Symantec Endpoint Protection 11.0 Update and Review Endpoint Security Group September 2008
Agenda NEW! Third Party SEP Research Results  New features and improvements in SEP MR2/MR3 1 2 Upsell/Cross-sell Opportuni...
Symantec Endpoint Protection MR2 <ul><li>Applications  </li></ul><ul><ul><ul><li>Windows 2008 support  (client) </li></ul>...
SEP 11.0 Maintenance Release 3 (MR3) enhancements
Symantec Endpoint Protection MR3 <ul><li>Improved Client Performance </li></ul><ul><ul><ul><li>Significant Boot Time impro...
Boot Time <ul><li>Significant boot time impact improvement </li></ul><ul><ul><li>Utilize persistent cache of known good fi...
Competitive Boot Time (seconds) <ul><li>McAfee VirusScan Enterprise 8.5i </li></ul><ul><li>McAfee AntiSpyware Enterprise 8...
Application Load Time (seconds) <ul><li>McAfee VirusScan Enterprise 8.5i </li></ul><ul><li>McAfee AntiSpyware Enterprise 8...
Website Load Time (seconds) <ul><li>McAfee VirusScan Enterprise 8.5i </li></ul><ul><li>McAfee AntiSpyware Enterprise 8.5 <...
<ul><li>Utilizes a new delta creation process called X-Delta. </li></ul><ul><li>Typically delta creation takes seconds ins...
SEPM Performance MR3 vs. MR2 Significant reduction in  resource usage  during delta content creation Example shows a one m...
SEPM Performance MR3 (X-Delta) vs MR2 Significant  speed  improvement… Smaller  delta sizes  in certain cases… Symantec En...
Content Download Randomization <ul><li>Content download more virtualization friendly. </li></ul><ul><ul><li>Configurable o...
<ul><li>Control # days content is stored </li></ul><ul><li>Control amount of disk space used on client </li></ul><ul><li>C...
Granular Roles Administration <ul><li>Allows admin to have control over specific policies </li></ul><ul><ul><li>AntiVirus ...
<ul><li>More secure because we only enable the options we need.  </li></ul><ul><li>Previous website (IIS default) enabled ...
Symantec Endpoint Protection MR3 <ul><li>LiveUpdate in SEPM </li></ul><ul><ul><li>Automatic download of new releases to th...
MR3 Beta Customer <ul><li>“  Great news… I have created a Pilot group on the management server … We have heard great feedb...
The Tolly Group: Impact on Office Productivity
Productivity Impact <ul><li>Highlight Symantec’s strengths vs. McAfee </li></ul><ul><ul><li>Less impact on typical office ...
Productivity Impact Microsoft Office 2007/Vista File “Open” Times (Increase Over Unprotected System)   Source: The Tolly G...
Productivity Impact Microsoft Office 2007/Vista File “Save/Close” Times (Increase Over Unprotected System)   Source: The T...
Up selling Customers to SMP <ul><li>Symantec™ Multi-tier Protection 11.0 </li></ul><ul><ul><ul><li>Symantec Endpoint Prote...
& ANSWERS QUESTIONS
Upcoming SlideShare
Loading in …5
×

Symantec Endpoint Protection 11.0 Update and Review

1,809 views
1,706 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,809
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Time in seconds Test Scenario Boot time of Windows XP SP3 1 GHz 256 MB RAM Test System: IBM T23 ThinkPad Laptop This is responsible for our low-end system testing   CPU: 1.0 Ghz (Single Intel PIII) RAM: 256 MB HD: 80 Gb NIC: 100 Mbps
  • Time in seconds Test Scenario Boot time of Windows XP SP3 A) 256 MB RAM / 1GHZ B) 1 GB RAM / 1/86GHZ Dell Optiplex 745 Desktop This machine is our bread-and-butter work horse. All trend analysis testing has been ran and validated using this 745 model. Modify boot.ini to set only use single CPU and 512 MB Memory. CPU: 1.86 Ghz (Dual Intel Core) RAM: 2.0 GB HD: 300 Gb NIC: 1,000 Mbps
  • Time in seconds Test Scenario Launch outlook test to measure first time launch outlook time. Outlook measured with a 265GB .pst file from real production machine. This will be the overall user experience when accessing these emails by way of click-through-speed. This will not include email scanning and network bandwidth. Launch word test to measure first time launch doc file time. The doc file is 188KB. Dell Optiplex 745 Desktop This machine is our bread-and-butter work horse. All trend analysis testing has been ran and validated using this 745 model. Modify boot.ini to set only use single CPU and 512 MB Memory. CPU: 1.86 Ghz (Dual Intel Core) RAM: 2.0 GB HD: 300 Gb NIC: 1,000 Mbps
  • Time in seconds Test scenario   Configured IE main page is www.yahoo.com . Form system startup 5 minutes, launch IE. Wait IE load page done, record the time, restart system. Repeat 3 times. Dell Optiplex 745 Desktop This machine is our bread-and-butter work horse. All trend analysis testing has been ran and validated using this 745 model. Modify boot.ini to set only use single CPU and 512 MB Memory. CPU: 1.86 Ghz (Dual Intel Core) RAM: 2.0 GB HD: 300 Gb NIC: 1,000 Mbps
  • Time in seconds This graph shows total SEPM resource usage (so xdelta/mdef plus other SEPM processes). http://code.google.com/p/xdelta/ Utilises a new delta creation process called X-Delta. Typically delta creation takes seconds instead of minutes (as was the case with mdef25builder). Managed clients must be running MR3 also for this X-Delta process to work. mdef25builder is still present and utilised for all preMR3 managed clients.
  • GUP Deletion Setting Customer wants to specify both the age of the content removed in terms of days and also the maximum size available to GUP. This allows customers to specify that the GUP can use a maximum X MB. If we exceed that size limit, the data should be trimmed using a least-recently-used algorithm until we are back in compliance with the size specification. In addition, if the content is not requested in the last X days, it must be removed. Both the size based “X MB” and time based “X days” configurations must be specified by administrator via SEPM console. This feature provides a way to specify the Maximum number of simultaneous downloads that GUP proxy can provide. The GUP proxy will use up to the specified value for client threads each of which will be capable of handling content download with a SEP client. The GUP proxy is not required to create all the specified threads and may operate with fewer threads if they can handle the workload. If a SEP client is configured to be the GUP but it is talking to a pre-CZ SEPM, then the SEP client will not get the MasterClientThreadCount attribute in the LU policy settings. In that case, the SEP client will cause the GUP proxy to use a maximum of 10 threads by default.
  • Contact Carsten Hoffmann Created August 2008 Source http://score.corp.symantec.com/download/28646 Classification External The Tolly Group tested the performance impact of Symantec Endpoint Protection and McAfee Total Protection for Endpoint.   Tolly Group tests show that Microsoft Word was able to open a 5MB document in 2.7 seconds on a system with Symantec Endpoint Protection 11.0 installed, requiring only 0.20 seconds longer than the baseline system. On a system with McAfee Total Protection for Endpoint installed, the same operation took 4.2 seconds. Microsoft Word opened the file on the baseline OS in 2.5 seconds. Testing also included measuring the time to open a 20MB Microsoft Power Point document. On the base line system it took 3.8 seconds to open the 20MB presentation. Symantec added only 0.7 seconds to the operation. The system with McAfee installed took, 5.1 seconds to open the PowerPoint document, demonstrating that McAfee’s impact was 48% higher than Symantec’s
  • Contact Carsten Hoffmann Created August 2008 Source http://score.corp.symantec.com/download/28646 Classification External Tolly Group engineers measured the amount of time required to save and close a modified 5MB word file. The system with the Symantec client took only 1.2 seconds longer than the baseline system. The system with McAfee installed required 0.5 seconds longer than Symantec and 1.7 seconds longer than the baseline OS. This same test was conducted for a 20MB Microsoft Power Point document. Powerpoint saved the presentation in 10.7 seconds on a system protected by Symantec, compared to 11.3 seconds on a system protected by McAfee. The McAfee products added 1.9 seconds to this operation.
  • Unmatched protection for endpoints, multiplatform network environments and mail servers and gateways. Symantec™ Endpoint Protection Small Business Edition 11.0 Includes: Symantec Endpoint Protection 11.0 Symantec Mail Security for MS Exchange A simple and cost-effective solution designed to safeguard business assets through Symantec&apos;s trusted protection So to sum up our offerings – we introduced two new products today, and are offering them in a few different packages: Individual products: Symantec™ Endpoint Protection 11.0 Symantec™ Network Access Control 11.0 Symantec™ Network Access Control Starter Edition 11.0 Bundles / multi-product packages: Symantec™ Multi-tier Protection 11.0 Symantec™ Endpoint Protection Small Business Edition 11.0 We make it easy to buy and try to combine the things that make the most sense for what customers and partners want to acquire.
  • Symantec Endpoint Protection 11.0 Update and Review

    1. 1. Symantec Endpoint Protection 11.0 Update and Review Endpoint Security Group September 2008
    2. 2. Agenda NEW! Third Party SEP Research Results New features and improvements in SEP MR2/MR3 1 2 Upsell/Cross-sell Opportunities 3 Selling Tips and Resources 4 Q&A 5
    3. 3. Symantec Endpoint Protection MR2 <ul><li>Applications </li></ul><ul><ul><ul><li>Windows 2008 support (client) </li></ul></ul></ul><ul><ul><ul><li>Windows Vista SP1 support (client) </li></ul></ul></ul><ul><ul><ul><li>MSFT NAP Framework </li></ul></ul></ul><ul><ul><ul><li>Enhanced Device Control Support </li></ul></ul></ul><ul><li>Performance </li></ul><ul><ul><ul><li>Fixed port leaks </li></ul></ul></ul><ul><ul><ul><li>Optimized/fixed disk space utilization (LiveUpdate, database, AV Logs) </li></ul></ul></ul><ul><ul><ul><li>Reduced CPU utilization </li></ul></ul></ul><ul><ul><ul><li>Client communication speed improvement </li></ul></ul></ul><ul><li>Functionality/Usability </li></ul><ul><li>Stability </li></ul><ul><ul><li>Reduced the amount of crashes and errors that appear on the screen </li></ul></ul><ul><li>Communication and Connectivity </li></ul><ul><ul><li>Improved communication between SEPM and SEP client </li></ul></ul><ul><li>Resolved inconsistent scanning of files on SEP client </li></ul><ul><li>• Improvements to SEPM console home page include all charts displayed properly, all agents and agent status appear correctly </li></ul><ul><li>• Fixed site and agent replication issues </li></ul><ul><li>• Fixed ClientRemote Utility </li></ul><ul><li>• Optimized creation of group folders so that they can be created in a timely manner </li></ul><ul><li>• Optimized performance of Active Directory synchronization to avoid database deadlocks </li></ul><ul><li>• Minimized boot time on SEP client by optimizing Symantec processes during startup </li></ul><ul><li>• Device control enhancements that permit more specific granularity of choices i.e. Vendor Device ID </li></ul>
    4. 4. SEP 11.0 Maintenance Release 3 (MR3) enhancements
    5. 5. Symantec Endpoint Protection MR3 <ul><li>Improved Client Performance </li></ul><ul><ul><ul><li>Significant Boot Time improvement </li></ul></ul></ul><ul><ul><ul><li>Reduced Virtual Memory </li></ul></ul></ul><ul><ul><ul><li>Reduced Application Load time </li></ul></ul></ul><ul><li>Improved Management Server Performance </li></ul><ul><ul><ul><li>Reduction in resources with new delta creation process </li></ul></ul></ul><ul><ul><ul><li>Smaller incremental virus definitions </li></ul></ul></ul><ul><li>Improved Reporting Management </li></ul><ul><ul><li>Additional information added and easier to read </li></ul></ul><ul><li>IIS Custom website now utilized </li></ul><ul><ul><ul><li>More secure </li></ul></ul></ul><ul><ul><ul><li>Avoid Conflicts </li></ul></ul></ul><ul><li>Virtualization Support </li></ul><ul><ul><li>Randomize Client connections to SEPM for obtaining Content Updates </li></ul></ul><ul><li>Scalability Controls </li></ul><ul><ul><li>Group Update Provider modifications </li></ul></ul><ul><li>Other </li></ul><ul><ul><li>SNAC trialware now included! </li></ul></ul>
    6. 6. Boot Time <ul><li>Significant boot time impact improvement </li></ul><ul><ul><li>Utilize persistent cache of known good files between reboots </li></ul></ul><ul><ul><li>Delayed loading of definitions reduces memory usage by 60MB when not on-demand scanning </li></ul></ul><ul><ul><li>Reduced On Disk Footprint: 284MB </li></ul></ul><ul><ul><li>Less disk I/O </li></ul></ul><ul><ul><li>Reduced thread count </li></ul></ul>Comparisons based on Symantec internal tests on a test system of 1.0 Ghz CPU and 256MB RAM.
    7. 7. Competitive Boot Time (seconds) <ul><li>McAfee VirusScan Enterprise 8.5i </li></ul><ul><li>McAfee AntiSpyware Enterprise 8.5 </li></ul><ul><li>McAfee HIPS 7.0 </li></ul><ul><li>McAfee SiteAdvisor 1.5 </li></ul>Comparisons based on Symantec internal tests using competitive trialware for the products referenced above .
    8. 8. Application Load Time (seconds) <ul><li>McAfee VirusScan Enterprise 8.5i </li></ul><ul><li>McAfee AntiSpyware Enterprise 8.5 </li></ul><ul><li>McAfee HIPS 7.0 </li></ul><ul><li>McAfee SiteAdvisor 1.5 </li></ul>Comparisons based on Symantec internal tests using competitive trialware for the products referenced above on a test system of 1.0 Ghz CPU and 256MB RAM.
    9. 9. Website Load Time (seconds) <ul><li>McAfee VirusScan Enterprise 8.5i </li></ul><ul><li>McAfee AntiSpyware Enterprise 8.5 </li></ul><ul><li>McAfee HIPS 7.0 </li></ul><ul><li>McAfee SiteAdvisor 1.5 </li></ul>Comparisons based on Symantec internal tests using competitive trialware for the products referenced above on a test system of 1.0 Ghz CPU and 256MB RAM.
    10. 10. <ul><li>Utilizes a new delta creation process called X-Delta. </li></ul><ul><li>Typically delta creation takes seconds instead of minutes (as was the case with MR2 and previous). </li></ul><ul><li>Managed clients must be running MR3 also for this X-Delta process to work. </li></ul><ul><li>Previous process (mdef25builder )is still present and utilized for all preMR3 managed clients. </li></ul>Improved Management Server Performance Symantec Endpoint Protection 11.0 – MR3 and Beyond…
    11. 11. SEPM Performance MR3 vs. MR2 Significant reduction in resource usage during delta content creation Example shows a one month delta being created (in seconds) Symantec Endpoint Protection 11.0 – MR3 and Beyond…
    12. 12. SEPM Performance MR3 (X-Delta) vs MR2 Significant speed improvement… Smaller delta sizes in certain cases… Symantec Endpoint Protection 11.0 – MR3 and Beyond… Time in seconds
    13. 13. Content Download Randomization <ul><li>Content download more virtualization friendly. </li></ul><ul><ul><li>Configurable option to randomize when client will pull content from SEPM after it is available on the server. </li></ul></ul><ul><ul><li>Ensures less chance of heavy disk I/O due to the SEP client on different VMs loading new content at the same time. </li></ul></ul>Symantec Endpoint Protection 11.0 – MR3 and Beyond…
    14. 14. <ul><li>Control # days content is stored </li></ul><ul><li>Control amount of disk space used on client </li></ul><ul><li>Configure client to never bypass GUP </li></ul><ul><ul><li>Configure the hours and days clients will wait for GUP until the download directly from SEPM </li></ul></ul><ul><ul><li>Configure client to never bypass so that traffic is minimized </li></ul></ul><ul><li>Increased Scalability of client to GUP ratio </li></ul><ul><ul><li>Now officially supports up to 1000 clients </li></ul></ul><ul><ul><li>Configurable thread pool used to serve clients (10-1000) </li></ul></ul>GUP Enhancements Symantec Endpoint Protection 11.0 – MR3 and Beyond…
    15. 15. Granular Roles Administration <ul><li>Allows admin to have control over specific policies </li></ul><ul><ul><li>AntiVirus and AntiSpyware </li></ul></ul><ul><ul><li>Firewall </li></ul></ul><ul><ul><li>Intrusion Prevention </li></ul></ul><ul><ul><li>Application and Device Control </li></ul></ul><ul><ul><li>Centralized Exceptions </li></ul></ul><ul><ul><li>Host Integrity </li></ul></ul><ul><li>Policies not selected, will not appear in UI </li></ul><ul><li>All policies enabled by default </li></ul><ul><li>Policies filtered in Clients and Policy Library </li></ul>Symantec Endpoint Protection 11.0 – MR3 and Beyond…
    16. 16. <ul><li>More secure because we only enable the options we need.  </li></ul><ul><li>Previous website (IIS default) enabled many options, was more prone to vulnerability and attack. </li></ul><ul><li>Custom helps avoid conflicts with other apps or specific configuration which are used with the default website. </li></ul>IIS custom website now utilised by default Symantec Endpoint Protection 11.0 – MR3 and Beyond…
    17. 17. Symantec Endpoint Protection MR3 <ul><li>LiveUpdate in SEPM </li></ul><ul><ul><li>Automatic download of new releases to the SEPM console via LiveUpdate </li></ul></ul><ul><li>Virtualization Support </li></ul><ul><ul><li>Randomize Client connections to SEPM for obtaining Content Updates </li></ul></ul><ul><li>Scalability Controls </li></ul><ul><ul><li>Group Update Provide modifications </li></ul></ul><ul><li>Other </li></ul><ul><ul><li>SNAC SE trialware now available </li></ul></ul><ul><ul><li>And more!!! </li></ul></ul>
    18. 18. MR3 Beta Customer <ul><li>“ Great news… I have created a Pilot group on the management server … We have heard great feedback at this point. Pre MR3 reports of 30 minutes from startup to usability to presently not even noticing it is running at startup are good signs.. Additionally, sluggishness during full scans has dropped dramatically… I would like to pilot a larger group on the MR3 but for now, I am getting very positive feedback…” </li></ul><ul><li>US Financial Services company specializing in tax services </li></ul>
    19. 19. The Tolly Group: Impact on Office Productivity
    20. 20. Productivity Impact <ul><li>Highlight Symantec’s strengths vs. McAfee </li></ul><ul><ul><li>Less impact on typical office usage </li></ul></ul><ul><ul><li>Faster open and save time for Word and PowerPoint </li></ul></ul><ul><li>The Test </li></ul><ul><ul><li>Symantec Endpoint Protection11.0 vs. McAfee Total Protection for Endpoint bundle </li></ul></ul><ul><ul><li>Measure time to open and save 5MB Microsoft Word file </li></ul></ul><ul><ul><li>Measure time to open and save 20MB Microsoft PowerPoint file </li></ul></ul><ul><li>The Result </li></ul><ul><ul><li>Better Open and Save times when compared to McAfee </li></ul></ul>
    21. 21. Productivity Impact Microsoft Office 2007/Vista File “Open” Times (Increase Over Unprotected System) Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008)
    22. 22. Productivity Impact Microsoft Office 2007/Vista File “Save/Close” Times (Increase Over Unprotected System) Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008)
    23. 23. Up selling Customers to SMP <ul><li>Symantec™ Multi-tier Protection 11.0 </li></ul><ul><ul><ul><li>Symantec Endpoint Protection 11.0 </li></ul></ul></ul><ul><ul><ul><li>Symantec AntiVirus for Macintosh & Linux </li></ul></ul></ul><ul><ul><ul><li>Symantec Mail Security for Domino & MS Exchange </li></ul></ul></ul><ul><ul><ul><li>Symantec Mobile AntiVirus for Windows Mobile (NEW!) </li></ul></ul></ul><ul><ul><ul><li>SMS 8300 Software Subscription (AV & AS) (NEW!) </li></ul></ul></ul><ul><ul><ul><li>Premium Antispam (NEW!) </li></ul></ul></ul><ul><ul><li>Heterogeneous protection for larger organizations </li></ul></ul>
    24. 24. & ANSWERS QUESTIONS

    ×