Presentation is loading. Please wait.

Presentation is loading. Please wait.

Revolutionizing Endpoint Security

Similar presentations

Presentation on theme: "Revolutionizing Endpoint Security"— Presentation transcript:

1 Revolutionizing Endpoint Security
Kevin Murray, Sr. Director, Endpoint Security September 27, 2007

2 Agenda Security 2.0 1 Trends at the Corporate Endpoint 2 Announcing… 3
A Complete Enterprise Security Solution 4 Call to Action! 5

3 Security 2.0 New technologies are changing the way we communicate
Businesses are sharing information across their extended enterprises and engaging in more complex electronic interactions New technologies are also introducing new security risks No longer focused on just the device – it’s about the information and interactions Phishing, ID theft, malicious users and non-compliance are all risks Must keep the threats out, and ensure the information stays inside Symantec is bringing together an ecosystem of products, services and partners that help create a safe and connected world Symantec’s mission is to deliver solutions that protect customers’ connected experiences In September 2006 we held the Security 2.0 event. What was this about? We were busy managing the communication around the merger of Veritas and Symantec and we wanted to make sure that the market knew that we are the leaders – and Security 2.0 was a Visionary thing for the market to know that we are the thought leaders here. There is a new wave of threats coming and we are ahead of it. JWT likes to say we are happy to see MS involvement in the security market – though they seem to be solving yesterday’s problems.

4 stopped giving out personal information stopped paying bills online
Security 2.0: The Facts fear of eavesdropping fear of online fraud 53% 14% stopped giving out personal information stopped paying bills online Sources: Gartner; Cyber Security Industry Alliance, June 2005

5 Protecting Information
External Threats Such As Viruses, Spyware & Crimeware Exploiting System Vulnerabilities Internal Threats Such As Data Theft and Data Leakage Exploit Lack Of Supervision For Corporate Information Flow Non-Compliance With Policies Or Regulations (SOX, FISMA, etc) Lack Of Adequate Controls Or Evidence Collection Protecting information, but from what? You probably know us as the company that protects computer systems and data from “bad stuff” – that is external threats like viruses, spyware, etc. But more and more these days, we are seeing the threat of the *insider.* A threat that takes the traditional notion of Trust and challenges it. What if an employee, with lots of administrative privileges, is trusted one day, but is about to resign? How do you stop that trusted employee from doing “untrustworthy” things? I’ll also talk to you about how we can help you with compliance – mostly on the security compliance side, but also show you how we help with overall IT compliance.

6 Endpoint Security & Information Foundation
Provides A Real Time Defense Against Malicious Activity Information Risk Management So, today, I’ll introduce you to our Enterprise Security framework – a way of thinking about your security strategy holistically, in three layers that help you tackle the management of risk and the challenges around compliance. [Build] First, the Endpoint Security layer. Consider this the bare minimum of systems that most organizations must procure and employ to manage the flow of information through the enterprise. In most cases, regardless of size, customers have varying types of clients, servers, app servers, servers, file servers and databases. And we employ basic security tools to keep those systems protected, such as antivirus. The idea being to build a solid security foundation by securing the endpoint. Well, most customers have also gotten very good at making information available to end users, whether through transparent access to messaging systems, file servers or databases, the flow of information is at an unprecedented level due to advances in IT. [Build] This additional layer, Information Security, is where the organizations critical assets really lie. And so, the challenges in protecting that information from all kinds of risks have increased as well. Endpoint Security Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

7 A Complete Enterprise Security Strategy
Security Management Policy Management Vulnerability Management Information Management Event & Log Management i ! Information Risk Management [Build 3 times] Finally, all this information must be managed – from everyday IT policies to terabytes of events and system logs, the need for intelligent tools to manage these increasing volumes of data have increased as well. Customers are crying out for a way to make sense of the data, and to help them take action on correlated data throughout the enterprise – this layer of Security Management helps our customers make sense of the data, manage the information and get ahead of regulation, all managed by Policy in a unified and simplified fashion. Endpoint Security Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

8 Endpoint Security

9 Business Problems at the Endpoint
Number of Zero Day threats Endpoint management costs are increasing Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources Complexity is increasing as well Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007 (Note that zero-day graphic builds after last text bit) Infonetics Research Shows the average annual cost of downtime caused by security attacks. 3 types of security attacks: DOS attacks, client malware, and server malware Purple is revenue and Blue is Productivity Small is <100 Medium is – annual cost is $230,000 Large is over $31.26M When revenue generators are not able use their computer or connect to the network down this impacts the company’s revenue Measuring both the revenue and their productivity – gives cost Describe Zero Day threats Time line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected. What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k s. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positives Zero Day Process 1. Vulnerability Discovered 2. Some time later – Exploit released. The clock starts ticking 3. AV vendors write sig 4. hackers get smart and release code closer and closer to the Vuln Disc date 5. We get better with GEB = > Closer Available in SCS 6. Sometimes 0-day Exploit found in the wild for a vulnerability never seen before 7. We acquired even better technology that is behavior based – WholeSecurity Growing number of known and unknown threats Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more

10 What do these bars signify?
10 10

11 Causes of Sensitive Data Loss
The leading causes of sensitive data loss: User error3 Violations of policy12 Internet threats, attacks and hacks8 In one form or another, human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy - intended, accidental and inadvertent - is responsible for one in every four cases (25 percent). Malicious activity in the form of Internet-based threats, attacks and hacks is responsible for one in every five occurrences., “Taking Action to Protect Sensitive Data”, Feb. 2007 11 11

12 As Threat Landscape Changes, Technology Must as Well
From Hackers & Spies…To Thieves Silent Overwhelming Variants Highly Targeted Few, Named Variants Indiscriminate Noisy & Visible OLD NEW [Build through larger graphic] A few years back, it was well understood that hackers really jut wanted notoriety from there exploits – to gain recognition from their “peers” on creating such impressive “proofs of concept” when it came to viruses. [Build to show tagline] However, we have seen a marked shift from this “graffiti” approach to one of stealth, and one of financial gain. Hackers today don’t want to be discovered, they want to attack silently and leave no trace – to steal sensitive information like credit card data, passwords, login info, etc. Simply put, they want to get rich. Moving from Disrupting Operations To Damaging Trust and Reputations

13 Protection From External Malicious Threats
Protection Starts At The Corporate Endpoint Broad Range Of Client Devices : Laptop, Desktop, Cell Phone Broad Range Of Threats : Virus, Worms, Spyware … Crimeware Crimeware Spyware Worm Virus As I stated before, you probably know Symantec from our history in protecting customers from “bad stuff” happening to their computers. Like viruses, worms, spyware and the like. We know from experience that protection starts at the corporate endpoint. Whether a cell phone, a laptop or a desktop system, these client systems require increased protection today more than ever. We’ve seen an evolution in how hackers have modified their wares – as such Symantec has responded in kind. We’ve pioneered technologies and methods to counter these changing hacker tactics – but let me tell you what we’ve seen recently. Windows Smartphone Symbian Device Laptop PC Desktop PC 13 13

14 Is Endpoint Protection Enough Protection?
“What Are The Most Common Sources Of Automated Internet Worm Attacks ?” 43% Employee Laptop 39% Internet Through Firewall 34% Non-Employee Laptop 27% VPN Home System As we shored up our resources on fighting the evolving hacker threat, we also saw the market need for greater control. Note that many of the threats getting into the corporate network are coming from machines that IT thought they had covered. Perimeter firewall, VPN, and then interestingly enough, *non-employee laptops.* Huh? How could that happen? It’s quite simple – employees have a desire to do business with more and more partners every day, whether guests in a conference room, temp workers, contractors, etc – some customers report allowing internet access to those “unmanaged devices.” Not that you would allow such a thing. ;-) 8% Don’t Know 8% Other Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention

15 Endpoint Security Policy
The Need for Complete Endpoint Security: Endpoint Protection + Endpoint Compliance Worms Unknown Attacks ID Theft Viruses Protection Patch Updated Service Pack Updated Personal Firewall On Antivirus Signature Updated Antivirus On Compliance Endpoint Security Policy Status [Build Protection] Most customers know us for our Endpoint Protection – essentially keeping the bad stuff out. [Build Compliance] But, part of what customers now need to ensure the overall health of their network, is endpoint compliance.

16 Symantec Endpoint Compliance Process
Discover Endpoint Attaches to Network Configuration Is Determined Step 1 Monitor Endpoint to Ensure Ongoing Compliance Step 4 Enforce Compliance of Configuration Against Policy Is Checked Step 2 ü Monitor IT Policy How does this endpoint compliance process work? [Build Discover] The first step in this process is for the access point to discover the device attempting access. [Build Enforce] From there, the solution can apply an integrity check to determine if the endpoint is compliant with current security policy. [Build Remediate] If out of policy, the system can be quarantined, remediated or given federated access to the LAN. [Build Monitor] Of course, it is also important to have ongoing checks to ensure that, if a security event occurs, that the system can be discovered/remediated at a subsequent time. [Build Altiris] and with our recent acquisition of Altiris, we also add the ability to patch systems easily from a single vendor. We have had this capability in SNAC for some time now, but with Altiris, we are able to offer an extended remediation zone. These steps ensure compliance on contact, but also the ability to have an ongoing connection to that endpoint. Remediate Take Action Based on Outcome of Policy Check Step 3 Patch Quarantine Virtual Desktop

17 Symantec Network Access Control
Ensures endpoints are protected and compliant prior to accessing network resources Choose quarantine, remediation or federated access Enforce policy before access is granted Execute updates, programs, services, etc Limit connection to VLAN, etc Broadest enforcement options of any vendor Remote connectivity (IPSec, SSL VPN) LAN-based, DHCP, Appliance Standards-based, CNAC, MSNAP This process is delivered via Symantec Network Access Control. An innovative solution that ensures endpoint compliance, and ensures it through utilizing the broadest array of enforcement options. [Build text] Whether fitting into an existing infrastructure, say Cisco or Microsoft, Symantec gives you Network Access Control capabilities right out of the box. Without the need to upgrade every switch router, server or VPN concentrator to get you there. We work within your environment to get your endpoints compliant in the fastest time. Pervasive Endpoint Coverage Unmanaged Guests, Contractors, Home Computers Central, Scalable, Flexible Policy Management Distributed servers, redundancy, data base replication, AD integration Universal enforcement (W)LAN, IPSec VPN, SSL VPN, Web Portal Integration with Existing and Emerging Standards 802.1x, Cisco NAC, Microsoft NAP, TCG’s TNC Automated Remediation Process No user intervention required Learning mode and discovery tools 17 17

18 Symantec On-Demand Protection
Layered security technology solution for unmanaged endpoints Web-based Applications Thin Client/Server Applications Traditional Client/Server Applications Traveling Executives Public Kiosk File Share Partner Extranet Ideal for use with: Outlook Web Access (OWA) Web-enabled applications Most complete On-Demand security solution Virtual Desktop Malicious Code Prevention Cache Cleaner Mini personal firewall Host Integrity Adaptive Policies Of course, there is another aspect to ensuring endpoint compliance – the unmanaged endpoint device. As stated before, IT is receiving pressure to open up access to partners, guests, and others. But while IT typically wants to accommodate such requests, the increase in risk to date has been unmanageable. This triggered the need for “on-demand” security – that is, security that could be implemented on demand, regardless of device type, location, browser, etc. Symantec On-Demand Protection gives IT that extension to the unmanaged device. A simple solution that is ideal for use with web-enabled applications like Outlook Web Access, On-Demand Protection keeps the wandering endpoint from becoming a greater security risk, as they connect to the network. 18 18

19 Network Access Control + On-Demand Protection
Complete endpoint compliance regardless of network access method Managed Devices: laptops, mobile phones Unmanaged Devices: Guest, contractor, partners, kiosks OWA Kiosk Partner Temp The combination of Symantec Network Access Control and Symantec On-Demand Protection allows IT to provide unprecedented service levels, through granting access to more devices and extended user communities than ever before. It also gives IT greater control over the endpoint, ensuring that they are compliant with policy at every turn. [Note that user types have been reflected in first build: guest. Temp worker, OWA, etc] Windows Smartphone Symbian Device Laptop PC Desktop PC 19 19

20 Today’s Endpoint Problems Addressed by Too Many Technologies…
Client Firewall O/S Protection Buffer overflow & exploit protection Anti crimeware Device controls Network IPS Host integrity & remediation Protection Technology Antispyware Antivirus Network Connection Operating System Memory/ Processes Applications Worms, exploits & attacks Viruses, Trojans, malware & spyware Malware, Rootkits, day-zero vulnerabilities Buffer Overflow, process injection, key logging Zero-hour attacks, Malware, Trojans, application injection I/O Devices Slurping, IP theft, malware Endpoint Exposures Always on, always up-to- date Data & File System One major problem that customers face when determining their endpoint security strategy is trying to decipher what protection technology they need to address which exposures. Honestly, it seems to take a PhD to make sense of this. Let’s take a look at the exposures that the endpoint is susceptible to – attacks like Viruses, Trojans and worms are typically handled by basic antivirus solutions and some have gone so far to include anti-spyware to handle spyware and adware. As network-based attacks, rootkits, buffer overflows and other types of attacks you can see that additional technologies [Build] have become a necessary addition to the basic malware coverage.

21 …even from Symantec Endpoint Exposures Protection Technology Symantec
Client Firewall O/S Protection Buffer overflow & exploit protection Anti crimeware Device controls Network IPS Host integrity & remediation Protection Technology Antispyware Antivirus Symantec Confidence Online Symantec Sygate Enterprise Protection Symantec Network Access Control Symantec Solution Symantec AntiVirus Endpoint Exposures Always on, always up-to- date Zero-hour attacks, Malware, Trojans, application injection Applications Slurping, IP theft, malware I/O Devices Buffer Overflow, process injection, key logging Memory/ Processes However, even Symantec has addressed these exposures somewhat piecemeal – using multiple products to address this ever-evolving landscape. Symantec offers a variety of solutions to combat this diverse array of attacks and exposures – and quite frankly, customers have told us that we need to make it easier for them to manage all these exposures. Malware, Rootkits, day-zero vulnerabilities Operating System Worms, exploits & attacks Network Connection Viruses, Trojans, malware & spyware Data & File System

22 Ingredients for Endpoint Protection
AntiVirus Worlds leading AV solution Most (33) consecutive VB100 Awards Virus Bulletin – Aug 2007 So what are we doing about it? Well, we determined that we needed to build a better mousetrap, and that we had the best ingredients to make it happen in a single solution. We started with the world’s leading antivirus solution. Our track record speaks for itself – 30 consecutive Virus Bulletin 100% certifications – and as of April 2007, 31 consecutive passes. No other vendor has this track record of success. In addition, we have won many awards as noted on the right side here, consistently. Antivirus

23 Ingredients for Endpoint Protection
Antispyware Best rootkit detection and removal Raw Disk Scan (VxMS) = superior rootkit protection Source: Thompson Cyber Security Labs, August 2006 As for spyware, one of the best things that came out of the Veritas merger was that we gained access to incredibly fast and effective scanning technology from the Backup side of the business – this technology, called “Raw Disk Scan” is already in our Consumer line of products, and catches the most Rootkits – more than any other vendor. Take a look at Microsoft in this chart – once touted as the “best” anti-spyware, the “Giant” software they acquired and subsequently included in Vista (and XP SP2), has proved ineffective at catching Rootkits. Further detail: Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level. 1. Installed without user’s knowledge 2. Gains admin or system-level privileges 3. Hides from detection / buries deep within the operating system 4. Used as a method to circumvent existing security tools and/or measures (optional point) Antispyware Antivirus

24 Ingredients for Endpoint Protection
Firewall Industry leading endpoint firewall technology Gartner MQ “Leader” – 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading Firewall Another great thing was acquiring Sygate in October of Gartner has raved about their managed firewall capability for 4 consecutive years. Not only is it effective technology, but it is extremely light and streamlined, so we based our next-generation architecture on it. The rules-based firewall is a dynamic solution, adjusting to protect the network from threats as they attempt to spread. Antispyware Antivirus

25 Ingredients for Endpoint Protection
Intrusion Prevention Combines NIPS (network) and HIPS (host) Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants Granular application access control Proactive Threat Scan (TruScanTM) - Very low (0.004%) false positive rate Detects 1,000 new threats/month - not detected by leading av engines Intrusion Prevention Firewall 25M Installations Only 50 False Positives for every 1 Million PC’s When we looked at Intrusion Prevention, we realized that we needed to combine layers for IPS to be truly effective. In Symantec Client Security, we introduced Generic Exploit Blocking – an innovative way to protect against variants and polymorphism, with a single “vulnerability-based” signature. But what we realized was that we need to address Zero-day attacks in a truly “signature-less” fashion. Around the same time we acquired Sygate, we also acquired a small company called Whole Security. Their technology is heuristic based, and fine-tunes itself to reduce false positives that heuristics are prone to. We introduced this in the Consumer products, and the success has been overwhelming – as illustrated in the slide. Further detail: Symantec SONAR Technology, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives. Based on an installed base of over 25 million users, our behavior-based technology has proven to be extremely accurate and effective. We have found that since its deployment, this proactive technology has detected approximately 1,000 new threats per month that were not yet detected by any of the leading antivirus engines. Moreover, it does this with an incredibly low false positive rate of only % (less than 50 for every 1 Million users). Antispyware Antivirus 25 25

26 Intrusion Prevention (IPS)
Intrusion Prevention System (IPS) Combined technologies offer best defense Intrusion Prevention (IPS) The key thing to understand is that not all Intrusion Prevention is the same. Most vendors will claim that they have it, but may only have one aspect of it. We realized that we needed to deliver IPS in two flavors – Network-based and Host-based. The simple difference being NIPS looks at network traffic to and from the system, and host-based looks at application and system behaviors to provide greater protection. We introduced several technologies separately in this space, and now we are bringing them together to increase protection. [Greater detail is self-explanatory – walk them through each of the features listed under each category.] (N)IPS Network IPS (H)IPS Host IPS Generic Exploit Blocking Vulnerability-based (Sigs for vulnerability) Proactive Threat Scan Behavior-based (Whole Security – TruScanTM) Deep packet inspection Signature–based (Can create custom sigs, SNORT-like) Application Control Rules-based (System lockdown by controlling an application’s ability to read, write, execute and network connections)

27 Ingredients for Endpoint Protection
Device Control Prevents data leakage Restrict Access to devices (USB keys, Back-up drives) W32.SillyFDC (May 2007) Device Control Intrusion Prevention targets removable memory sticks spreads by copying itself onto removable drives such as USB memory sticks W32.SillyFDC automatically runs when the device is next connected to a computer Firewall Yet another benefit of the Sygate acquisition was that we gained the ability to protect from attacks and data leakage that occurs through the use (or abuse) of I/O devices such as USB memory keys, media players, etc. One recent example of an attack using this method was “W32.SillyFDC” which used a USB key as the means to deposit a Trojan horse onto a system. With our technology, you can determine which of these devices have write access to the system, and even what data can be written to the I/O device. We do it by Device Class ID, offering many possibilities on how to create different policies based on device type. Antispyware Antivirus

28 Ingredients for Endpoint Compliance
Network Access Control Network Access Control Network access control – ready Agent is included, no extra agent deployment Simply license SNAC Enforcement Device Control Intrusion Prevention Firewall Most IT professionals are familiar with or considering Network Access Control (or NAC) in their environment. With Sygate, we gained the industry’s most flexible NAC solution. We fit into the customer’s environment, we don’t force the customer to change around us. With the most enforcement options available, we have managed to carve out a great spot for us in the market here, in fact winning several awards in addition to some very large customer accounts. (NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have very flexible implementation options) Antispyware Antivirus

29 Network Access Control
Introducing… Network Access Control Symantec Network Access Control 11.0 Symantec Endpoint Protection 11.0 Device Control Intrusion Prevention Firewall And now, my big announcement – I’d like to introduce “Symantec Endpoint Protection 11.0” and the next version of SNAC, “Symantec Network Access Control 11.0.” We are taking all these essential ingredients and combining them into a single agent, managed from a single console. This solution is the result of years of development and integration, combining the most essential protection and compliance technologies into a single centrally-managed solution. Antispyware Antivirus

30 Single Agent, Single Console
Results: Symantec Network Access Control 11.0 Symantec Endpoint Protection 11.0 Reduced Cost, Complexity & Risk Exposure Increased Protection, Control & Manageability The result to the customer is Increased Protection, Control and Manageability with Reduced Cost, Complexity and Exposure.

31 Beta Customer Value Data
Single console Customers who participated reduced man-hours by 75% Security Related Reporting One customer expects to save 97% of the man hours on weekly security related reporting Application Control One customer: anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 PCs per week Recovering over 600 man hours a week from analyst and technicians’ time.  Another: anticipates recovering over $2.0 million from network outages caused by un-authorized peer to peer applications Controlled beta conducted the Alchemy Solutions Group from April – September “Value Delivery Research” available soon, in October 2007. Single console Ability to manage complete IT Security Operations from a single console with zero latent visibility to the endpoint will reduce the current state man hours an average of 75% for those customers who participated Security Related Reporting One customer expects to save 97% of the man hours on weekly security related reporting. Application Control One customer anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 pc’s per week as a result of deploying Application Control. Recovering over 600 man hours a week from analyst and technicians’ time.  Network outages caused by un-authorized peer to peer applications is costing one customer over $2.0 million annually. -- limiting access to only approved applications at the endpoint and will be a key enabler in recovering this avoidable expense.   End User -Self Diagnostics Empowering the user community to safely manage mundane desk top security related issues will reduce calls to the help desk by at least 60% for those customers who participated

32 Memory Footprint Comparison (using final shipping product)
Baseline Memory Usage Symantec AntiVirus Corporate Edition 62 MB Symantec Client Security 129 MB Symantec AntiVirus + Symantec Sygate Enterprise Protection 72 MB McAfee Total Protection SMB 71 MB Trend Micro OfficeScan Client/Server 50 MB Symantec Endpoint Protection 11.0 24 MB! [Make sure you are in Slide show mode – the “????” disappear after a mouse click] So how do we lower cost? We are lowering costs through reduced number of products to manage, and reduced memory usage With this reduction, we are seeing an average of over 80% reduction in memory usage Microsoft Forefront Client Security is not on here since their offering is only AV, and AS (which runs at around 20MB), with some future Firewall manageability; adding third-party IPS and Device control puts it well above the 21MB indicated for SYMC Endpoint Protection 11.0 How did we manage to add more technology and still reduce  from 129MB to 21MB usage.? What did we do?   SAV and Consumer share a lot of code (all the engines.)  The engine teams (STG) focused a lot on minimizing memory requirements in the consumer 07 releases.  We are seeing a lot of the benefits of the new slimmer versions of the engines and common code. Similar to the work done by the engine teams, we made improvements to our own components to optimize their use of memory. Sygate’s FW is much smaller than the consumer/SCS FW. WholeSecurity was already very tiny. Task Manager 21-25MB Perf Mon will show more like 40MB ???? Average of 80% reduction in memory usage requirements 32 32

33 Average of 80% reduction in memory usage requirements
Dispelling Myths Symantec Endpoint Protection Component Processes in Memory Baseline Memory Usage Smc.exe 8,464 kb SmcGui.exe 5,640 kb ccSvcHost.exe 5,532 kb RtvScan.exe 2,936 kb ccApp.exe 0,746 kb Total 24,218 kb We have identified two reasons why competitors and some partners and SEs doubt our claim in memory consumption. 1) Right after installation, Symantec Endpoint Protection will scan the machine and download the latest patterns/definitions. During this time, the memory consumption is higher. If a tester tries to validate our numbers right after the installation he/she will get distorted figures. 2) Symantec uses the advanced memory optimization features offered by Windows XP, 2003 Server and Vista. These features are not available in Windows While the reduction in memory consumption is considerable it is not as high as in the current versions of Windows. If a tester tries to validate our numbers on Windows 2000 Workstation or Windows 2000 Server he will not see same reduction. Average of 80% reduction in memory usage requirements 33 33

34 Symantec Endpoint Protection
Unmatched Protection Symantec Endpoint Protection Secure Simple Seamless Unmatched combination of technologies Much more than antivirus Backed by the industry standard Symantec Global Intelligence Network Single agent Single console Single license Single support program Fits into your network Easily configurable, use only what you need Combines essential Protection and compliance functions Symantec Endpoint Protection is Secure, Simple & Seamless. The unmatched combination of endpoint protection technologies, improved Client and administrator UI and seamless integration with Network Access Control gives customers the ability to gain unprecedented control over their endpoints. 34 34

35 New Client User Interface
Client User Interface (UI) Client UI focused on ease-of-use for end-users Enable users to quickly view settings and navigate The improvements in the UI will help with client education. This will ultimately reduce helpdesk calls as users have greater visibility into the status of their individual system security. Of course, the Client UI can be hidden from the user and is configurable by the admin (show/not show) Green is GOOD. Red is BAD.  35 35

36 How do we Increase Protection, Control and Manageability?
Much more than traditional Antivirus by including “advanced” technologies right in the core agent Combines world-class endpoint technologies Control Ensures Network access is secure, regardless of access method employee, guest, contractors, auditors Manageability Scalable multi-server architecture Based on world-class Sygate managed firewall Key talking points: Manageability increases due to basing the console on the award-winning Sygate Enterprise Protection managed firewall. Gartner continually recognized this platform as the best managed firewall Control is increased through Network Access Control, helping admins gain control over who is on their network The increase in protection is obvious, especially through the addition of WholeSecurity’s behavior-based IPS (zero-day protection) and Device Control from Sygate

37 Enterprise Grade Management Console
Role Based access Hierarchical views Integration with Active Directory More eye candy.

38 Reporting Comprehensive Reporting 50+ canned reports
Customizable Dashboard Monitors Comprehensive Reporting Sample reports built and customizable ---Risk reports--- Infected and at Risk Computers Risk Detection Action Summary Risk Detection Count New Risks Detected in the Network Top Risk Detections Correlation Risk Distribution Summary Risk Distribution Over Time Comprehensive Risk Report Proactive Threat Detection Results Proactive Threat Distribution Proactive Threat Detection Over Time Action Summary for Top 10 Risks Number of Notifications Weekly Outbreaks ---Audit--- Policies Used ---Behavioral Blocking--- Top 10 Groups with Most Alerted Behavioral Logs Top 10 Targeted Blocks Top 10 Devices Blocked ---Compliance--- Network Compliance Status Compliance Status Clients by Compliance Failure Summary Compliance Failure Details Non-compliant Clients by Connection Type ---Computer Status--- Virus Definition Distribution Computers not Checked in to Server Symantec Endpoint Security Product Versions Intrusion Prevention Signature Distribution Clients by Memory, Processor, and OS Client Online Status Clients with Latest Policy Client Hardware information by Group Security Status Summary Proactive Protection Content Versions

39 Migration Made Easy – Replace, Deploy, Configure
Deployment & Uninstall Deploy and Configure with Altiris CMS Uninstall, run other tasks, i.e., backup When looking to deploy an upgrade to Symantec Endpoint Protection 11.0 it gets really easy using Altiris Client Management Suite. Customers can combine several tasks into the rollout, including backup, uninstalling other security software and deploying & configuring the client.

40 Migration Assistance online

41 Summary of Endpoint Packages
Available September 27, 2007! Individual products: Symantec™ Endpoint Protection 11.0 Symantec™ Network Access Control 11.0 Symantec™ Network Access Control Starter Edition 11.0 Bundles / multi-product packages: Symantec™ Multi-tier Protection 11.0 Symantec™ Endpoint Protection Small Business Edition 11.0 So to sum up our offerings – we introduced two new products today, and are offering them in a few different packages: Individual products: Symantec™ Endpoint Protection 11.0 Symantec™ Network Access Control 11.0 Symantec™ Network Access Control Starter Edition 11.0 Bundles / multi-product packages: Symantec™ Multi-tier Protection 11.0 Symantec™ Endpoint Protection Small Business Edition 11.0 We make it easy to buy and try to combine the things that make the most sense for what customers and partners want to acquire. 41 41

42 If Customer Owns (any):
Entitlement Summary If Customer Owns (any): They Get: •  Symantec AntiVirus Corporate Edition •  Symantec Client Security •  Confidence Online for Corporate PC’s (Whole Security) •  Symantec Sygate Enterprise Protection Symantec Endpoint Protection 11.0 •  Symantec AntiVirus Enterprise Edition Symantec Multi-tier Protection 11.0 •   Symantec AntiVirus with Groupware Protection •   Symantec Client Security with Groupware Protection Symantec Endpoint Protection Small Business Edition 11.0 •   Symantec Network Access Control (LAN and/or DHCP)   Symantec Network Access Control 11.0 •   Symantec Network Access Control (Gateway and/or CNAC) •   Symantec Sygate Enterprise Protection (with Self Enforcement) Symantec Network Access Control Starter Edition 11.0

43 Redefining Endpoint Security
Symantec Endpoint Security Solution Endpoint Protection Endpoint Compliance Endpoint Protection proactively protects laptops, desktops and servers from known and unknown malware such as viruses, worms, Trojans, spyware, adware and rootkits by combining these capabilities: Antivirus Antispyware Desktop firewall Intrusion Prevention (Host & Network) Device & Application Control Endpoint Compliance securely controls entry into networks Ongoing endpoint integrity checking Centralized endpoint compliance policy management Automated remediation Host based enforcement of access policies Monitor and report System configuration checking, remediation & enforcement Definition But moving beyond today, I wanted to illustrate the depth of our Endpoint Security product line. We’ve taken great strides to simplify our offerings, while also ensuring broad coverage for a diverse array of devices, such as mobile devices, critical servers and unmanaged systems. Complete Endpoint Security is comprised of two areas: Endpoint Protection and Endpoint Compliance. Symantec has the best and most complete offering in the market, and customers trust us to continually deliver the most innovative, high-quality solutions. Symantec Endpoint Protection Symantec Network Access Control 11.0 Also available in a Starter Edition * SNAC-ready out of the box Key Products Symantec Mobile Security Symantec Critical System Protection Symantec On-Demand Protection (for OWA & Web Apps) Other Products

44 But, what about…? Endpoint Exposures Protection Technology Symantec
Solution Microsoft Solution Endpoint Exposures Always on, always up-to- date Symantec Endpoint Protection & Symantec Network Access Control 11.0 Host integrity & remediation Symantec Network Access Control Forefront Client Security + Vista Windows Firewall MSRT Microsoft NAP* Zero-hour attacks, Malware, Trojans, application injection Anti crimeware Symantec Confidence Online Applications Device controls Slurping, IP theft, malware I/O Devices Buffer Overflow, process injection, key logging Memory/ Processes Buffer overflow & exploit protection Symantec Sygate Enterprise Protection [This slide is completely optional – it prepares the speaker to address the occasional question regarding Microsoft entering the enterprise endpoint security space. The slide is designed to point out Microsoft’s shortcomings in offering, and gives the speaker the leverage to show how truly “incomplete” MS is at this, and to also reiterate our expertise in knowing what complete endpoint protection really is.] Speaking points: [Build] But some customers are asking us how we are going to compete with a few 900 Pound Gorillas entering the enterprise security market place. We know through our extensive experience in this space that it is not an easy problem to solve. As illustrated previously, many exposures have typically required many technology approaches. As these “gorillas” enter the market they may tout their market muscle but as you can see from this offering, there are many holes in this particular offering. For SEs: Device Control: Yes it is true that you can disable some devices with GPO with a workaround and manually importing templates. Microsoft does not consider this a true policy DEP DEP can stop certain buffer overflows from occurring but only if you have the matching processors that support this technology. But buffer overflows are only a small aspect of vulnerability exploiting malware. PTS detects malware regardless of the technologies it uses. Symantec has been protecting customers from malware for over 10 years – with over 120 million systems that trust us every day for that protection. Malware, Rootkits, day-zero vulnerabilities Operating System O/S Protection Worms, exploits & attacks Network Connection Network IPS Client Firewall Viruses, Trojans, malware & spyware Antivirus Symantec AntiVirus Data & File System Antispyware * Future

45 A Complete Security Portfolio for Organizations of Any Size
Symantec Enterprise Security Enterprise (100 +) Small Business (10-100) Security Management Security Management Symantec Managed Security Services Symantec DeepSight Threat Management System Symantec Security Information Manager Symantec Managed Security Services Symantec DeepSight Threat Management System Symantec Security Information Manager Information Risk Management Information Risk Management Symantec Mail Security Symantec Enterprise Vault Symantec Database Security & Audit Symantec Mail Security for Microsoft Exchange Symantec Enterprise Vault So you now know our Endpoint Security line of business – but what about filling out the entire Enterprise Security portfolio? As you can see, our broad array of solutions is there to assist you with your security projects – whether products, solutions or services, we are there to provide you with what you need to build a comprehensive Enterprise Security strategy. Endpoint Security Endpoint Security Symantec Multi-tier Protection Symantec Endpoint Protection Symantec Critical System Protection Symantec Mobile Security Suite Symantec Network Access Control Symantec On-Demand Protection Symantec Endpoint Protection Small Business Edition Symantec Endpoint Protection Starter Edition Symantec Network Access Control Starter Edition Symantec Mobile Security Suite 45 45

46 Symantec™ Global Intelligence Network
4 Symantec SOCs 74 Symantec Monitored Countries + 40,000+ Registered Sensors in 180+ Countries + + 8 Symantec Security Response Centers >6,200 Managed Security Devices + Advanced Honeypot Network 120 Million Systems Worldwide 30% of World’s Traffic 200,000 malware submissions per month Millions of security alerts per month Millions of threat reports per month Hundreds of MSS customers Redwood City, CA Santa Monica, CA Calgary, Canada San Francisco, CA Dublin, Ireland Pune, India Taipei, Taiwan Tokyo, Japan Twyford, England Munich, Germany Alexandria, VA Sydney, Australia Six key international locations Santa Monica, Calif. (Response headquarters) American Fork, Utah Sydney, Australia Calgary, Canada Dublin, Ireland Tokyo, Japan Worldwide sensor network from DeepSight 180 countries >20,000 sensors AV submissions from 120,000,000 customers This is a powerful slide as it illustrates how Symantec offers the most complete information on threats from around the world to the media. It’s a great visual of how strong Symantec’s information and expertise it. You should be sure to explain what “18,000 sensors in 180 countries” exactly means and how we can watch what is happening around the Internet. You may also want to add that Symantec’s Managed Security Services also adds another view of the Internet. Global technical support Springfield, Oregon Toronto, Canada

47 For More Information…
Remember to visit us online – this site is your single source for information on our new products. Check it out at: And make sure you try out the beta – you will love it!

48 Thank You!
Kevin Murray (408) Copyright © 2007 Symantec Corporation. All rights reserved.  Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.

49 Other areas to cover as optional
49 49

50 Servers Are Endpoints Too
Data Center Servers Are Exposed To A Broad Range Of Threats Malicious Code… Malicious Users Loose Privileges System Devices Buffer Overflow Back Door We’ve talked a lot about “client” systems so far – what’s important to note is that servers are endpoints too. Servers are just as susceptible to hacking, theft and other attacks – primarily from the inside. Since a company’s critical data resides on these systems, it is critical also that they are protected with the same diligence. File Server Server Application Server Database Server

51 Symantec Critical System Protection 5.1
Eliminates The Broadest Range Of Malicious Server Threats Runs On The Broadest Range Of Operating Systems Loose Privileges System Devices Buffer Overflow Back Door That’s where Symantec Critical System Protection comes in. An industry leading combination of Host Intrusion Prevention and Host IDS-based log monitoring and auditing, provides the layered protection needed to protect these systems and data from insider attack. Critical System Protection also supports the broadest array of operating systems that these systems typically reside in – AIX, HPUX, Linux – it’s not just a Windows world, especially in this part of the datacenter. File Server Server Application Server Database Server

52 Symantec Critical System Protection
Symantec Critical System Protection 5.1 Multi-layer protection for critical systems Close back doors (block ports) Limit network connectivity by application Restrict traffic flow inbound and outbound Restrict apps & O/S behaviors Protect systems from buffer overflow Intrusion prevention for day-zero attacks Network Protection Exploit Prevention Symantec Critical System Protection System Controls Auditing & Alerting Lock down configuration & settings Enforce security policy De-escalate user privileges Prevent removable media use Let’s look under the hood of Critical System Protection a bit more. [Build Network Protection] The Network Protection that CSP provides is useful in closing back doors and helping to restrict traffic flow both inbound and outbound to that system. [Build Exploit Prevention] The Exploit Prevention layer helps to restrict certain types of application and OS behaviors, protecting from buffer overflows and day-zero attacks. [Build Auditing & Alerting] The Host IDS layer centers around Auditing and Alerting – allowing the admin to monitor logs and settings in a way that paves the way for quick action to rectify issues. [Build System Controls] And finally, the System Controls layer allows for granular policy configuration and lockdown, preventing misuse and abuse due to inappropriate admin privileges. Monitor logs, system settings & user auth for security events Consolidate & forward logs for archival Smart event response for quick action

53 Endpoint Protection + Critical System Protection
Securing Endpoints provides an essential “Security Foundation” Protects against broadest array of exposures These two solutions together make a rock solid “Security Foundation.” A single console is the heart of ensuring that all operational elements are met, providing configuration, deployment, reporting and other essential management functions. Symantec Client Security Endpoint Security Symantec Critical System Protection Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

54 Symantec Mobile Security Suite 5.0 for Windows Mobile
The Symantec Suite… Simple and Complete Security Antivirus, Firewall, anti-spam, network access control, phone feature control, tamper protection and (optional) VPN Smart phones and PCs use the same LiveUpdate infrastructure Data Protection Password Protection, Data Encryption, Data Activity Log Offers a range of responses to match varying risk tolerance Activity Log… peace-of-mind and a possible option for regulatory compliance without the overhead of encryption Management Console for managing the mobile endpoint Recommend leveraging a mobile device management provider (Sybase, Nokia Intellisync, mFormation…) Don’t forget AV and FW, they prevent a user from being ‘robbed blind’ Bringing PC-level security to the hacker’s next destination

55 Version Upgrade Process
Symantec is committed to providing customers and channel partners with an enhanced and simplified version upgrade process. 1 Customers eligible for upgrade will automatically receive an notification. Customers can then download their software directly from File Connect, using the serial number provided. 2 Customers can also visit Symantec’s improved Licensing Portal that delivers multi-function capabilities in one easy to navigate portal. (serial and/or account number required)

56 Benefits of Entitlement Program
Why this is a great deal for customers: Customers who buy Symantec AntiVirus Corporate Edition today are entitled to receive Symantec Endpoint Protection 11.0 on September 27, 2007* Customers will be getting a lot more than what they initially purchased: Existing Symantec AntiVirus/Symantec Client Security customers will be entitled to Symantec Endpoint Protection. This gives them (a) new market leading firewall (b) IPS – WholeSecurity proactive behavioral protection (c) device control and application control (d) Option to enable SNAC (SNAC-ready) Existing Symantec Sygate Enterprise Protection (Sygate desktop firewall) customers will be entitled to Symantec Endpoint Protection This gives them (a) market leading antivirus and antispyware (b) IPS – WholeSecurity proactive behavioral protection (c) Option to enable SNAC (SNAC-ready) With this entitlement program, Symantec provides customers with the next generation of endpoint security that redefines what is required for complete protection * See previous slide for exact product entitlement mapping

Download ppt "Revolutionizing Endpoint Security"

Similar presentations

Ads by Google