiar with or considering Network Access Control (or NAC) in their environment. With Sygate, we gained the industry’s most flexible NAC solution. We fit into the customer’s environment, we don’t force the customer to change around us.With the most enforcement options available, we have managed to carve out a great spot for us in the market here, in fact winning several awards in addition to some very large customer accounts.(NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have very flexible implementation options)AntispywareAntivirus
29 Network Access Control Introducing…Network Access ControlSymantec Network Access Control 11.0Symantec Endpoint Protection 11.0Device ControlIntrusion PreventionFirewallAnd now, my big announcement – I’d like to introduce “Symantec Endpoint Protection 11.0” and the next version of SNAC, “Symantec Network Access Control 11.0.” We are taking all these essential ingredients and combining them into a single agent, managed from a single console. This solution is the result of years of development and integration, combining the most essential protection and compliance technologies into a single centrally-managed solution.AntispywareAntivirus
30 Single Agent, Single Console Results:Symantec Network Access Control 11.0Symantec Endpoint Protection 11.0Reduced Cost, Complexity & Risk ExposureIncreased Protection, Control & ManageabilityThe result to the customer is Increased Protection, Control and Manageability with Reduced Cost, Complexity and Exposure.
31 Beta Customer Value Data Single consoleCustomers who participated reduced man-hours by 75%Security Related ReportingOne customer expects to save 97% of the man hours on weekly security related reportingApplication ControlOne customer:anticipates a 50% reduction in calls to the support centerand the avoidance of re-imaging over 100 PCs per weekRecovering over 600 man hours a week from analyst and technicians’ time. Another:anticipates recovering over $2.0 million from network outages caused by un-authorized peer to peer applicationsControlled beta conducted the Alchemy Solutions Group from April – September “Value Delivery Research” available soon, in October 2007.Single consoleAbility to manage complete IT Security Operations from a single console with zero latent visibility to the endpoint will reduce the current state man hours an average of 75% for those customers who participatedSecurity Related ReportingOne customer expects to save 97% of the man hours on weekly security related reporting.Application ControlOne customer anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 pc’s per week as a result of deploying Application Control.Recovering over 600 man hours a week from analyst and technicians’ time. Network outages caused by un-authorized peer to peer applications is costing one customer over $2.0 million annually. -- limiting access to only approved applications at the endpoint and will be a key enabler in recovering this avoidable expense. End User -Self DiagnosticsEmpowering the user community to safely manage mundane desk top security related issues will reduce calls to the help desk by at least 60% for those customers who participated
32 Memory Footprint Comparison (using final shipping product) Baseline Memory UsageSymantec AntiVirus Corporate Edition62 MBSymantec Client Security129 MBSymantec AntiVirus + Symantec Sygate Enterprise Protection72 MBMcAfee Total Protection SMB71 MBTrend Micro OfficeScan Client/Server50 MBSymantec Endpoint Protection 11.024 MB![Make sure you are in Slide show mode – the “????” disappear after a mouse click]So how do we lower cost?We are lowering costs through reduced number of products to manage, and reduced memory usageWith this reduction, we are seeing an average of over 80% reduction in memory usageMicrosoft Forefront Client Security is not on here since their offering is only AV, and AS (which runs at around 20MB), with some future Firewall manageability; adding third-party IPS and Device control puts it well above the 21MB indicated for SYMC Endpoint Protection 11.0How did we manage to add more technology and still reduce from 129MB to 21MB usage.? What did we do? SAV and Consumer share a lot of code (all the engines.) The engine teams (STG) focused a lot on minimizing memory requirements in the consumer 07 releases. We are seeing a lot of the benefits of the new slimmer versions of the engines and common code.Similar to the work done by the engine teams, we made improvements to our own components to optimize their use of memory.Sygate’s FW is much smaller than the consumer/SCS FW.WholeSecurity was already very tiny.Task Manager 21-25MBPerf Mon will show more like 40MB????Average of 80% reduction in memory usage requirements3232
33 Average of 80% reduction in memory usage requirements Dispelling MythsSymantec Endpoint Protection Component Processes in MemoryBaseline Memory UsageSmc.exe8,464 kbSmcGui.exe5,640 kbccSvcHost.exe5,532 kbRtvScan.exe2,936 kbccApp.exe0,746 kbTotal24,218 kbWe have identified two reasons why competitors and some partners and SEs doubt our claim in memory consumption.1) Right after installation, Symantec Endpoint Protection will scan the machine and download the latest patterns/definitions. During this time, the memory consumption is higher. If a tester tries to validate our numbers right after the installation he/she will get distorted figures.2) Symantec uses the advanced memory optimization features offered by Windows XP, 2003 Server and Vista. These features are not available in Windows While the reduction in memory consumption is considerable it is not as high as in the current versions of Windows. If a tester tries to validate our numbers on Windows 2000 Workstation or Windows 2000 Server he will not see same reduction.Average of 80% reduction in memory usage requirements3333
34 Symantec Endpoint Protection Unmatched ProtectionSymantec Endpoint ProtectionSecureSimpleSeamlessUnmatched combination of technologiesMuch more than antivirusBacked by the industry standard Symantec Global Intelligence NetworkSingle agentSingle consoleSingle licenseSingle support programFits into your networkEasily configurable, use only what you needCombines essential Protection and compliance functionsSymantec Endpoint Protection is Secure, Simple & Seamless. The unmatched combination of endpoint protection technologies, improved Client and administrator UI and seamless integration with Network Access Control gives customers the ability to gain unprecedented control over their endpoints.3434
35 New Client User Interface Client User Interface (UI)Client UI focused on ease-of-use for end-usersEnable users to quickly view settings and navigateThe improvements in the UI will help with client education. This will ultimately reduce helpdesk calls as users have greater visibility into the status of their individual system security. Of course, the Client UI can be hidden from the user and is configurable by the admin (show/not show)Green is GOOD. Red is BAD. 3535
36 How do we Increase Protection, Control and Manageability? Much more than traditional Antivirus by including “advanced” technologies right in the core agentCombines world-class endpoint technologiesControlEnsures Network access is secure, regardless of access method employee, guest, contractors, auditorsManageabilityScalable multi-server architectureBased on world-class Sygate managed firewallKey talking points:Manageability increases due to basing the console on the award-winning Sygate Enterprise Protection managed firewall. Gartner continually recognized this platform as the best managed firewallControl is increased through Network Access Control, helping admins gain control over who is on their networkThe increase in protection is obvious, especially through the addition of WholeSecurity’s behavior-based IPS (zero-day protection) and Device Control from Sygate
37 Enterprise Grade Management Console Role Based accessHierarchical viewsIntegration with Active DirectoryMore eye candy.
38 Reporting Comprehensive Reporting 50+ canned reports Customizable DashboardMonitorsComprehensive ReportingSample reports built and customizable---Risk reports---Infected and at Risk ComputersRisk Detection Action SummaryRisk Detection CountNew Risks Detected in the NetworkTop Risk Detections CorrelationRisk Distribution SummaryRisk Distribution Over TimeComprehensive Risk ReportProactive Threat Detection ResultsProactive Threat DistributionProactive Threat Detection Over TimeAction Summary for Top 10 RisksNumber of NotificationsWeekly Outbreaks---Audit---Policies Used---Behavioral Blocking---Top 10 Groups with Most Alerted Behavioral LogsTop 10 Targeted BlocksTop 10 Devices Blocked---Compliance---Network Compliance StatusCompliance StatusClients by Compliance Failure SummaryCompliance Failure DetailsNon-compliant Clients by Connection Type---Computer Status---Virus Definition DistributionComputers not Checked in to ServerSymantec Endpoint Security Product VersionsIntrusion Prevention Signature DistributionClients by Memory, Processor, and OSClient Online StatusClients with Latest PolicyClient Hardware information by GroupSecurity Status SummaryProactive Protection Content Versions
39 Migration Made Easy – Replace, Deploy, Configure Deployment & UninstallDeploy and Configure with Altiris CMSUninstall, run other tasks, i.e., backupWhen looking to deploy an upgrade to Symantec Endpoint Protection 11.0 it gets really easy using Altiris Client Management Suite. Customers can combine several tasks into the rollout, including backup, uninstalling other security software and deploying & configuring the client.
41 Summary of Endpoint Packages Available September 27, 2007!Individual products:Symantec™ Endpoint Protection 11.0Symantec™ Network Access Control 11.0Symantec™ Network Access Control Starter Edition 11.0Bundles / multi-product packages:Symantec™ Multi-tier Protection 11.0Symantec™ Endpoint Protection Small Business Edition 11.0So to sum up our offerings – we introduced two new products today, and are offering them in a few different packages:Individual products:Symantec™ Endpoint Protection 11.0Symantec™ Network Access Control 11.0Symantec™ Network Access Control Starter Edition 11.0Bundles / multi-product packages:Symantec™ Multi-tier Protection 11.0Symantec™ Endpoint Protection Small Business Edition 11.0We make it easy to buy and try to combine the things that make the most sense for what customers and partners want to acquire.4141
42 If Customer Owns (any): Entitlement SummaryIf Customer Owns (any):They Get:• Symantec AntiVirus Corporate Edition• Symantec Client Security• Confidence Online for Corporate PC’s (Whole Security) • Symantec Sygate Enterprise ProtectionSymantec Endpoint Protection 11.0• Symantec AntiVirus Enterprise EditionSymantec Multi-tier Protection 11.0• Symantec AntiVirus with Groupware Protection • Symantec Client Security with Groupware ProtectionSymantec Endpoint Protection Small Business Edition 11.0• Symantec Network Access Control (LAN and/or DHCP) Symantec Network Access Control 11.0• Symantec Network Access Control (Gateway and/or CNAC)• Symantec Sygate Enterprise Protection (with Self Enforcement)Symantec Network Access Control Starter Edition 11.0
43 Redefining Endpoint Security Symantec Endpoint SecuritySolutionEndpoint ProtectionEndpoint ComplianceEndpoint Protection proactively protects laptops, desktops and servers from known and unknown malware such as viruses, worms, Trojans, spyware, adware and rootkits by combining these capabilities:AntivirusAntispywareDesktop firewallIntrusion Prevention (Host & Network)Device & Application ControlEndpoint Compliance securely controls entry into networksOngoing endpoint integrity checkingCentralized endpoint compliance policy managementAutomated remediationHost based enforcement of access policiesMonitor and reportSystem configuration checking, remediation & enforcementDefinitionBut moving beyond today, I wanted to illustrate the depth of our Endpoint Security product line. We’ve taken great strides to simplify our offerings, while also ensuring broad coverage for a diverse array of devices, such as mobile devices, critical servers and unmanaged systems.Complete Endpoint Security is comprised of two areas: Endpoint Protection and Endpoint Compliance. Symantec has the best and most complete offering in the market, and customers trust us to continually deliver the most innovative, high-quality solutions.Symantec Endpoint ProtectionSymantec Network Access Control 11.0Also available in a Starter Edition* SNAC-ready out of the boxKey ProductsSymantec Mobile SecuritySymantec Critical System ProtectionSymantec On-Demand Protection (for OWA & Web Apps)Other Products
44 But, what about…? Endpoint Exposures Protection Technology Symantec SolutionMicrosoftSolutionEndpointExposuresAlways on, always up-to- dateSymantec Endpoint Protection & Symantec Network Access Control 11.0Host integrity & remediationSymantec Network Access ControlForefront Client Security + VistaWindows FirewallMSRTMicrosoft NAP*Zero-hour attacks, Malware, Trojans, application injectionAnti crimewareSymantec Confidence OnlineApplicationsDevice controlsSlurping, IP theft, malwareI/O DevicesBuffer Overflow, processinjection, key loggingMemory/ProcessesBuffer overflow & exploit protectionSymantec Sygate EnterpriseProtection[This slide is completely optional – it prepares the speaker to address the occasional question regarding Microsoft entering the enterprise endpoint security space. The slide is designed to point out Microsoft’s shortcomings in offering, and gives the speaker the leverage to show how truly “incomplete” MS is at this, and to also reiterate our expertise in knowing what complete endpoint protection really is.]Speaking points:[Build] But some customers are asking us how we are going to compete with a few 900 Pound Gorillas entering the enterprise security market place. We know through our extensive experience in this space that it is not an easy problem to solve. As illustrated previously, many exposures have typically required many technology approaches. As these “gorillas” enter the market they may tout their market muscle but as you can see from this offering, there are many holes in this particular offering.For SEs:Device Control:Yes it is true that you can disable some devices with GPO with a workaround and manually importing templates. Microsoft does not consider this a true policyDEPDEP can stop certain buffer overflows from occurring but only if you have the matching processors that support this technology. But buffer overflows are only a small aspect of vulnerability exploiting malware. PTS detects malware regardless of the technologies it uses.Symantec has been protecting customers from malware for over 10 years – with over 120 million systems that trust us every day for that protection.Malware, Rootkits, day-zerovulnerabilitiesOperatingSystemO/S ProtectionWorms, exploits & attacksNetworkConnectionNetwork IPSClient FirewallViruses, Trojans, malware& spywareAntivirusSymantec AntiVirusData & File SystemAntispyware* Future
45 A Complete Security Portfolio for Organizations of Any Size Symantec Enterprise SecurityEnterprise (100 +)Small Business (10-100)Security ManagementSecurity ManagementSymantec Managed Security ServicesSymantec DeepSight Threat Management SystemSymantec Security Information ManagerSymantec Managed Security ServicesSymantec DeepSight Threat Management SystemSymantec Security Information ManagerInformation Risk ManagementInformation Risk ManagementSymantec Mail SecuritySymantec Enterprise VaultSymantec Database Security & AuditSymantec Mail Security for Microsoft ExchangeSymantec Enterprise VaultSo you now know our Endpoint Security line of business – but what about filling out the entire Enterprise Security portfolio? As you can see, our broad array of solutions is there to assist you with your security projects – whether products, solutions or services, we are there to provide you with what you need to build a comprehensive Enterprise Security strategy.Endpoint SecurityEndpoint SecuritySymantec Multi-tier ProtectionSymantec Endpoint ProtectionSymantec Critical System ProtectionSymantec Mobile Security SuiteSymantec Network Access ControlSymantec On-Demand ProtectionSymantec Endpoint Protection Small Business EditionSymantec Endpoint Protection Starter EditionSymantec Network Access Control Starter EditionSymantec Mobile Security Suite4545
46 Symantec™ Global Intelligence Network 4 Symantec SOCs74 Symantec Monitored Countries+40,000+ Registered Sensors in 180+ Countries++8 Symantec Security Response Centers>6,200 Managed Security Devices+Advanced Honeypot Network120 Million Systems Worldwide30% of World’s Traffic200,000 malware submissions per monthMillions of security alerts per monthMillions of threat reports per monthHundreds of MSS customersRedwood City, CASanta Monica, CACalgary, CanadaSan Francisco, CADublin, IrelandPune, IndiaTaipei, TaiwanTokyo, JapanTwyford, EnglandMunich, GermanyAlexandria, VASydney, AustraliaSix key international locationsSanta Monica, Calif. (Response headquarters)American Fork, UtahSydney, AustraliaCalgary, CanadaDublin, IrelandTokyo, JapanWorldwide sensor network from DeepSight180 countries>20,000 sensorsAV submissions from 120,000,000 customersThis is a powerful slide as it illustrates how Symantec offers the most complete information on threats from around the world to the media. It’s a great visual of how strong Symantec’s information and expertise it. You should be sure to explain what “18,000 sensors in 180 countries” exactly means and how we can watch what is happening around the Internet.You may also want to add that Symantec’s Managed Security Services also adds another view of the Internet.Global technical supportSpringfield, OregonToronto, Canada
47 For More Information… www.symantec.com/endpointsecurity Remember to visit us online – this site is your single source for information on our new products. Check it out at:And make sure you try out the beta – you will love it!
50 Servers Are Endpoints Too Data Center Servers Are Exposed To A Broad Range Of ThreatsMalicious Code… Malicious UsersLoose PrivilegesSystem DevicesBuffer OverflowBack DoorWe’ve talked a lot about “client” systems so far – what’s important to note is that servers are endpoints too. Servers are just as susceptible to hacking, theft and other attacks – primarily from the inside. Since a company’s critical data resides on these systems, it is critical also that they are protected with the same diligence.File ServerServerApplication ServerDatabaseServer
51 Symantec Critical System Protection 5.1 Eliminates The Broadest Range Of Malicious Server ThreatsRuns On The Broadest Range Of Operating SystemsLoose PrivilegesSystem DevicesBuffer OverflowBack DoorThat’s where Symantec Critical System Protection comes in. An industry leading combination of Host Intrusion Prevention and Host IDS-based log monitoring and auditing, provides the layered protection needed to protect these systems and data from insider attack. Critical System Protection also supports the broadest array of operating systems that these systems typically reside in – AIX, HPUX, Linux – it’s not just a Windows world, especially in this part of the datacenter.File ServerServerApplication ServerDatabaseServer
52 Symantec Critical System Protection Symantec Critical System Protection 5.1 Multi-layer protection for critical systemsClose back doors (block ports)Limit network connectivity by applicationRestrict traffic flow inbound and outboundRestrict apps & O/S behaviorsProtect systems from buffer overflowIntrusion prevention for day-zero attacksNetworkProtectionExploitPreventionSymantec Critical System ProtectionSystemControlsAuditing &AlertingLock down configuration & settingsEnforce security policyDe-escalate user privilegesPrevent removable media useLet’s look under the hood of Critical System Protection a bit more.[Build Network Protection] The Network Protection that CSP provides is useful in closing back doors and helping to restrict traffic flow both inbound and outbound to that system.[Build Exploit Prevention] The Exploit Prevention layer helps to restrict certain types of application and OS behaviors, protecting from buffer overflows and day-zero attacks.[Build Auditing & Alerting] The Host IDS layer centers around Auditing and Alerting – allowing the admin to monitor logs and settings in a way that paves the way for quick action to rectify issues.[Build System Controls] And finally, the System Controls layer allows for granular policy configuration and lockdown, preventing misuse and abuse due to inappropriate admin privileges.Monitor logs, system settings & userauth for security eventsConsolidate & forward logs for archivalSmart event response for quick action
53 Endpoint Protection + Critical System Protection Securing Endpoints provides an essential “Security Foundation”Protects against broadest array of exposuresThese two solutions together make a rock solid “Security Foundation.” A single console is the heart of ensuring that all operational elements are met, providing configuration, deployment, reporting and other essential management functions.Symantec Client SecurityEndpoint SecuritySymantec Critical System ProtectionCell PhoneLaptopDesktopFile ServerApplication ServerMessaging ServerDatabase Server
54 Symantec Mobile Security Suite 5.0 for Windows Mobile The Symantec Suite… Simple and CompleteSecurityAntivirus, Firewall, anti-spam, network access control, phone feature control, tamper protection and (optional) VPNSmart phones and PCs use the same LiveUpdate infrastructureData ProtectionPassword Protection, Data Encryption, Data Activity LogOffers a range of responses to match varying risk toleranceActivity Log… peace-of-mind and a possible option for regulatory compliance without the overhead of encryptionManagement Console for managing the mobile endpointRecommend leveraging a mobile device management provider (Sybase, Nokia Intellisync, mFormation…)Don’t forget AV and FW, they prevent a user from being ‘robbed blind’Bringing PC-level security to the hacker’s next destination
55 Version Upgrade Process Symantec is committed to providing customers and channel partners with an enhanced and simplified version upgrade process.1Customers eligible for upgrade will automatically receive an notification.Customers can then download their software directly from File Connect, using the serial number provided.2Customers can also visit Symantec’s improved Licensing Portal that delivers multi-function capabilities in one easy to navigate portal.licensing.symantec.com(serial and/or account number required)fileconnect.symantec.com
56 Benefits of Entitlement Program Why this is a great deal for customers:Customers who buy Symantec AntiVirus Corporate Edition today are entitled to receive Symantec Endpoint Protection 11.0 on September 27, 2007*Customers will be getting a lot more than what they initially purchased:Existing Symantec AntiVirus/Symantec Client Security customers will be entitled to Symantec Endpoint Protection. This gives them (a) new market leading firewall (b) IPS – WholeSecurity proactive behavioral protection (c) device control and application control (d) Option to enable SNAC (SNAC-ready)Existing Symantec Sygate Enterprise Protection (Sygate desktop firewall) customers will be entitled to Symantec Endpoint Protection This gives them (a) market leading antivirus and antispyware (b) IPS – WholeSecurity proactive behavioral protection (c) Option to enable SNAC (SNAC-ready)With this entitlement program, Symantec provides customers with the next generation of endpoint security that redefines what is required for complete protection* See previous slide for exact product entitlement mapping