Download presentation
Presentation is loading. Please wait.
1
Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL
2
2 Symantec™ Global Intelligence Network > 6,000 Managed Security Devices + 120 Million Systems Worldwide + 30% of World’s email Traffic + Advanced Honeypot Network Reading, England Alexandria, VA Sydney, Australia Mountain View, CA Santa Monica, CA Calgary, Canada San Francisco, CA Dublin, Ireland Pune, India Taipei, Taiwan Tokyo, Japan 3 Symantec SOCs 80 Symantec Monitored Countries 40,000+ Registered Sensors in 180+ Countries 8 Symantec Security Response Centers
3
3 Attack Trends Data Breaches Information on data breaches that could lead to identity theft. Data collected is not Symantec data. The government sector accounted for the majority of data breaches with 25%, followed by Education (20%) and Healthcare (14%) - the majority of breaches (54%) were due to theft or loss with hacking only accounting for 13%.
4
4 Attack Trends Underground Economy Servers Trading in credit cards, identities, online payment services, bank accounts, bots, fraud tools, etc. are ranked according to goods most frequently offered for sale on underground economy servers. Credit cards were the most frequently advertised item (22%) followed by bank accounts (21%). Email passwords sell for almost as much as a bank account.
5
5 Attack Trends „underground” black trading
6
6 Finance sector – headlines http://money.cnn.com/2005/05/23/news/fortune500/bank_info/
7
7 Finance II http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication/
8
8 Malicious Code Trends New malicious code threats In the first half of 2007, 212,101 new malicious code threats were reported to Symantec. This is a 185% increase over the second half of 2006. This increase can mainly be attributed to new Trojans such as staged downloaders. The first stage of a staged downloader is usually written for a specific target or purpose, resulting in the creation of a very large number of them.
9
9 ’05 Threat Landscape Shift Threats are indiscriminate, hit everyone Threats are highly targeted, regionalized Threats are disruptive impact visible Threats steal data & damage brands impact unclear Remediation action is technical (“remove”) Remediation more complex, may need to investigate data leak Going through perimeter and gateway Going after uneducated network clients and other endpoints 2006 Landscape Crimeware 2004 Landscape Virus Threats are noisy & visible to everyone Threats are silent & unnoticed with variants The Battle has changed
10
10 Client Firewall O/S Protection Buffer overflow & exploit protection Behaviour Blocking Device controls Network IPS Host integrity & remediation Protection Technology Anti-spyware AntiVirus Network Connection Operating System Memory/ Processes Applications Worms, exploits & attacks Viruses, Trojans, malware & spyware Malware, Rootkits, day-zero vulnerabilities Buffer Overflow, process injection, key logging Zero-hour attacks, identity theft, application injection I/O Devices iPod slurping, IP theft Endpoint Exposures Always on, always up-to- date Data & File System Symantec Confidence Online Symantec Sygate Enterprise Protection Symantec Critical System Protection Symantec Client Security Symantec Mobile Security Symantec Network Access Control Symantec Solution Symantec AntiVirus Symantec Endpoint Protection Anatomy of Layered Endpoint Protection
11
Scope of Endpoint Protection
12
12 Symantec Endpoint Protection - Summary The World’s leading anti-virus solution More consecutive Virus Bulletin certifications (31) than any vendor Best anti-spyware, leading the pack in rootkit detection and removal Includes VxMS scanning technology (Veritas) Industry’s best managed desktop firewall Adaptive policies lead the pack for location awareness Sygate and Symantec Client Security Behavior-based Intrusion prevention (Whole Security) Network traffic inspection adds vulnerability-based protection Device control to prevent data leakage at the endpoint (Sygate) Protection against mp3 players, USB sticks, etc Includes a NAC agent to ensure each endpoint is “NAC- ready” (Sygate) Adds endpoint compliance to endpoint protection AntiVirus Antispyware Firewall Intrusion Prevention Device Control Network Access Control
13
13 Ingredients for Endpoint Security Symantec Endpoint Protection 11.0 AntiVirus Antspyware Firewall Intrusion Prevention Device Control Network Access Control Symantec Network Access Control 11.0
14
14 Ingredients for Endpoint Protection AntiVirus World’s leading AV solution Most (31) consecutive VB100 Awards
15
15 Few more detailed information... Forrás: Andreas Clementi, Antivirus comparative summary report 2006
16
16 Ingredients for Endpoint Protection AntiVirus Antispyware Best rootkit detection and removal Raw Disk Scan for superior Rootkit protection Source: Thompson Cyber Security Labs, August 2006
17
17 Ingredients for Endpoint Protection AntiVirus Antispyware Firewall Industry leading endpoint firewall technology Gartner MQ “Leader” – 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading
18
18 Ingredients for Endpoint Protection AntiVirus Antispyware Firewall Intrusion Prevention Combines network- and host based prevention Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants Granular application access control Proactive Threat Scans - Very low (0.002%) false positive rate 16M Installations Only 20 False Positives for every 1 Million PC’s
19
19 Ingredients for Endpoint Protection AntiVirus Antispyware Firewall Intrusion Prevention Device Control Prevents data leakage Restrict Access to devices (USB keys, Back- up drives, MP3) New Worm - W32.SillyFDC targets removable memory sticks spreads by copying itself onto removable drives such as USB memory sticks automatically runs when the device is next connected to a computer
20
20 Ingredient for Endpoint Compliance AntiVirus Antispyware Firewall Intrusion Prevention Device Control Network Access Control Network access control – ready Agent is included, no extra agent deployment Simply license SNAC Server
21
New Key Features
22
22 Symantec Endpoint Protection Manager Features Overview Monitoring & Reporting Email report distribution Centralized event logging Customizable report filters Real-time event viewing Command system Network security status view Notifications view Event export to SSIM & 3 rd -party SIEM solutions Embedded and MSSQL support Administration Centralized, web- based console Simplified user interface for SMB and enterprises Role-based access Administrative domains Assign rights by user or group User-defined, multi- tiered groups RSA SecurID authentication Policy Actions Integrated management of all agent components Single console to define & manage AV, FW, NAC and other policies Group-based policy application Reusable policy objects Centralized setting of exclusions and exceptions Deployment & Integration Client Install package builder Patch & update Remote agent installation Import and sync AD users and Org Units Authenticate admin users via AD Customizable agent package installation settings Migration from SAV, SCS, SSEP & SNAC
23
23 Symantec Endpoint Protection 11 Proactuv security solution for endpoints The traditional signature based technology is obsolated 24 MB memory footprint – full arenal;layered securty Network Access Control functionality –LAN (802.1x), Layer-2 and DHCP Device Control –USB, Fireware, Bloototh, Infrared, SCSI,... –„System lockdown” – even the admin can not change... Full, complete integration –Single management console, centralized log, report The price is not a question... and this all for unchanged price – in symantec antivirus price – and this all for unchanged price – in symantec antivirus price
24
24 © 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. Thank You
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.