My name is “xxxxxx”. Symantec is the leading provider of security, availability, and systems management for solutions protecting Windows environments. Symantec has made a major investment in providing incremental security technology to our customers by redefining our award winning antivirus solution and setting to stage to what endpoint security should be. (introduce other folks in the room, etc.)
Let’s quickly walk through our agenda. Today, I will briefly highlight the increasingly complex environment in which we do all business. We will then dive into specific security and corporate risk challenges followed by a deep dive into Symantec’s next generation security solution.
Costs Increasing Complexity is increasing Management Significant Increase in Malicious New Code Threats In the last six months of 2007, Symantec detected 499,811 new malicious code threats. This significant increase in new code threats is a critical reason why you need proactive based technologies ******** Describe Zero Day threats Time line from original vulnerability announced “V” to 12 mos later when the exploit was created “E”; then AV companies wrote signature and then the customer had to deploy. We got really good at shortening the time between when the exploit was created and when our signatures were published. Then the bad guys got smart and started to create exploits within about 6-7 days; we knew that we needed new technology to help here. We created Generic Exploit Blocking (GEB) (this is a part of SCS today) which creates a generic signature for a particular vulnerability so as new variants come out we are already protected. What about vulnerabilities which are not announced. Then zero day solutions came about – you need security looking for suspicious activity. Unusual behavior. This is when we know we had to buy Whole Security (Confidence Online) who services protect based on behavioral characteristics. Ie Word is sending 100k emails. This is not normal behavior. The trade off here is the noise you don’t want a lot of messages Is this ok, is this ok. Have to manage the false positives Zero Day Process 1. Vulnerability Discovered 2. Some time later – Exploit released. The clock starts ticking 3. AV vendors write sig 4. hackers get smart and release code closer and closer to the Vuln Disc date 5. We get better with GEB = > Closer Available in SCS 6. Sometimes 0-day Exploit found in the wild for a vulnerability never seen before Symantec recognized that we need additional technologies that are more proactive in nature and that we need more than AV.
So what are we doing about it? Well, we determined that we needed to build a better mousetrap, and that we had the best ingredients to make it happen in a single solution. We started with the world’s leading antivirus solution. Our track record speaks for itself – 38 consecutive Virus Bulletin 100% certifications – and as of June 2008, 38 consecutive passes. No other vendor has this track record of success. Kaspersky failed in June 2008 What is VB100 Pass: Detected all &quot;In the Wild viruses&quot; in comparative tests (with no false positives) Fail: Missed detection after three attempts — : Chose not to submit for testing Trend, Sophos, McAFee failed this test in April 2008 on Vista SP1 Trend, Sophos and Kaspesrky failed this test in Dec 2007 McAfee has failed 9 times over the same time frame In addition, we have won many awards as noted on the right side here, consistently.
As for spyware, one of the best things that came out of the Veritas merger was that we gained access to incredibly fast and effective scanning technology from the Backup side of the business – this technology, is already in our Consumer line of products, and catches the most Rootkits – more than any other vendor. Take a look at Microsoft in this chart – once touted as the “best” anti-spyware, the “Giant” software they acquired and subsequently included in Vista (and XP SP2), has proved ineffective at catching Rootkits. Further detail: Rootkit detection – integrated Veritas technology so we best at detecting and removing rootkits we can scan at a deeper level. 1. Installed without user’s knowledge 2. Gains admin or system-level privileges 3. Hides from detection / buries deep within the operating system 4. Used as a method to circumvent existing security tools and/or measures (optional point)
Another great thing was acquiring Sygate in October of 2005. Gartner has raved about their managed firewall capability for 4 consecutive years. Not only is it effective technology, but it is extremely light and streamlined, so we based our next-generation architecture on it. The rules-based firewall is a dynamic solution, adjusting to protect the network from threats as they attempt to spread.
When we looked at Intrusion Prevention, we realized that we needed to combine layers for IPS to be truly effective. In Symantec Client Security, we introduced Generic Exploit Blocking – an innovative way to protect against variants and polymorphism, with a single “vulnerability-based” signature. But what we realized was that we need to address Zero-day attacks in a truly “signature-less” fashion. Around the same time we acquired Sygate, we also acquired a small company called Whole Security. Their technology is heuristic based, and fine-tunes itself to reduce false positives that heuristics are prone to. We introduced this in the Consumer products, and the success has been overwhelming – as illustrated in the slide. Further detail: Symantec TruScan Technology, which unlike all other heuristic-based technologies, scores both good and bad behaviors of unknown applications. The unique algorithms of this proprietary technology provides more accurate detection without the need to set-up rule-based configurations or the worries of false positives. Based on an installed base of over 25 million users, our behavior-based technology has proven to be extremely accurate and effective. We have found that since its deployment, this proactive technology has detected approximately 1,000 new threats per month that were not yet detected by any of the leading antivirus engines. Moreover, it does this with an incredibly low false positive rate of only .00491% (less than 50 for every 1 Million users).
Yet another benefit of the Sygate acquisition was that we gained the ability to protect from attacks and data leakage that occurs through the use (or abuse) of I/O devices such as USB memory keys, media players, etc. One recent example of an attack using this method was “W32.SillyFDC” which used a USB key as the means to deposit a Trojan horse onto a system. With our technology, you can determine which of these devices have write access to the system, and even what data can be written to the I/O device. We do it by Device Class ID, offering many possibilities on how to create different policies based on device type.
Most IT professionals are familiar with or considering Network Access Control (or NAC) in their environment. With Sygate, we gained the industry’s most flexible NAC solution. We fit into the customer’s environment, we don’t force the customer to change around us. With the most enforcement options available, we have managed to carve out a great spot for us in the market here, in fact winning several awards in addition to some very large customer accounts. (NAC – ensures that the endpoint is in compliance before it is allowed to connect to the network. Works for employee, contractors and guests. We have very flexible implementation options)
Symantec 5 years of strategic planning Multi million dollars investment in R&D Multiple company acquired Putting together best of breed technology and redefining what AntiVirus protection should be and evolving with threat landscape. End of life Symantec Antivirus and Client Security No price increase Providing great opportunities to you and providing value to your customers
And we’ve now made the management server enterprise-grade, with those features required to support enterprises, like replication, fail over, and load-balancing Comprehensive Reporting Sample reports built and customizable Now integrated with Active Directory! Risk reports Infected and at Risk Computers Risk Detection Action Summary Risk Detection Count New Risks Detected in the Network Top Risk Detections Correlation Risk Distribution Summary Risk Distribution Over Time Comprehensive Risk Report Proactive Threat Detection Results Proactive Threat Distribution Proactive Threat Detection Over Time Action Summary for Top 10 Risks Number of Notifications Weekly Outbreaks Audit Policies Used Behavioral Blocking – Top 10 Groups with Most Alerted Behavioral Logs Top 10 Targeted Blocks Top 10 Devices Blocked Compliance Network Compliance Status Compliance Status Clients by Compliance Failure Summary Compliance Failure Details Non-compliant Clients by Connection Type Computer Status Virus Definition Distribution Computers not Checked in to Server Symantec Endpoint Security Product Versions Intrusion Prevention Signature Distribution Clients by Memory, Processor, and OS Compliance Status Client Online Status Clients with Latest Policy Client Hardware information by Group Security Status Summary Proactive Protection Content Versions
So to sum up our offerings – we introduced two new products today, and are offering them in a few different packages: Individual products: Symantec™ Endpoint Protection 11.0 Symantec™ Network Access Control 11.0 Symantec™ Network Access Control Starter Edition 11.0 Bundles / multi-product packages: Symantec™ Multi-tier Protection 11.0 Symantec™ Endpoint Protection Small Business Edition 11.0 We make it easy to buy and try to combine the things that make the most sense for what customers and partners want to acquire.
Show you the challenges around access to Corporate netowrks today I will talk about Who accesses networks and how they are accessed today. Multiple Dimensions: Managed vs Unmanaged, Corporate Employees vs. non-corporate employees, onsite vs remote. Who: How: Where:
What it is, high level view of how it works, Key functions of NAC, why it it is important How does this endpoint compliance process work? [Build Discover] The first step in this process is for the access point to discover the device attempting access. [Build Enforce] From there, the solution can apply an integrity check to determine if the endpoint is compliant with current security policy. [Build Remediate] If out of policy, the system can be quarantined, remediated or given federated access to the LAN. [Build Monitor] Of course, it is also important to have ongoing checks to ensure that, if a security event occurs, that the system can be discovered/remediated at a subsequent time. These steps ensure compliance on contact, but also the ability to have an ongoing connection to that endpoint. Crear Discover] El primer paso en este proceso es el punto de acceso para intentar descubrir el dispositivo de acceso. [Crear Aplicar] A partir de ahí, la solución puede solicitar una comprobación de integridad a fin de determinar si el punto final es compatible con la actual política de seguridad. [Crear remediar] Si fuera de la política, el sistema puede estar en cuarentena, dado federados o remediadas acceso a la LAN. [Crear monitor] Por supuesto, también es importante tener en curso para garantizar que, si se produce un caso de seguridad, que el sistema puede ser descubierto / remediado en un momento posterior. Garantizar el cumplimiento de estos pasos en el contacto, sino también la capacidad de tener una conexión permanente a la final.
Control access and set policies based on whether it is an employee or non-employee A device that is managed by your IT team or an unmanaged device ( likely a contractor or partner) If the connection is made on-site vs remote Control de acceso y establecer políticas basadas en si es un empleado o no empleado Un dispositivo que está gestionado por el equipo de TI o un dispositivo de manejo (probablemente un contratista o socio) Si la conexión se realiza en el sitio remoto vs
Política de Gestión GUI basada en Web Empresa de clase / escala Acceso basado en roles Jerárquico visitas Integración con Active Directory
Symantec offers 3 types of endpoint evaluation technologies. Persistent agents are the strongest option and can be used on managed endpoints Dissolvable agents are the next best option an can be used on unmanaged endpoints The remote scanner can be used for endpoints where an agent cannot be installed.
Self-enforcement is our host-based enforcer option . This is a great option for SEP 11.0 customers that want to control ‘managed’ devices meaning devices that are procured and managed by the organizations. A side benefit of self-enforcement is that this allows administrators to control access to any network, on or off the corporate network, or devices such as laptops that routinely move between multiple networks. Gateway Typically install Gateway Enforcer at a chokepoint – like a VPN gateway or a router; in-line enforcement on any network DHCP – universal approach Endpoint only allowed to interact with Quarantine/Remediation server until Compliance is achieved; non compliant endpoints are left in quarantine address space Enforcer assigns a ‘quarantined’ IP address; requests compliance & policy data Enforcer validates policy & checks compliance status Enforcer initiates DHCP release & renew on client Client allowed access to production network LAN Enforcer – 802.1x For customers who have deployed 802.1x secure authentication technology for LAN and wireless networks Unique transparent mode provides robust NAC with minimal deployment overhead Only 802.1x-capable switch infrastructure is required Username/password is not part of admission decision: only the compliance status of the endpoint is considered The Enforcement options can be used in combination so if you have deployed 802.1x at one facility but not at another you can manage both solutions from the same management console. Auto-ejecución es nuestro basado en host enforcer opción. Esta es una gran opción para los clientes que 11,0 SEP desea controlar 'gestionado' el sentido de dispositivos que los dispositivos son adquiridos y administrados por las organizaciones. Una ventaja de la libre es que esta aplicación permite a los administradores controlar el acceso a cualquier red, dentro o fuera de la red corporativa, o dispositivos tales como ordenadores portátiles que habitualmente se mueven entre múltiples redes. Pasarela Normalmente instalar en una puerta de enlace Enforcer chokepoint - como una puerta de enlace VPN o un router, y en línea la aplicación en cualquier red ? DHCP - enfoque universal Punto final sólo puede interactuar con Cuarentena / servidor hasta el cumplimiento de la remediación se logra, no cumple criterios de valoración se dejan en cuarentena el espacio de direcciones Enforcer asigna una 'cuarentena' la dirección IP, y el cumplimiento de las solicitudes de datos sobre políticas Enforcer y valida la política de control de cumplimiento Enforcer inicia liberación DHCP y renovar el cliente Cliente permite el acceso a la red de producción LAN Enforcer - 802.1x Para los clientes que han desplegado la tecnología 802.1x para la autenticación segura LAN y redes inalámbricas Único modo transparente proporciona sólidas NAC con un mínimo de gastos generales de despliegue Sólo 802.1x con capacidad de infraestructura se requiere cambiar Nombre de usuario / contraseña no es parte de la admisión de decisión: sólo la situación de cumplimiento de la variable se considera Opciones de la aplicación se puede utilizar en combinación por lo que si han desplegado 802.1x en una instalación a otra, pero no puede gestionar ambas soluciones de la misma consola de gestión.
Speaker Notes: The primary message for the launch – one agent, one backup, one console. Backup Exec 12.5 introduces new, comprehensive data protection for both VMware Virtual Infrastructure and Microsoft Hyper-V environments. Backup Exec 12.5 eliminates the need for customers to maintain a disparate set of data protection tools for both physical and virtual environments—a key value proposition for customers trying to reduce complexity in their environments. In addition, unlike backup solutions designed for pure virtual environments, Backup Exec 12.5 supports backing up virtual machines to disk, tape, and the “cloud” via SPN Online Storage [North America only]. The Agent for VMware Virtual Infrastructure and Agent for Microsoft Virtual Servers (which includes Hyper-V) automatically discover and back up unlimited guest machines per physical host environment. The per-physical-host licensing model is designed for Backup Exec’s high-velocity channel model—making it easier for partners and customers to do business with Symantec. It eliminates the complexity of traditional licensing models tiered by number of “sockets” or “guest machines”. Backup Exec’s new virtual server agents allow both granular recover of files and folders as well as entire virtual machines via a single-pass backup. Single-pass backups eliminate the need for multiple backups of the same data for different recovery granularities. This reduces the impact of the backup process on production data and the footprint of the backup on storage resources. Additional Notes: Virtual machines protected by either AVVI and AMVS will be “crash consistent” (which guarantees the consistency of the file systems), but not “application” consistent (which guarantees that the databases and associated metafiles for applications like Exchange, SQL Server, and SharePoint are consistent). Application consistent backups still require the installation of the appropriate Backup Exec Agent in the Guest OS—note that no competitor can do any better. This is a limitation of both the VCB framework and the lack of a data protection framework for Hyper-V/MSVS. Granular recovery of files and folders inside Guest OSs require the installation of the Agent for Windows Servers (AWS) be installed in the Guest OS. AWS is only required as a mechanism to channel the recovered files and/or folders to the Guest OS file system. AWS is not required for backup to get granular recovery. AVVI uses VMWare VCB to do Off-Host backup of virtual machines. AMVS has no such capability. Virtual machines are backed up directly from production. Recovery of both VMware and Hyper-V virtual machines can only occur over the network—no SAN-based recovery is possible.
With the introduction of two new virtual agents for VMware and Hyper-V, customers now have an easy to manage, single point of control for their virtual server environment. Backup Exec integrates with VMware Virtual Center, allowing a great degree of control over the management of data protection in virtual environments and provides automatic detection and views of the entire virtual infrastructure. If you have a single ESX host environment or Hyper-V environment, no matter how many guests or how much memory you have on this machine, we have a single price and you can protect unlimited guest machines with the hardware and resources you have been given – this has changed the landscape for the virtual business. We leverage VMware Consolidated Backup (VCB) technology and Microsoft VSS technology to reduce the time and challenge it takes administrators to configure a backup job- now a single backup job of the host environment can be easily configured and run through Backup Exec and provides granular recovery of files and folders or entire guest machines in seconds, previously this set-up process required hours of scripting and an expertise in virtual instructors. As you can see, granular recovery is just a click away…. Additional background for speaker: Virtual Server Backup and Recovery Challenges prior to BE 12.5: Administrators and companies who have not had the experience of recovering a Guest virtual machines using basic backup and recovery tools will face several limitations recovering their data with these older backup tools designed only for physical systems including; Having to install a backup agent inside of each Guest virtual machine or on the ESX server directly – now solved with BE 12.5 Recovery of a single file typically requires a long restore of the entire Guest virtual machine – now solved with BE 12.5 Separate backups for system level vs. individual file level recovery – now solved with BE 12.5 Taking Guest virtual machines off-line during backup in order to protect them completely – now solved with BE12.5 Ensuring applications running inside of the Guest virtual machines can be recovered- now solved with BE 12.5 Having to use separate backup products for physical vs. virtual machines – now solved with BE 12.5
….from a single backup, administrators can go into guest OS and recover individual guest machines, so businesses can quickly recovery from a small-scale IT disaster in seconds or….
…recovery to a granular file or folder all from the same single pass backup – overall ensuring a business can quickly recover from a data corruption or a threatening virus to keep their business up and running. It’s that easy!
Speaker Notes: Backup Exec System Recovery has offered capability to quickly convert physical systems to virtual environments for several years now. This latest release enables immediate system recovery to virtual systems by allowing IT administrators to schedule physical to virtual conversions. Through an easy to use, virtual conversion wizard, an IT administrator can schedule P2V conversions to occur monthly, daily, weekly even hourly if desired so that in the event of a failure, you have a virtual system ready to go. In addition to dramatically reducing system downtime, this reduces management time and set-up for IT organizations as well. Also new to this release is support for the latest virtual environments including VMware ESX 3.5, Microsoft Hyper-V and Citrix XenServer 4.x (when using VMDK or VHD file types). When you add this functionality to the off-site copy capability that we introduced with version 8 of Backup Exec System Recovery this really helps organizations address their disaster recovery needs. If someone wants a high availability solution without investing in a lot of clustering or replication software that are outside their budget scope and knowledge reach, Backup Exec System Recovery technology is a great way to copy these images to other locations, convert them on a schedule, and if the original server goes down those images can be brought up immediately for high availability purposes.
Speaker Notes: First to market Microsoft certified data protection for Windows Server 2008 released back in Feb. Now BE/BESR will support and be certified for Windows Small Business Server 2008 and Windows Essential Business Server 2008. (EBS is a collection of up to 3 – 4 servers- targeted for 50-250employees, for customers who have outgrown the Small Business Server- targeted at 5-50 employees) These are turnkey packages/appliances, Microsoft takes general purpose server hardware and preinstalls management, security and messaging software to help small and midsize customers get up and running quicker and easier. Backup Exec and Backup Exec System Recovery come in two versions to support the Windows platform- Windows Server and Windows Small Business Server (standard and premium) editions. We are not offering an EBS specific version of BE/BESR- EBS will be supported by the standard Windows Server Editions of both products. Plus as we just highlighted, Backup Exec and Backup Exec System Recovery will provide first to market support for Hyper-V and will not require any type of scripting or any complicated practices for customers to protect their new virtual server infrastructure. Overall BE/BESR insures from day-one that your Windows environment can quickly recover from data corruption, human error or IT disasters in minutes!
Ensure support is attached to every Every Backup Exec sale. Not only does it provide customers with reliable support vs paying per incident which typically starts at $250 per hour per incident but it also provides customers with FREE product upgrades for the life of their support contract. Backup Exec on average releases a new version with significant new feature advantages at least once a year. Essential Support can easily Return it’s investment within the year!! The support plan you choose can have a significant impact on your experience with your Symantec technology investment. Symantec offers a range of plans to help customers address their unique needs: Basic Maintenance – was designed for customers who only desire support during business hours. Product upgrades and patches are included in this offering, which is the lowest price option available from Symantec. Essential Support – is for customers who require 24x7x365 access to technical experts. Response times are significantly faster than Basic Maintenance (goal of 30 minutes vs. 1 hour for severity one incidents). This is the most purchased offering available from Symantec and the recommended minimum for Symantec products. We recommend 24x7 support because our technology is typically in continuous operation. In addition, many heavy jobs (scanning, backup, archiving, etc.) are often scheduled to run in the middle of the night. And finally, hackers don’t keep business hours and may attempt an attack on your defenses at any time of the day. Business Critical Services – is Symantec’s premiere support offering and was designed for customers who want the highest levels of response and the fasted access to deep technical expertise. BCS features personalized support delivered by a single point of contact who gets to know your unique operational set up and requirements. BCS also offers proactive notifications, account planning, and options for fly-to-site visits. Flexible coverage options are available at the level of a single product family, multiple products within a data center, or on a global or national basis.
Prueba de Presentacion
Redefining Endpoint Security Entrenamiento Interno: Seguridad y Disponibilidad
Business Problems at the Endpoint <ul><li>Endpoint management costs are increasing </li></ul><ul><ul><li>Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise </li></ul></ul><ul><ul><li>Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources </li></ul></ul><ul><li>Complexity is increasing as well </li></ul><ul><ul><li>Complexity and resources needed to manage disparate endpoint protection technologies are inefficient and time consuming </li></ul></ul>Source: Internet Security Threat Report Vol. XIII; Mar 2008 <ul><li>Growing number of known and unknown threats </li></ul><ul><ul><li>Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more </li></ul></ul>Significant Increase in Malicious New Code Threats
Key Ingredients for Endpoint Protection Antivirus <ul><li>World’s leading AV solution </li></ul><ul><li>Most (38) consecutive VB100 Awards </li></ul>Virus Bulletin – June 2008 Viruses, Trojans, Worms AntiVirus
Key Ingredients for Endpoint Protection Antivirus Antispyware Antispyware <ul><li>Best rootkit detection and removal </li></ul><ul><li>VxMS = superior rootkit protection </li></ul>Source: Thompson Cyber Security Labs, August 2006 Viruses, Trojans, Worms Spyware, Rootkits
Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Firewall <ul><li>Industry leading endpoint firewall technology </li></ul><ul><li>Gartner MQ “Leader” – 4 consecutive years </li></ul><ul><li>Rules based FW can dynamically adjust port settings to block threats from spreading </li></ul>Viruses, Trojans, Worms Spyware, Rootkits Worms, Spyware
Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Intrusion Prevention Intrusion Prevention <ul><li>Combines NIPS (network) and HIPS (host) </li></ul><ul><li>Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants </li></ul><ul><li>Granular application access control </li></ul><ul><li>TruScan TM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate </li></ul><ul><li>Detects 1,000 new threats/month - not detected by leading av engines </li></ul>Worms, Spyware Spyware, Rootkits Viruses, Trojans, Worms 0-day, Key Logging 25M Installations Fewer than 50 False Positives for every 1 MM PC’s
Exploit Timeline Vulnerability Announcement 0 Day 6-7 Days Vulnerability Exploit Virus Signature ~3 Hours Later <24 Hours Number of Variants Blocked Single GEB Signature Threat 814 MS RPC DCOM BO Blaster 426 MS_RPC_NETDDE_BO [email_address] 394 MS LSASS BO Sasser 250 RPC_NETAPI32_BO W97M.Invert.B 121 NetBIOS MS NO (TCP) W32.Gaobot.AAY <ul><li>Generic Exploit Blocking </li></ul><ul><li>Vulnerability-Based Signature </li></ul><ul><ul><li>Based on vulnerabilities’ characteristics </li></ul></ul><ul><li>TruScan TM </li></ul><ul><li>Proactive Threat Scan technology </li></ul><ul><ul><li>Behavior Analysis </li></ul></ul>
Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Device and Application Control <ul><li>Prevents data leakage </li></ul><ul><li>Restrict Access to devices (USB keys, Back-up drives) </li></ul><ul><li>Whitelisting – allow only “trusted” applications to run </li></ul><ul><li>W32.SillyFDC </li></ul><ul><li>targets removable memory sticks </li></ul><ul><li>spreads by copying itself onto removable drives such as USB memory sticks </li></ul><ul><li>automatically runs when the device is next connected to a computer </li></ul>Spyware, Rootkits Viruses, Trojans, Worms Worms, Spyware Slurping, IP theft 0-day, Key Logging
Key Ingredient for Endpoint Compliance Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Network Access Control <ul><li>Comes ready for Network Access Control – add on </li></ul><ul><li>Agent is included, no extra agent deployment </li></ul><ul><li>Simply license SNAC Enforcement </li></ul>
Next Generation Symantec AntiVirus Results: Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Single Agent, Single Console Managed by Symantec Endpoint Protection Manager Reduced Cost, Complexity & Risk Exposure Increased Protection, Control & Manageability Symantec Network Access Control 11.0 Symantec Endpoint Protection 11.0
Entitlement Summary If Customer Owns (any): They Get:
Endpoint Bundles/ Multi-Product Packages <ul><li>Symantec™ Multi-tier Protection 11.0 </li></ul><ul><ul><li>Safeguards enterprise assets and lowers risk by providing unmatched protection against threats for multiplatform network environments, mobile devices, mail servers and SMTP gateways </li></ul></ul><ul><ul><li>Includes: </li></ul></ul><ul><ul><ul><li>Symantec Endpoint Protection 11.0 </li></ul></ul></ul><ul><ul><ul><li>Symantec AntiVirus for Macintosh & Linux </li></ul></ul></ul><ul><ul><ul><li>Symantec Mail Security for Domino & MS Exchange </li></ul></ul></ul><ul><ul><ul><li>Symantec Mobile AntiVirus for Windows Mobile (NEW!) </li></ul></ul></ul><ul><ul><ul><li>SMS 8300 Software Subscription (AV & AS) (NEW!) </li></ul></ul></ul><ul><ul><ul><li>Premium Antispam (NEW!) </li></ul></ul></ul><ul><li>Symantec™ Multi-tier Protection Small Business Edition 11.0 </li></ul><ul><ul><li>A simple and cost-effective solution designed to safeguard business assets through Symantec's trusted protection </li></ul></ul><ul><ul><li>Includes: </li></ul></ul><ul><ul><ul><li>Symantec Endpoint Protection 11.0 </li></ul></ul></ul><ul><ul><ul><li>Symantec Mail Security for MS Exchange </li></ul></ul></ul><ul><ul><ul><li>Symantec AntiVirus for Macintosh 10.2 (NEW!) </li></ul></ul></ul><ul><ul><ul><li>Premium Antispam (NEW!) </li></ul></ul></ul>
Challenge: Access to Corporate Networks Corporate Network Open access to corporate networks means higher risk for infection Partners Consultants Auditors Home PC Hotel Business Center Partners Consultants
Solution: Network Access Control <ul><li>Checks adherence to endpoint security policies </li></ul><ul><ul><li> Antivirus installed and current? </li></ul></ul><ul><ul><li> Firewall installed and running? </li></ul></ul><ul><ul><li> Required patches and service packs? </li></ul></ul><ul><ul><li> Required configuration? </li></ul></ul><ul><li>Fixes configuration problems </li></ul><ul><li>Controls guest access </li></ul>Enforce Monitor Remediate Network Access Control helps prevent malware from spreading throughout the network NAC is process that creates a much more secure network Discover
Network Access Control (continued) <ul><li>Restricts access to your network by creating a closed system </li></ul><ul><li>Offers automatic endpoint remediation before access is granted </li></ul><ul><li>Checks adherence to endpoint security policies even when connected to network </li></ul>Corporate Network Employees Non-employees Managed Unmanaged On-site Remote
Symantec Network Access Control 3 Key Components 1. Central Management Console 2. Endpoint Evaluation Technology 3. Enforcer
1. Central Management Console <ul><li>Policy Management </li></ul><ul><li>Web-based GUI </li></ul><ul><li>Enterprise class/scale </li></ul><ul><li>Role-based access </li></ul><ul><li>Hierarchical views </li></ul><ul><li>Integration with Active Directory </li></ul>Symantec Endpoint Protection Manager Same Management Console used for Symantec Endpoint Protection 11.0
3. Enforcers Symantec LAN Enforcer-802.1X Symantec DHCP Enforcer Symantec Gateway Enforcer Symantec Self-Enforcement Host-based Network-based (optional) Best Better Good
How SNAC is Packaged Central Management Console Endpoint Evaluation Technology Endpoint Evaluation Technology Symantec Endpoint Protection Manager Persistent Agent (SNAC Agent) Dissolvable Agent (On-Demand Agent) Remote Vulnerability Scanner Self - Enforcement Gateway Enforcement DHCP Enforcement LAN (802.1x) Enforcement * * Add On Add On Add On Add On * Symantec Network Access Control v 11.0 Symantec Network Access Control Starter Edition v 11.0 * Required purchase of an enforcer appliance
Symantec NAC Self-Enforcement: How It Works Onsite or Remote Laptop Symantec Endpoint Protection Manager Remediation Resources Persistent Agent Protected Network Quarantine Client connects to network and validates policy Persistent Agent performs self-compliance checks Compliance fail: Apply “Quarantine” firewall policy Compliance pass: Apply “Office” firewall policy Host Integrity Rule Status Anti-Virus On Anti-Virus Updated Personal Firewall On Service Pack Updated Patch Updated Patch Updated
Backup Exec 12.5: NEW Comprehensive Data Protection for VMware and Hyper-V Systems <ul><ul><li>Reduce Cost and Management of Multiple Products - complete data protection for physical and virtual server environments from a single console </li></ul></ul><ul><ul><li>Reduce Complexity – automatically discover and backup of unlimited guest machines to disk or tape with a single agent </li></ul></ul><ul><ul><li>Reduce Recovery Time - granular file-level and image-level recovery with a single backup </li></ul></ul>Backup Exec 12.5 & Backup Exec System Recovery 8.5 Exchange 2007 VMware ESX Server or Microsoft Hyper-V Backup Exec 12.5 Media Server
Backup Exec 12.5: NEW Comprehensive Data Protection for VMware and Hyper-V Systems Backup Exec 12.5 & Backup Exec System Recovery 8.5 Efficient Backup of VMware and Hyper-V Virtual Server Environments Comprehensive Backup
Backup Exec 12.5: NEW Comprehensive Data Protection for VMware and Hyper-V Systems Backup Exec 12.5 & Backup Exec System Recovery 8.5 Easily restore an entire guest machine… Fast Recovery
Backup Exec 12.5: NEW Comprehensive Data Protection for VMware and Hyper-V Systems … and granular files or folders from a single image-level backup Fast Recovery Backup Exec 12.5 & Backup Exec System Recovery 8.5
Backup Exec System Recovery 8.5: NEW Immediate System Recovery to Virtual Servers <ul><ul><li>Dramatically Reduce System Downtime - Scheduled physical to virtual conversions enable immediate system recovery </li></ul></ul><ul><ul><li>Reduce Management Time and Set-up - Easy-to-use, virtual conversion wizard </li></ul></ul><ul><ul><li>Supports the Latest Virtual Environments - VMware ESX 3.5, Microsoft Hyper-V, and Citrix XenServer 4.x </li></ul></ul>Backup Exec 12.5 & Backup Exec System Recovery 8.5 VMware ESX Server Physical System with Backup Exec System Recovery 8.5 Citrix XenServer 4.x Microsoft Hyper-V
Backup Exec Family: NEW Market Leading Windows Data and System Protection Backup Exec 12.5 & Backup Exec System Recovery 8.5 Microsoft Windows Server 2008 Windows Small Business Server 2008 Windows Essential Business Server 2008 Microsoft Hyper-V SQL Server 2008 First to Market Protection for the Complete Microsoft Windows Server 2008 Portfolio Complete Windows recovery from data corruption, human error or IT disasters in minutes!
Backup Exec 12.5 Pricing Backup Exec 12.5 & Backup Exec System Recovery 8.5 Core Products MSRP Licensed Backup Exec for Windows Servers Also supports Windows Essential Business Server 2008 Includes: Continuous Protection Server, Advanced Open File and Intelligent Disaster Recovery Functionality $995 Per Media Server Backup Exec for Windows Small Business Servers Standard *Supports all Backup Exec Agents and Options except Central Administration Server Option (CASO) & Shared Storage Option (SSO) $595 Per SBS Standard Server Backup Exec for Windows Small Business Servers Premium *Supports all Backup Exec Agents and Options except Central Administration Server Option (CASO) & Shared Storage Option (SSO) **Includes an additional Agent for Windows Systems $795 Per SBS Premium Server
Database & Groupware Agents Pricing Backup Exec 12.5 & Backup Exec System Recovery 8.5 Agents MSRP Licensed Agent for Microsoft Exchange $995 Per Exchange Server Agent for Microsoft SQL $995 Per SQL Server Agent for Microsoft SharePoint Server $995 Per SharePoint Server Agent for DB2 on Windows Servers $995 Per DB2 Server Agent for Oracle Windows and Linux Servers $995 Per Oracle Server Agent for Lotus Domino Server $995 Per Lotus Domino Server Agent for Oracle RAC $3195 Per Oracle RAC Server Agent for SAP Applications $3195 Per SAP Server Agent for Enterprise Vault $1595 Per Enterprise Vault Server
Backup Exec System Recovery 8.5 Backup Exec 12.5 & Backup Exec System Recovery 8.5 Backup Exec System Recovery 8.5 MSRP USD Licensed Backup Exec System Recovery Server Edition $1,095 Per Server Backup Exec System Recovery Small Business Server Edition (includes Granular Restore Option) $695 Per Server Backup Exec System Recovery Desktop Edition $69 Per Workstation Backup Exec System Recovery Manager $1,495 Centralized Backup Exec System Recovery Granular Restore Option $995 Per Server Backup Exec System Recovery Starter Kit ( Includes 5 Server Edition licenses, 1 Manager, and 1 Granular Restore Option – saving of 25% !!) $5,995 Per Description
Increase Revenue and Customer Success with the Right Support Plan Attach Support to Every Backup Exec Sale Backup Exec 12.5 & Backup Exec System Recovery 8.5 <ul><li>For customers who require 24x7x365 access to technical experts </li></ul><ul><li>FREE Product Upgrades </li></ul><ul><li>Faster response times than Basic Maintenance </li></ul><ul><li>Most purchased offering </li></ul><ul><li>23% of MSRP </li></ul><ul><li>Recommended minimum for Symantec products: </li></ul><ul><ul><li>Many jobs run in the middle of the night </li></ul></ul><ul><ul><li>Hackers don’t keep business hours </li></ul></ul>Essential Support <ul><li>Support during business hours </li></ul><ul><li>Includes FREE Product Upgrades </li></ul><ul><li>Lowest price option </li></ul><ul><li>18% of MSRP </li></ul>Basic Maintenance