SYMANTEC ENDPOINT PROTECTION Administration Introduction


Published on

Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, Windows and Mac computers, and servers in your network against malware.
Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your computers against known and unknown threats.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Symantec Endpoint Protection protects against malware such as viruses, worms, Trojan horses, spyware, and adware. It provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates. Providing low maintenance and high power, Symantec Endpoint Protection communicates over your network to automatically safeguard for both physical systems and virtual systems against attacks.
  • Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.
  • Virus and Spyware Protection detects new threats earlier and more accurately using not just signature-based and behavioral-based solutions, but other technologies as well. Symantec Insight provides faster and more accurate malware detection to find the new and the unknown threats that other approaches miss. Insight identifies new and zero-day threats by using the collective wisdom of millions of systems in hundreds of countries.Bloodhound uses heuristics to detect known and unknown threats.Auto-Protect scans files from a signature list as they are read from or written to the client computer.
  • The firewall allows or blocks network traffic based on the various criteria that the administrator sets. If the administrator permits it, end users can also configure firewall policies. The Intrusion Prevention System (IPS) analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer. Intrusion prevention also monitors outbound traffic and prevents the spread of worms.
  • The rules-based firewall engine blocks malicious threats before they can harm the computer. The IPS scans network traffic and files for indications of intrusions or attempted intrusions.Browser Intrusion Prevention scans for the attacks that are directed at browser vulnerabilities.Universal download protection monitors all downloads from browsers and validates that the downloads are not malware.
  • Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions. Zero-day attacks may be used in targeted attacks and in the propagation of malicious code. SONAR provides real-time behavioral protection by monitoring processes and threats as they execute. Application and Device Control monitors and controls the behavior of applications on client computers and manages the hardware devices that access client computers.
  • Symantec Endpoint Protection Manager system requirementsComponent RequirementsProcessor■ 32-bit processor: 1-GHz Intel Pentium III or equivalent minimum(Intel Pentium 4 or equivalent recommended)■ 64-bit processor: 2-GHz Pentium 4 with x86-64 support orequivalent minimumNote: Intel Itanium IA-64 processors are not supported.Physical RAM1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bitoperating systems, or higher if required by the operating systemHard drive 4 GB ormore free space; plus 4 GB for the locally installed database.Display 1024 x 768Operating system■ Windows XP (32-bit, SP2 or later; 64-bit, all SPs; all editions exceptHome)■ Windows 7 (32-bit, 64-bit;RTMand SP1; all editions except Home)■ Windows 8 (32-bit, 64-bit)■ Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)■ Windows Server 2008 (32-bit, 64-bit, R2, RTM, SP1 and SP2)■ Windows Server 2012■ Windows Small Business Server 2003 (32-bit)■ Windows Small Business Server 2008 (64-bit)■ Windows Small Business Server 2011 (64-bit)■ Windows Essential Business Server 2008 (64-bit)Browser■ Microsoft Internet Explorer 7, 8, 9, 10■ Mozilla Firefox■ Google Chrome
  • Processor■ 32-bit processor for Windows: 1-GHz Intel Pentium III orequivalent minimum (Intel Pentium 4 or equivalentrecommended)■ 32-bit processor for Mac: Intel Core Solo, Intel Core Duo. PowerPCprocessors are not supported.■ 64-bit processor for Windows: 2-GHz Pentium 4 with x86-64support or equivalent minimum. Itanium processors are notsupported.■ 64-bit processor for Mac: Intel Core 2 Duo, Intel Quad-Core XeonPhysical RAMWindows: 512MBofRAM(1GBrecommended), or higher if requiredby the operating systemMac: 1 GB of RAM for 10.6; 2 GB for 10.7 and 10.8Hard driveWindows: 850 MB of available hard disk space for the installation;additional space is required for content and logsNote: Space requirements are based on NTFS file systems.Mac: 500 MB of available hard disk space for the installationDisplay 800 x 600
  • SYMANTEC ENDPOINT PROTECTION Administration Introduction

    3. 3. INTRODUCTION TO SYMANTEC ENDPOINT PROTECTION Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, Windows and Mac computers, and servers in your network against malware. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your computers against known and unknown threats. 3
    4. 4. TYPES OF PROTECTION Virus and Spyware Protection Network Threat Protection Proactive Threat Protection 4
    5. 5. VIRUS AND SPYWARE PROTECTION Virus and Spyware Protection protects computers from viruses and security risks, and in many cases can repair their side effects. The protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans. 5
    7. 7. NETWORK THREAT PROTECTION Network Threat Protection provides a firewall and an intrusion prevention system to prevent intrusion attacks and malicious content from reaching the computer that runs the client software. 7
    8. 8. NETWORK THREAT PROTECTION Internet Company Networks 8
    9. 9. PROACTIVE THREAT PROTECTION Proactive Threat Protection uses SONAR to protect against zero-day attack vulnerabilities in your network. Zero-day attack vulnerabilities are the new vulnerabilities that are not yet publicly known. 9
    10. 10. THREAT LANDSCAPE IS EVOLVING Percentage of Top 50 Malicious Code 10
    11. 11. THREAT LANDSCAPE IS EVOLVING Number of Zero Day threats 11
    12. 12. CAUSES OF SENSITIVE DATA LOSS Cause of Data Losses by Number of Events Internet Threats, Attacks and Hacks Violations of Policies User Errors 0% 10% 20% 30% 40% 50% “Taking Action to Protect Sensitive Data”, Feb. 2007 12
    13. 13. ADDRESSING IT RISKS & ENABLING IT PERFORMANCE Interactions Manage IT Risk Information Maximize IT Performance Infrastructure 13 13
    15. 15. SYMANTEC ENDPOINT PROTECTION IN A NUTSHELL • AntiVirus Restricts access to registry, files, folders, and processes Behavior-based Intrusion prevention (Whole Security) • Network traffic inspection adds vulnerability-based protection Industry’s best managed desktop firewall • Adaptive policies lead the pack for location awareness • Sygate and Symantec Client Security Best anti-spyware, leading the pack in rootkit detection and removal • Includes VxMS scanning technology (Veritas) • Antispyware • • Firewall Device control to prevent data leakage at the endpoint (Sygate) • Intrusion Prevention Adds endpoint compliance to endpoint protection • Device and Application Control • • Network Access Control Includes a NAC agent to ensure each endpoint is “NACready” (Sygate) The World’s leading anti-virus solution • More consecutive Virus Bulletin certifications (31) than any vendor 15
    16. 16. INGREDIENTS FOR ENDPOINT PROTECTION AntiVirus • World’s leading AV solution • Most (32) consecutive VB100 Awards AntiVirus 16
    17. 17. INGREDIENTS FOR ENDPOINT PROTECTION Antispyware • Best rootkit detection and removal • Raw Disk Scan for superior Rootkit protection Antispyware AntiVirus Source: Thompson Cyber Security Labs, August 2006 17
    18. 18. INGREDIENTS FOR ENDPOINT PROTECTION Firewall • Industry leading endpoint firewall technology • Gartner MQ “Leader” – 4 consecutive years • Rules based FW can dynamically adjust port settings to block threats from spreading Firewall Antispyware AntiVirus 18
    19. 19. INGREDIENTS FOR ENDPOINT PROTECTION Intrusion Prevention • Most Comprehensive IPS capabilities in the industry • Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants Intrusion Prevention • Proactive Threat Scan – Firewall Detects 1,000 threats/month not detected by top 4 leading antivirus engines Antispyware • Very low false positive rate (0.004%) • Only 40 FP for every 1M computers Antivirus • No set up or configuration required 19 19
    20. 20. INTRUSION PREVENTION SYSTEM (IPS) COMBINED TECHNOLOGIES OFFER BEST DEFENSE Intrusion Prevention (IPS) (N)IPS Network IPS (H)IPS Host IPS Generic Exploit Blocking Vulnerability-based (Sigs for vulnerability) Deep packet inspection Signature–based (Can create custom sigs, SNORT-like) Proactive Threat Scan Application Control Behavior-based (Whole Security) Rules-based (System lockdown by controlling an application’s ability to read, write, execute and network connections) =Services Opportunity 20
    21. 21. INGREDIENTS FOR ENDPOINT PROTECTION Device Control • Prevents data leakage Device Control • Restrict Access to devices (USB keys, Backup drives) • W32.SillyFDC (May 2007) Intrusion Prevention Firewall Antispyware AntiVirus =Services Opportunity 21
    22. 22. INGREDIENT FOR ENDPOINT COMPLIANCE Network Access Control Network Access Control • Network access control – ready Device Control • Agent is included, no extra agent deployment • Simply license SNAC Server Intrusion Prevention Firewall Antispyware AntiVirus 22
    23. 23. SYMANTEC NETWORK ACCESS CONTROL Ensures endpoints are protected and compliant prior to accessing network resources 1. Reduce IT costs & greater network availability 2. Increased control over unmanaged and managed endpoints 3. Maximize investment of security technologies 23
    24. 24. INTRODUCING: SINGLE AGENT, SINGLE CONSOLE Network Access Control Results: Device Control Increased Protection, Control & Manageability Intrusion Prevention Firewall Reduced Cost, Complexity & Risk Exposure Antispyware Symantec Endpoint Protection 12.0 Symantec Network Access Control 11.0 AntiVirus 24 24
    25. 25. HOW DO WE LOWER COST, COMPLEXITY AND RISK? Cost  Lowered system resource demands, smaller footprint  Single product, license, support program  Operational efficiency Product Baseline Memory Usage Symantec AntiVirus Corporate Edition 62 MB Complexity Symantec Client Security 129 MB  Fewer consoles and agents allows standardization of technologies  Improved UI suits any size organization Symantec AntiVirus + Symantec Sygate Enterprise Protection 72 MB McAfee Total Protection SMB 71 MB Trend Micro OfficeScan Client Server 50 MB Risk  Includes behavior-based IPS to protect against unknown attacks  Device control helps protect against data loss and intellectual property theft Symantec Endpoint Protection 12.0 21 MB! ???? Average of 84% reduction in memory usage requirements 25 25
    26. 26. SYMANTEC ANTIVIRUS EXTENDED LICENSING Symantec Endpoint Protection Symantec Endpoint Protection Small Business Edition Symantec Multi-tier Protection Antivirus X X X Antispyware X X X Desktop Firewall X X X Intrusion Prevention X X X Device Control X X X X X MS Exchange MS Exchange/Domino/SMTP Gateway Mail Security Antivirus for Mac and Linux X 26
    27. 27. SNAC PACKAGING Enforcement Type Agent Type Endpoint Gateway DHCP (Uses SEP Desktop Firewall) (Appliance) (Appliance/Plug-in) (Appliance) LAN-802.1x Client (Persistent) On-Demand (Dissolvable) Agentless (Scanner) Symantec Network Access Control v11.0 PPP P P P P Symantec Network Access Control Starter Edition V 11.0 PP P 27
    28. 28. COMPONENTS OF SYMANTEC ENDPOINT PROTECTION Symantec Endpoint Protection Manager Database Symantec Protection Center (optional) LiveUpdate Administrator (optional) Central Quarantine (optional) Symantec Endpoint Protection client 28