Redefining Endpoint Security

4,316 views
4,031 views

Published on

Symantec redefines endpoint security

Published in: Technology
3 Comments
8 Likes
Statistics
Notes
No Downloads
Views
Total views
4,316
On SlideShare
0
From Embeds
0
Number of Embeds
64
Actions
Shares
0
Downloads
0
Comments
3
Likes
8
Embeds 0
No embeds

No notes for slide
  • My name is “xxxxxx”. Symantec is the leading provider of security, availability, and systems management for solutions protecting Windows environments. Symantec has made a major investment in providing incremental security technology to our customers by redefining our award winning antivirus solution and setting to stage to what endpoint security should be. (introduce other folks in the room, etc.)
  • Redefining Endpoint Security

    1. 1. Redefining Endpoint Security
    2. 2. Agenda Environment and Endpoint Challenges 1 Symantec Endpoint Protection 2 Symantec Network Access Control 4 Entitlement/Deployment/Migration 3 Available Now 5
    3. 3. Corporate Network is Continually Exposed Wireless Networks Web Applications Guests Consultants IPsec VPN Employees Working at Home WANs & Extranets SSL VPN Internet Kiosks & Shared Computers
    4. 4. Business Problems at the Endpoint Source: Internet Security Threat Report Vol. XIII; Mar 2008 Significant Increase in Malicious New Code Threats
    5. 5. Key Ingredients for Endpoint Protection Antivirus <ul><li>World’s leading AV solution </li></ul><ul><li>Most (40) consecutive VB100 Awards </li></ul>Virus Bulletin – October 2008 Viruses, Trojans, Worms AntiVirus Symantec PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS 40 0
    6. 6. Key Ingredients for Endpoint Protection Antivirus Antispyware Antispyware <ul><li>Best rootkit detection and removal </li></ul><ul><li>VxMS = superior rootkit protection </li></ul>Source: Thompson Cyber Security Labs, August 2006 Viruses, Trojans, Worms Spyware, Rootkits
    7. 7. Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Firewall <ul><li>Industry leading endpoint firewall technology </li></ul><ul><li>Gartner MQ “Leader” – 4 consecutive years </li></ul><ul><li>Rules based FW can dynamically adjust port settings to block threats from spreading </li></ul>Viruses, Trojans, Worms Spyware, Rootkits Worms, Spyware
    8. 8. Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Intrusion Prevention Intrusion Prevention <ul><li>Combines NIPS (network) and HIPS (host) </li></ul><ul><li>Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants </li></ul><ul><li>Granular application access control </li></ul><ul><li>TruScan TM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate </li></ul><ul><li>Detects 1,000 new threats/month - not detected by leading av engines </li></ul>Worms, Spyware Spyware, Rootkits Viruses, Trojans, Worms 0-day, Key Logging 25M Installations Fewer than 50 False Positives for every 1 MM PC’s
    9. 9. Intrusion Prevention System (IPS) Combined technologies offer best defense Intrusion Prevention (IPS) (N)IPS Network IPS (H)IPS Host IPS Deep packet inspection Attack-facing (Symantec sigs. via LiveUpdate, Custom sigs, SNORT-like) TruScan TM Behavior-based (Proactive Threat Scan technology) Generic Exploit Blocking Vulnerability-facing (Signatures for vulnerability) System Lockdown White listing (tightly control which applications can run)
    10. 10. TruScan TM - Proactive Threat Scan <ul><li>6 months testing with Norton consumer technology </li></ul><ul><li>Very low false positive rate (0.004%) </li></ul><ul><ul><ul><li>Fewer than 50 False Positives for every 1M computers </li></ul></ul></ul><ul><li>No set up or configuration required </li></ul>Detects 1,000 threats/month not detected by top 5 leading antivirus engines
    11. 11. Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Device and Application Control <ul><li>Prevents data leakage </li></ul><ul><li>Restrict Access to devices (USB keys, Back-up drives) </li></ul><ul><li>Whitelisting – allow only “trusted” applications to run </li></ul><ul><li>W32.SillyFDC </li></ul><ul><li>targets removable memory sticks </li></ul><ul><li>spreads by copying itself onto removable drives such as USB memory sticks </li></ul><ul><li>automatically runs when the device is next connected to a computer </li></ul>Spyware, Rootkits Viruses, Trojans, Worms Worms, Spyware Slurping, IP theft 0-day, Key Logging
    12. 12. Key Ingredient for Endpoint Compliance Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Network Access Control <ul><li>Comes ready for Network Access Control – add on </li></ul><ul><li>Agent is included, no extra agent deployment </li></ul><ul><li>Simply license SNAC Enforcement </li></ul>
    13. 13. Next Generation Symantec AntiVirus Results: Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Single Agent, Single Console Managed by Symantec Endpoint Protection Manager Reduced Cost, Complexity & Risk Exposure Increased Protection, Control & Manageability Symantec Network Access Control 11.0 Symantec Endpoint Protection 11.0
    14. 14. Next Generation Management Comprehensive Reporting <ul><li>50+ canned reports </li></ul><ul><li>Customizable Dashboard </li></ul><ul><li>Monitors </li></ul>
    15. 15. What analysts are saying Gartner Magic Quadrant Endpoint Protection Platforms, 12/2007 Organizations should consider Symantec Endpoint Protection if they ….. are looking for a more complete protection platform that supports the selection of multiple styles of protection from an extensible agent framework and managed from a single console.
    16. 16. Productivity Impact: Open Word and PowerPoint Faster with Symantec Microsoft Office 2007/Vista File “Open” Times (Increase Over Unprotected System) Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008) Symantec 100% Faster Symantec 800% Faster
    17. 17. Complement Security with Management Altiris Client Management Suite <ul><li>Policy-based software delivery </li></ul><ul><li>Application Management </li></ul><ul><li>Software Virtualization </li></ul><ul><li>Patch Management </li></ul><ul><li>Backup and Recovery </li></ul><ul><li>Application Usage </li></ul><ul><li>Remote Control </li></ul>Altiris Software Delivery Suite <ul><li>Apply Patches </li></ul><ul><li>Ensure software is installed and stays installed </li></ul><ul><li>Report machines not connecting </li></ul><ul><li>Identify missing hard-drives </li></ul>Symantec Endpoint Protection Integrated Component <ul><li>Streamline migrations </li></ul><ul><li>Initiate scans or agent health tasks </li></ul><ul><li>Dashboards integrate security and operational information </li></ul>
    18. 18. Is Endpoint Protection Enough Protection? Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention Employee Laptop Internet Through Firewall Non-Employee Laptop VPN Home System Don’t Know Other 43% 39% 34% 27% 8% 8% “ What Are The Most Common Sources Of Automated Internet Worm Attacks ?”
    19. 19. Challenge: Access to Corporate Networks Corporate Network Open access to corporate networks means higher risk for infection Partners Consultants Auditors Home PC Hotel Business Center Partners Consultants
    20. 20. Solution: Network Access Control <ul><li>Checks adherence to endpoint security policies </li></ul><ul><ul><li> Antivirus installed and current? </li></ul></ul><ul><ul><li> Firewall installed and running? </li></ul></ul><ul><ul><li> Required patches and service packs? </li></ul></ul><ul><ul><li> Required configuration? </li></ul></ul><ul><li>Fixes configuration problems </li></ul><ul><li>Controls guest access </li></ul>Enforce Monitor Remediate Network Access Control helps prevent malware from spreading throughout the network NAC is process that creates a much more secure network Discover
    21. 21. Network Access Control (continued) <ul><li>Restricts access to your network by creating a closed system </li></ul><ul><li>Offers automatic endpoint remediation before access is granted </li></ul><ul><li>Checks adherence to endpoint security policies even when connected to network </li></ul>Corporate Network Employees Non-employees Managed Unmanaged On-site Remote
    22. 22. Symantec Network Access Control 3 Key Components 1. Central Management Console 2. Endpoint Evaluation Technology 3. Enforcer
    23. 23. 1. Central Management Console <ul><li>Policy Management </li></ul><ul><li>Web-based GUI </li></ul><ul><li>Enterprise class/scale </li></ul><ul><li>Role-based access </li></ul><ul><li>Hierarchical views </li></ul><ul><li>Integration with Active Directory </li></ul>Symantec Endpoint Protection Manager Same Management Console used for Symantec Endpoint Protection 11.0
    24. 24. 2. Endpoint Evaluation Technologies Symantec Endpoint Protection 11.0 agent is SNAC ready Dissolvable Agents ‘ Unmanaged’ Endpoints Better Remote Scanner ‘ Unmanagable’ Endpoints Good Persistent Agents ‘ Managed’ Endpoints Best
    25. 25. 3. Enforcers Symantec LAN Enforcer-802.1X Symantec DHCP Enforcer Symantec Gateway Enforcer Symantec Self-Enforcement Host-based Network-based (optional) Best Better Good
    26. 26. How SNAC is Packaged Central Management Console Endpoint Evaluation Technology Endpoint Evaluation Technology Symantec Endpoint Protection Manager Persistent Agent (SNAC Agent) Dissolvable Agent (On-Demand Agent) Remote Vulnerability Scanner Self - Enforcement Gateway Enforcement DHCP Enforcement LAN (802.1x) Enforcement       *   *  Add On Add On Add On Add On  * Symantec Network Access Control v 11.0 Symantec Network Access Control Starter Edition v 11.0 * Required purchase of an enforcer appliance
    27. 27. Symantec NAC Self-Enforcement: How It Works Onsite or Remote Laptop Symantec Endpoint Protection Manager Remediation Resources Persistent Agent Protected Network Quarantine Client connects to network and validates policy Persistent Agent performs self-compliance checks Compliance fail: Apply “Quarantine” firewall policy Compliance pass: Apply “Office” firewall policy Host Integrity Rule Status Anti-Virus On  Anti-Virus Updated  Personal Firewall On  Service Pack Updated  Patch Updated  Patch Updated 
    28. 28. Where Endpoint Security Fits Satellite office Corporate Network Home office Coffee House File Server Web Server CD USB Server Endpoint Protection Endpoint Encryption Advanced Server Protection Mobile Security Network Access Control Partners Symantec TM Endpoint Protection Symantec TM Endpoint Encryption Symantec TM Critical System Protection Symantec TM Mobile Security Symantec TM Network Access Control Home PC Mobile Device Mobile office
    29. 29. Available Today <ul><li>Customers with valid maintenance will automatically receive an email notification from which they can easily download the software </li></ul><ul><li>Download software by directly visiting Symantec’s electronic software distribution website (“FileConnect”- serial number required) </li></ul><ul><ul><li>http:// www.symantec.com/downloads/fileconnect/index.jsp </li></ul></ul><ul><li>Visit Symantec’s Licensing Portal that delivers multi-function capabilities in one easy-to-navigate portal (serial and/or account number required) </li></ul><ul><ul><li>http:// www.symantec.com/enterprise/licensing/index.jsp?src = symsug_us </li></ul></ul>
    30. 30. Symantec™ Global Intelligence Network > 7,000 Managed Security Devices + 120 Million Systems Worldwide + 2Million Probe Network + Advanced Honeypot Network 4 Symantec SOCs 80 Symantec Monitored Countries 40,000+ Registered Sensors in 180+ Countries 11 Symantec Security Response Centers Austin, TX Chengdu, China Chennai, India * Source: virusbtn.org; ** Source: Symantec Reading, England Alexandria, VA Sydney, Australia Mountain View, CA Culver City, CA Calgary, Canada San Francisco, CA Dublin, Ireland Pune, India Taipei, Taiwan Tokyo, Japan <ul><li>Received 40 consecutive Virus Bulletin 100% Certification awards* </li></ul><ul><li>TruScan TM technology catches 1,000 more threats per month than other AV vendors** </li></ul>
    31. 31. Thank You! Copyright © 2007 Symantec Corporation. All rights reserved.  Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.

    ×