Upload
andre-willes
View
223
Download
1
Embed Size (px)
Citation preview
1
Symantec Endpoint Protection 12.1
Unrivaled Security. Blazing Performance.
Built for Virtual Environments.
May 2011
2
Disclaimer
“This information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.”
2
Social Networksand socially
engineered attacks
Virtualization had become the
rule
IncreasedCost of
Incidents
Targeted &Rapidly Mutating
Attacks
Symantec Endpoint ProtectionDriven by Key IT Security Trends
Symantec Endpoint Protection 12.1
Jan, 2007 - 250,000 viruses
Dec, 2010 – over 288 million
4Symantec Endpoint Protection 12.1
Malware Authors Have Switched Tactics
5
From:
A mass distribution – one worm hits millions of PCs Storm made its way onto millions
of machines across the globe
To:
A micro distribution model. Hacked web site builds a trojan
for each visitor The average Harakit variant is
distributed to 1.6 users!
75% of malware is “rapidly mutating”
Symantec Endpoint Protection 12.1
Only malware mutates
If we track every file on the internet . . .
New or mutated files will stick out
How often has this file been downloaded?
Where is it from?
Have other users reported infections?
Is the source associated with infections?
How will this file behave if executed?
How old is the file?
How many people are using it?
Is the source associated with SPAM?
Is the source associated with many new files?
Does the file look similar to malware?
Is the file associated with files that are linked to infections?
Who created it?
Does it have a security rating?
Is it signed?
What rights are required?
Who owns it?
Insight spots rapidly changing & mutated files
What does it do?
How new is this program?
How many copies of this file exist?
Have other users reported infections?
6
Which lead us to think . . .
Symantec Endpoint Protection 12.1
2
Prevalence
Age
Source
Behavior
3
4
Look for associations
Check the DB during scans
Rate nearly every file on the internet
5 Provide actionable data
1 Build a collection network
Associations
Is it new?Bad reputation?
175 million
PCs
2.5 billion files
How Symantec™ Insight Works
Symantec Endpoint Protection 12.1
Symantec Endpoint Protection Family
• Ideal for less than 100 users
•Maintain your own infrastructure
•All data stored on premise
Small Business Edition
•Scales from hundreds to thousands of users
•Powerful central management
• Ideal for virtual environments
Symantec Endpoint
Protection
•Hosted management•Monthly subscription•No need to manage hardware
Endpoint Protection.Cloud
8Symantec Endpoint Protection 12.1
Great Performance
Powerful Protection
Antivirus
Antispyware
Firewall
IntrusionPrevention
Fastest, Most Effective, Simple
9
Symantec Endpoint Protection SBE
Symantec Endpoint Protection 12.1
Reduced Cost, Complexity &
Risk Exposure
Increased Protection, Control &
Manageability
Antivirus
Antispyware
Firewall
IntrusionPrevention
Device and ApplicationControl
Network AccessControl
Single Agent, Single Console
10
Built for Virtualization
Version12.1
Symantec Endpoint Protection
Symantec Network Access Control
Symantec Endpoint Protection
Symantec Endpoint Protection 12.1
• Up to 70% reduction in scan overhead
• Smarter Updates• Faster Management
What’s New
• Powered by Insight • Real Time Behavior
Monitoring with SONAR
• Tested and optimized for virtual environments
• Higher VM densities
11
Unrivaled Security
Built for Virtual Environments (SEP
only)
Blazing Performance
Symantec Endpoint Protection 12.1
The Security Stack – for 32 & 64 bit systems
12
Network IPS & Browser
Protect & FW
Insight Lookup
Heuristics & Signature Scan
Real time behavioral
SONAR
IPS & Browser Protection• Firewall• Network & Host IPS• Monitors vulnerabilities• Monitors traffic• Looks for system
changes
Stops stealth installs and drive by downloadsFocuses on the vulnerabilities, not the exploitImproved firewall supports IPv6, enforces policies
Symantec Endpoint Protection 12.1
Insight – Provides Context
13
Network IPS & Browser Protect
Insight
Heuristics & Signature Scan
Real time behavioral
SONAR
InsightReputation on 2.5 Billion
filesAdding 31 million per
week
Identifies new and mutating filesFeeds reputation to our other security enginesOnly system of its kind
Symantec Endpoint Protection 12.1
File Scanning
14
Network IPS & Browser Protect
Insight
Real time behavioral
SONAR
File ScanningCloud and Local Signatures
New, Improved update mechanism
Most accurate heuristics on the planet.Uses Insight to prevent false positives
Heuristics & Signature Scan
Symantec Endpoint Protection 12.1
SONAR – Completes the Protection Stack
15
Network IPS & Browser Protect
Insight Lookup
File Based Protection –
Sigs/Heuristics
Real time behavioral
SONAR
SONAR• Monitors processes and
threads as they execute• Rates behaviors• Feeds Insight
Only hybrid behavioral-reputation engine on the planetMonitors 400 different application behaviorsSelective sandbox (ex Adobe)
Symantec Endpoint Protection 12.1
16
16
Insight - Optimized ScanningSkips any file we are sure is good,leading to much faster scan times
Traditional ScanningHas to scan every file
On a typical system, 70% of active applications can be skipped!
Faster Scans
Symantec Endpoint Protection 12.1
Detected 25% more threats than any other vendor tested.
Detected 6x as many threats as Microsoft. Kasp
ersky
McAfee
Microso
ft
Sophos
Syman
tec
Trend M
icro
0
20
40
60
80
100
Removed more threats than any other vendor tested including 36% more than
McAfee more than 4x the number as Trend Micro.0
20
40
60
80
100
120
Scanned faster, used less memory and outperformed all products in its class
Scanned 3.5x as fast as McAfee and used 66% less memory than Microsoft
Syman
tec
Kaspers
ky
Trend M
icro
Averag
e
McAfee
Sophos
Microso
ft 0.0
40.0
80.0
120.0
160.0
The Results are In: Symantec Endpoint Protection:
17
Symantec Endpoint Protection 12.1
Policies based on Risk
Only software with at least 10,000 users over 2 months old.
Finance Dept
Can install medium-reputation software
with at least 100 other users.
Help Desk
No restrictions but machines must
comply with access control policies.
Developers
18
Symantec Endpoint Protection 12.1
Built for Virtual Environments
Built for Virtual Environments
20
• Optimized for VMware, Citrix and Microsoft virtual environments
• Easy to manage physical and virtual clients
• Maximizes performance and density without sacrificing security
• Best in class performance and security
Hypervisor
Scan Cache
Symantec Endpoint Protection 12.1
Virtual Insight FeaturesVirtual Image Exception• U
sed on cloned images
• Excludes all files
• Reduces scan impact
Shared Insight Cache• C
lients share scan results
• Scan files once
• Leverages Insight
Virtual Client Tagging• I
dentifies hypervisor
• Set group specific policy
• Search for virtual clients
Resource Leveling• U
sed for all virtual systems
• Reduce overlap of events
• Scans and def updates
Enhances Management and
Reduces Scan Impact by ~90%
21
Symantec Endpoint Protection 12.1
IT Analytics - Symantec Endpoint Protection
• Ad-hoc Data Mining – Pivot Tables– Data from multiple Symantec Endpoint Protection
Servers
– Break down by virus occurrences, computer details, history of virus definition distribution . . .
• Charts, Reports and Trend Analysis– Alert & risk categorization trends over time
– Monitor trends of threats & infections detected by scans
• Dashboards– Overview of clients by version
– Summary of threat categorization and action taken for a period of time
– Summary of Virus and IPS signature distribution
22
Symantec Endpoint Protection 12.1
23
SEP ReportingTactical View of frontline endpoint defenses. Current view of events and the state of SEP clients.
IT AnalyticsStrategic View over time of endpoint defenses. Trend analysis and data mining via a consolidated view of multiple Endpoint Protection Managers.
Symantec Protection Center 2.0Single sign on management as well as cross-product reporting and dashboards of Symantec Endpoint Protection, Messaging Gateway, SNAC, PGP Universal Server.
Symantec Endpoint Protection 12.1
The Symantec Endpoint Protection Family
24
Feature SEP SBE 12.1 SEP.Cloud SEP 12.1
Seats 5-99 seats 5-99 seats 100+ seatsAntivirus/Antispyware • • •Desktop Firewall • • •Intrusion Detection/Prevention • • •Insight / SONAR • • •Protection for Mac OS X • • •Protection for Linux •Device and Application Control •Network Access Control Self-Enforcement ready •
Symantec Hosted Infrastructure •Built for Virtual Environments •
Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12
Powered by Insight
25
Unrivaled SecurityBlazing Performance
Built for Virtual Environments
26
Symantec Endpoint Protection 12.1
27Symantec Endpoint Protection 12.1 27
Appendix: Symantec Network Access Control 12.1
Symantec Network Access Control
28
• Checks adherence to endpoint security policies Antivirus installed and current?
Firewall installed and running?
Required patches and service packs?
Required configuration?
• Fixes configuration problems• Controls guest access
Network Access Control puts you in control of what attaches to your netwok
NAC is process that creates a much
more secure network
Symantec Endpoint Protection 12.1
What to Control with Each Phase
29
Phase 3 Network
Lockdown(complete)
Phase 2 Network
Lockdown(partial)
Phase 1Endpoint
Lockdown
Company-owned laptops & desktops
UnmanagedEndpoints
ManagedEndpoints
Self-Enforced with the SEP client
Ingress Control• Wireless, VPN, Key
subnets• Use Enforcer
Complete Access Control
for LAN & remote endpoints
Complete Access for remote & LAN
Guests
N/AIngress Control• Wireless, VPN, Key
subnets• Use Enforcer
Symantec Endpoint Protection 12.1
What Type of Enforcement to Usewith Each Phase
30
Phase 3 Network
Lockdown(complete)
Phase 2 Network
Lockdown(partial)
Phase 1Endpoint
Lockdown
UnmanagedEndpoints
ManagedEndpoints
Self-Enforcement Gateway Enforcement LAN (802.1X), DHCP Enforcement
N/AGateway
EnforcementLAN (802.1X), DHCP, Gateway
Enforcement
Start with SEP Enforcement then move to network-based enforcement
Symantec Endpoint Protection 12.1
Symantec Network Access Control 3 Key Components
SEP Management Console (SEPM)
Endpoint Client (SEP)
Enforcer Appliance
31
Symantec Endpoint Protection 12.1
2. Endpoint Evaluation Technologies
Symantec Endpoint Protection 12.1 clientis SNAC ready
Dissolvable Agents‘Unmanaged’ Endpoints
Remote Scanner‘Unmanagable’ Endpoints
Persistent Agents‘Managed’ Endpoints
Best
32
Symantec Endpoint Protection 12.1
Better
Good
3. Enforcers
Symantec LAN Enforcer-802.1X
Symantec DHCP Enforcer
Symantec Gateway Enforcer
Symantec Self-Enforcement
Hos
t-ba
sed
Net
wor
k-ba
sed
(opt
iona
l)
33
Symantec Endpoint Protection 12.1
Best
Better
Good
How SNAC is Packaged
Central Management Console
Endpoint Evaluation Technology
Endpoint Evaluation Technology
Symantec Endpoint Protection Manager
Persistent Agent (SNAC Agent)
Dissolvable Agent (On-Demand Agent)
Remote Vulnerability Scanner
Self - Enforcement
Gateway Enforcement
DHCP Enforcement
LAN (802.1x) Enforcement
*
*
Add On
Add On
Add On
Add On
*
SymantecNetworkAccess Controlv 12.1
SymantecNetworkAccess Control
Starter Editionv 12.1
* Requires purchase of an enforcer appliance
34
Symantec Endpoint Protection 12.1
Global ExpertiseMore researchers
Comprehensive data sourcesMore virus samples analyzedExtensive customer support
In-depth AnalysisSignatures: AV,AS,IPS,GEB,
SPAM, White listsDeepSight Database
IT Policies and Controls Rigorous False Positive Testing
Automated UpdatesFast & Accurate
Variety of Distribution MethodsRelevant Information
Relevancy
Accuracy
Protection
ResponseCenters
Users
Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection
Symantec Endpoint Protection 12.1 35
Global ExpertiseMore researchers
Comprehensive data sourcesMore virus samples analyzedExtensive customer support
In-depth AnalysisSignatures: AV,AS,IPS,GEB,
SPAM, White listsDeepSight Database
IT Policies and Controls Rigorous False Positive Testing
Automated UpdatesFast & Accurate
Variety of Distribution MethodsRelevant Information
Relevancy
Accuracy
Protection
ResponseCenters
Users
Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection
Symantec Endpoint Protection 12.1 36
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
37
Symantec Endpoint Protection 12.1