1 / 35

Because IT begins at the endpoint.

Symantec Endpoint Security. Because IT begins at the endpoint. Tony Brockman Technical Product Marketing Manager October 10, 2006. Enterprise Security Strategy Security Foundation Strategic Direction Questions. Today's Discussion Topics. 1. 2. 3. 4. A Common Scenario These Days….

byrnea
Download Presentation

Because IT begins at the endpoint.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symantec Endpoint Security Because IT begins at the endpoint. Tony Brockman Technical Product Marketing Manager October 10, 2006

  2. Enterprise Security Strategy Security Foundation Strategic Direction Questions Today's Discussion Topics 1 2 3 4

  3. A Common Scenario These Days… • The CISO… And Often Their Staff, ask: “Well I Know You Guys Bought A Bunch Of Companies… And Then I Saw You Got Out The Appliance Business… And Haven’t You Done A Merger ? So, What’s Going On ?”

  4. Symantec Company Strategy – Protection Protecting Interactions Protecting Information Protecting Infrastructure

  5. Enterprise Security – Focus On Protection Of Information Protecting Interactions Protecting Information Protecting Infrastructure

  6. Protecting Information – From What ? • External Threats Such As Viruses, Spyware & Crimeware • Exploiting System Vulnerabilities • Internal Threats Such As Data Theft • Exploit Lack Of Supervision For Corporate Information Flow • Non-Compliance With Policy Or Regulation (SOX, FISMA) • Lack Of Adequate Controls Or Evidence Collection

  7. Information Security Security Foundation Security Foundation & Information Security • Provides A Real Time Defense Against Malicious Activity Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

  8. Security Management Information Security ! i Security Foundation Analysis, Audit & Compliance Policy Management Vulnerability Management Information Management Event & Log Management Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

  9. Security Foundation

  10. Protection From External Malicious Threats • Protection Starts At The Corporate Endpoint • Broad Range Of Client Devices : Laptop, Desktop, Cell Phone • Broad Range Of Threats : Virus, Worms, SpyWare … CrimeWare Crimeware SpyWare Worm Virus SymbianDevice LaptopPC DesktopPC WindowsSmartphone

  11. Silent Noisy & Visible OLD NEW Highly Targeted Indiscriminate Few, Named Variants Overwhelming Variants As Threat Landscape Changes, Technology Must as Well From Hackers & Spies… To Thieves Moving from Disrupting Operations To Damaging Trust and Reputations

  12. Office&PSTs KeyStrokes Thieves Want To Steal Information DeviceBlocking SymbianDevice LaptopPC DesktopPC WindowsSmartphone Anti-Fraud

  13. Crimeware SpyWare Worm Virus Symantec Client Security – Complete Endpoint Protection • Unified Agent • Single Agent Footprint For Each Device • Unified Administration • Single Point Of Control For Policy, Events & Reporting SymbianDevice LaptopPC DesktopPC WindowsSmartphone

  14. Crimeware SpyWare Worm Virus Symantec Client Security – Complete Endpoint Protection • Supports The Broadest Range Of Enterprise Devices • Eliminates The Broadest Range Of External Malicious Threats SymbianDevice LaptopPC DesktopPC WindowsSmartphone

  15. Pass: Detected all "In the Wild viruses" in comparative tests (with no false positives) • Fail: Missed detection after three attempts • —: Chose not to submit for testing Endpoint protection built on Symantec AntiVirus • Symantec: • Submitted all supported environments for analysis since Nov. ‘99 • ONLY vendor to obtain 26 consecutive VB100 Awards

  16. Is Endpoint Protection Enough Protection ? “What Are The Most Common Sources Of Automated Internet Worm Attacks ?” 43% Employee Laptop 39% Internet Through Firewall 34% Non-Employee Laptop 27% VPN Home System 8% Don’t Know 8% Other Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention

  17. Protection Viruses UnknownAttacks Trojans Spyware Worms Endpoint Security Policy Status Compliance Anti-Virus On Anti-VirusSignatureUpdated PersonalFirewallOn ServicePackUpdated Patch Updated The Need for Endpoint Security

  18. Step 1 Endpoint Attaches To Network Configuration Is Determined Discover ✗ Monitor Endpoint ToEnsure Ongoing Compliance Step 4 Monitor Enforce ü ü Step 2 Compliance Of ConfigurationAgainst Policy Is Checked Remediate PatchQuarantineVirtual Desktop Step 3 Take Action Based OnOutcome Of Policy Check Symantec Endpoint Compliance Process

  19. Symantec Network Access Control Ensures endpoints are protected and compliant prior to accessing network resources • Choose quarantine, remediation or federated access • Enforce policy before access is granted • Execute updates, programs, services, etc. • Limit connection to VLAN, etc • Broadest enforcement options of any vendor • Remote connectivity (IPSec, SSL VPN) • LAN-based, DHCP, Appliance • Standards-based, CNAC, MSNAP

  20. Web-basedApplications ThinClient/ServerApplications TraditionalClient/ServerApplications FileShare PartnerExtranet PublicKiosk TravelingExecutives Symantec On-Demand Protection • Ideal for use with: • Outlook Web Access (OWA) • Web-enabled applications • Most complete On-Demand security solution • Virtual Desktop • Malicious Code Prevention • Cache Cleaner • Mini personal firewall • Host Integrity • Adaptive Policies Layered security technology solution for unmanaged endpoints

  21. OWA Kiosk Partner Temp Network Access Control + On-Demand Protection • Complete security compliance regardless of network access method • Managed Devices: laptops, mobile phones • Unmanaged Devices: Guest, contractor, partners, kiosks SymbianDevice LaptopPC DesktopPC WindowsSmartphone

  22. 1010101 1010101 1010101 Servers Are Endpoints Too • Data Center Servers Are Exposed To A Broad Range Of Threats • Malicious Code… Malicious Users LoosePrivileges SystemDevices BufferOverflow BackDoor FileServer EmailServer ApplicationServer Database Server

  23. 1010101 1010101 1010101 Symantec Critical System Protection 5.1 • Eliminates The Broadest Range Of Malicious Server Threats • Runs On The Broadest Range Of Operating Systems LoosePrivileges SystemDevices BufferOverflow BackDoor FileServer EmailServer ApplicationServer Database Server

  24. Network Protection Exploit Prevention Auditing & Alerting System Controls Symantec Critical System Protection 5.1Multi-layer protection for critical systems • Close back doors (block ports) • Limit network connectivity by application • Restrict traffic flow inbound and outbound • Restrict apps & O/S behaviors • Protect systems from buffer overflow • Intrusion prevention for day-zero attacks Symantec Critical System Protection 5.1 • Monitor logs, system settings & user • auth for security events • Consolidate & forward logs for archival • Smart event response for quick action • Lock down configuration & settings • Enforce security policy • De-escalate user privileges • Prevent removable media use

  25. Security Foundation Client Security + Critical System Protection • Think Of It As Your “Security Foundation” • Managed From A Single, Integrated Operational Console Symantec Client Security Symantec Critical System Protection Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

  26. Enforcement Host Integrity OSProtection Adaptive Policies IPS FW Symantec Sygate Enterprise Protection • Add the industry’s best managed firewallto your existing anti-virus protection Enterprise Management • Personal firewall with application control • Buffer overflow protection and IDS • Location awareness • Peripheral device control • Powerful system compliance checking • Network Access Control integration • Centralized scalable management

  27. Gartner Personal Firewall Magic Quadrant – June 2006 Regarding Vision: (page 10) • “Symantec made two acquisitions in 2005 that not only earned it the top vision rating, but also challenged other vendors to show improved vision.” Regarding integration of Sygate and WholeSecurity:(page 10) • “…Symantec will recover quickly to offer the most complete set of protections across the largest number of platforms and OSs.” Regarding the competition:(pages 9 & 10) • “Microsoft's Windows XP Firewall doesn't measure up to third-party products.” • “CSA is integrated with CNAC via the Cisco Trust Agent (CTA), but it is not a broad HIPS suite capable of challenging a company such as Symantec.” Publication Date: 27 June 2006/ID Number: G00139942

  28. Critical SystemProtection Client Security Critical SystemProtection Critical SystemProtection Client Security Critical SystemProtection Security Foundation Client Security Protecting the Security Foundation Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server

  29. ProtectionTechnology Symantec Solution Symantec Network Access Control Host integrity & remediation Symantec ConfidenceOnline Anti crimeware Hamlet* Devicecontrols Buffer overflow &exploit protection Symantec SygateEnterprise Protection O/S Protection Network IPS Client Firewall AntiVirus SymantecAntiVirus Anti-spyware Comprehensive Endpoint Security Requires a Complete Approach Endpoint Exposures Always on, always up-to- date Zero-hour attacks, Malware, Trojans, application injection Applications I/O Devices Slurping, IP theft, malware Buffer Overflow, process injection, key logging Memory/ Processes Malware, Rootkits, day-zero vulnerabilities Operating System Network Connection Worms, exploits & attacks Viruses, Trojans, malware & spyware Data & FileSystem * Future

  30. A look toward the Future – Hamlet (1H’07) SAV 9.x & 10.xSymantec AntiVirus Hamlet SCS 3.xSymantec Client Security Agent Symantec AntiVirus 11Symantec Client Security 4 SSEP 5.xSymantec Protection Agent 5.x Symantec EndpointSecurity Manager SCS 3.x & SAV 10.x(Symantec System Center) Management Console Symantec SygatePolicy Manager

  31. Consulting Education TechnicalSupport ManagedSecurity Services EarlyWarning Services • Advisory Services • Enablement Services • Technology Deployment • Operational Integration • Residency Services • Operational Services • Skills Assessment • Classroom Training • Customized Training • Virtual Academy • Self-study • Business Critical Service Assessments • Incident Management • Problem Resolution • Onsite Support & Best Practices • Monitor • Manage • Respond • DeepSight Threat Management System • DeepSight Alert Services Symantec Global Services –Integrated to meet all your service needs Symantec Global Services provides you with the right people, process, and technology to optimize your IT infrastructure and service delivery while managing your business risk. We keep your enterprise up, running, and growing – no matter what happens.

  32. Assessment Services SAV Check-Up SSEP Policy Audit Design and Implementation Services SAV, SCSP, SSEP, SNAC, SoDP Migration Services Sygate Enterprise Protection (SSE) / SSEP SAV Competitive Migration Residency Services for on-going management Continuous on-site technology and business expertise, allowing clients to realize the full value of technology investments and optimize resources in support of core business strategies Symantec Endpoint Security Consulting Services Extensive knowledge and insight, experienced business, industry and technology experts, and flexible consulting approach to deliver endpoint security solutions that proactively protect the infrastructure and improve operational performance Manage Assess Business / IT Alignment Implement Design People Process Technology

  33. Why Train With Symantec: Faster, more successful product implementation Better return on security investment Unrivaled product training expertise with the most up-to-date content available Certified instructors with real-world experience Flexible delivery options Available Training: Symantec AntiVirus 10.x (Classroom or Virtual Academy) Symantec AntiVirus Tech Center (Subscription) Sygate Enterprise Protection 5.x (Classroom) Sygate Enterprise Protection 201 (Classroom) Symantec Critical System Protection 5.0 (Classroom) Symantec Endpoint Security Education Services Classroom Training eLearning Live Training Self-Paced Onsite Training Onsite Training

  34. Three levels of Supportoffer Flexibility and Choice: Personalized, proactive support from elite technical experts, coordinated by a single point of contact and featuring Symantec’s highest levels of response Business Critical Services Around-the clock access to Symantec’s technical experts, with faster response times and access to all product upgrades* Essential Support Lowest price option including access to product upgrades and business hour support Basic Maintenance * Response time targets are faster for Essential Support than for Basic Maintenance • UNIQUE EXPERTISE • COMMITMENT TO CUSTOMER ADVOCACY • INNOVATIVE APPLICATION OF SUPPORT TECHNOLOGIES • FLEXIBLE SUPPORT OFFERINGS

  35. Questions? Because IT begins at the endpoint.

More Related