slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
February 2011 PowerPoint Presentation
Download Presentation
February 2011

Loading in 2 Seconds...

play fullscreen
1 / 43

February 2011 - PowerPoint PPT Presentation


  • 55 Views
  • Uploaded on

Symantec Endpoint Protection 12.1 Unrivaled Security. Blazing Performance. Built for Virtual Environments. February 2011. Sophisticated Attacks – targeted Rapidly mutating. Virtualization had become the rule. Social Networks and socially engineered attacks. Increased Cost of Incidents.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'February 2011' - aisha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Symantec Endpoint Protection 12.1Unrivaled Security. Blazing Performance. Built for Virtual Environments.

February 2011

slide2

SophisticatedAttacks – targetedRapidly mutating

Virtualization had become the rule

Social Networksand socially engineered attacks

IncreasedCost ofIncidents

Symantec Endpoint Protection 12Driven by Key IT Security Trends

slide3

Jan, 2007 - 250,000 viruses

Dec, 2009 – over 240 million

a security catastrophe the growth in av signatures
A Security Catastrophe… the growth in AV signatures

Soon, a world with 100s of millions of viruses

Signature based scanning won’t keep up

Something has to change

introducing the new symantec endpoint protection 12 powered by insight
Introducing the New Symantec Endpoint Protection 12Powered by Insight

Unrivaled Security

Blazing PerformanceBuilt for Virtual Environments

symantec endpoint protection 12
Symantec Endpoint Protection 12
  • What’s New
  • Unrivaled Security
  • Insight
  • SONAR
  • Blazing Performance
  • Reduce scan overhead by 70%
  • Built for Virtual Environments
  • Identify and Manage Virtual Clients
  • Reduced Scan Overheads

Win, OS X, Linux

One console

One agent

Powered by Insight

slide8

A new approach to stopping malware

  • Uses telemetry from 175 million systems to identify the reputation of file.

Powered by Insight

slide9

How many copies of this file exist?

How new is this program?

Is it signed?

How often has this file been downloaded?

How many people are using it?

Where is it from?

Does it have a security rating?

Have other users reported infections?

Insight

Because the context of a file is as telling as its content

Is the source associated with infections?

How will this file behave if executed?

What rights are required?

Is the file associated with files that are linked to infections?

Does the file look similar to malware?

How old is the file?

Is the source associated with SPAM?

Have other users reported infections?

Who created it?

Is the source associated with many new files?

Who owns it?

What does it do?

9

the idea
The Idea

Only malware mutates

So . . . if an executable is unique, it’s suspicious

. . . but how to know if a file is unique?

all you need is a database of nearly every program file on the internet
All you need is a database . . . . of nearly every program file on the internet
slide12

How Insight Works

Check the DB during scans

Rate nearly every file on the internet

2.5 billion files

1

2

4

3

5

Build a collection network

175 million PCs

Is it new?

Bad reputation?

Look for associations

Provide actionable data

Associations

the security stack for 32 64 bit systems
The Security Stack – for 32 & 64 bit systems
  • IPS & Browser Protection
  • Firewall
  • Network & Host IPS
  • Monitors vulnerabilities
  • Monitors traffic
  • Looks for system changes

Stops stealth installs and drive by downloads

Focuses on the vulnerabilities, not the exploit

Improved firewall supports IPv6, enforces policies

insight provides context
Insight – Provides Context

Insight

Reputation on 2.5 Billion files

Adding 31 million per week

Identifies new and mutating files

Feeds reputation to our other security engines

Only system of its kind

file scanning
File Scanning

File Scanning

Cloud and Local Signatures

New, Improved update mechanism

Heuristics & Signature Scan

Most accurate heuristics on the planet.

Uses Insight to prevent false positives

sonar completes the protection stack
SONAR – Completes the Protection Stack
  • SONAR
  • Monitors processes and threads as they execute
  • Rates behaviors
  • Feeds Insight

Only hybrid behavioral-reputation engine on the planet

Monitors 400 different application behaviors

Selective sandbox (ex Adobe)

what s special about insight
What’s Special about Insight?

Only Insight can answer:

How old is the file?

How many copies are there?

Is the file associated with infections?

Only Insight can use reputation to identify mutating threats

unrivaled security
Unrivaled Security

B7

93

8F

4C

15

FE

  • Unrivaled Security

Hackers mutate threats to evade fingerprints

Mutated threats stick out like a sore thumb

It’s a catch-22 for the virus writers

  • Mutate too much =Insight finds it
  • Mutate too little = Easy to discover & fingerprint

18

policies based on risk
Policies based on Risk
  • Only software with at least 10,000 users over 2 months old.
  • Can install medium-reputation software with at least 100 other users.
  • No restrictions but machines must comply with access control policies.
  • Unrivaled Security
  • Finance Dept
  • Help Desk
  • Developers
real world test
Real World Test

% of samples

% False Positives

remediation test
Remediation Test

Remediation Score (higher is better)

110

104

Number of False Positives (lower is better)

94

93

75

69

24

faster scans
Faster Scans
  • Blazing Performance

On a typical system, 70% of active applications can be skipped!

ü

ü

ü

ü

ü

ü

ü

ü

ü

ü

ü

ü

ü

ü

ü

Traditional Scanning

Has to scan every file

Insight - Optimized Scanning

Skips any file we are sure is good,leading to much faster scan times

22

scan speed
Scan Speed

Symantec Endpoint Protection Scans:

3.5X faster than McAfee

2X faster than Microsoft

Ranked 1st in overall Performance!

  • Blazing Performance
  • PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport
memory use
Memory Use
  • Blazing Performance

Memory Usage

Symantec Endpoint Protection uses:

66% less memory than McAfee

76% less memory than Microsoft

  • PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport
built for virtual environments1
Built for Virtual Environments

Virtual Client Tagging

Virtual Image Exception

Shared Insight Cache

Resource Leveling

Together – up to 90% reduction in disk IO

it analytics symantec endpoint protection
IT Analytics - Symantec Endpoint Protection
  • Ad-hoc Data Mining – Pivot Tables
    • Data from multiple Symantec Endpoint Protection Servers
    • Break down by virus occurrences, computer details, history of virus definition distribution . . .
  • Charts, Reports and Trend Analysis
    • Alert & risk categorization trends over time
    • Monitor trends of threats & infections detected by scans
  • Dashboards
    • Overview of clients by version
    • Summary of threat categorization and action taken for a period of time
    • Summary of Virus and IPS signature distribution
symantec endpoint protection small business edition sbe 12 1
Symantec Endpoint ProtectionSmall Business Edition (SBE) 12.1

Target companies with less than 100 users

Same threat detection technologies as Symantec Endpoint Protection

Reduced footprint

Simplified deployment and management

symantec endpoint protection 12 changes the rules of the game
Symantec Endpoint Protection 12Changes the Rules of the Game

No longer relies solely on signatures

Use data from over 175 million users

Shifts the odds in our favor – attackers can no longer evade us by tweaking their threats

Built for Virtual Environments

challenge access to corporate networks

Partners

Partners

Consultants

Consultants

Hotel Business Center

Auditors

Home PC

Challenge:Access to Corporate Networks

Corporate Network

Open access to corporate networks meanshigher risk for infection

solution network access control
Checks adherence to endpoint security policies

 Antivirus installed and current?

 Firewall installed and running?

 Required patches and service packs?

 Required configuration?

Fixes configuration problems

Controls guest access

Discover

Solution:Network Access Control

Monitor

Enforce

NAC is process that creates a much more secure network

Remediate

Network Access Control helps prevent malware from spreading throughout the network

Redefining Endpoint Security

network access control continued
Restricts access to your network by creating a closed system

Offers automatic endpoint remediation before access is granted

Checks adherence to endpoint security policies even when connected to network

Network Access Control (continued)

Non-employees

Employees

Managed

Unmanaged

Corporate Network

Remote

On-site

Redefining Endpoint Security

symantec network access control 3 key components
Symantec Network Access Control 3 Key Components

1. Central Management Console

2. Endpoint Evaluation Technology

3. Enforcer

Redefining Endpoint Security

1 central management console
1. Central Management Console

Symantec Endpoint Protection Manager

Same Management Console used for Symantec Endpoint Protection 11.0

Policy Management

Web-based GUI

Enterprise class/scale

Role-based access

Hierarchical views

Integration with Active Directory

Redefining Endpoint Security

2 endpoint evaluation technologies

Best

Persistent Agents

‘Managed’ Endpoints

Better

Dissolvable Agents

‘Unmanaged’ Endpoints

Good

Remote Scanner

‘Unmanagable’ Endpoints

2. Endpoint Evaluation Technologies

Symantec Endpoint Protection 11.0 agentis SNAC ready

Redefining Endpoint Security

3 enforcers
3. Enforcers

Host-based

Good

Symantec Self-Enforcement

Symantec Gateway Enforcer

Network-based (optional)

Better

Symantec DHCP Enforcer

Best

Symantec LAN Enforcer-802.1X

Redefining Endpoint Security

how snac is packaged
How SNAC is Packaged

SymantecNetworkAccess Controlv 11.0

Symantec

Network

Access Control Starter Edition

v 11.0

Central Management Console

Symantec Endpoint Protection Manager

Endpoint Evaluation Technology

Persistent Agent (SNAC Agent)

Add On

Dissolvable Agent (On-Demand Agent)

Add On

Add On

Add On

Remote Vulnerability Scanner

Endpoint Evaluation Technology

Self - Enforcement

*

*

Gateway Enforcement

DHCP Enforcement

*

LAN (802.1x) Enforcement

* Requires purchase of an enforcer appliance

symantec nac self enforcement how it works

Compliance pass: Apply “Office” firewall policy

Client connects to network and validates policy

PersistentAgent performs self-compliance checks

Compliance fail: Apply “Quarantine” firewall policy

Symantec NAC Self-Enforcement:How It Works

Symantec Endpoint Protection Manager

Persistent Agent

Protected Network

Onsite or Remote Laptop

Quarantine

RemediationResources

Redefining Endpoint Security

where endpoint security fits

Mobile

office

Home PC

Mobile Device

Where Endpoint Security Fits

Coffee

House

Server

Home

office

Web Server

Satellite

office

USB

Partners

File Server

Corporate Network

CD

Endpoint Protection

Endpoint Encryption

Advanced Server

Protection

Mobile Security

Network Access

Control

SymantecTM

Endpoint Protection

SymantecTM

Endpoint Encryption

SymantecTM

Critical System

Protection

SymantecTM

Mobile Security

SymantecTM

Network Access

Control

Redefining Endpoint Security

symantec security intelligence integrated global intelligence analysis and protection

Relevancy

ResponseCenters

Users

Accuracy

Protection

Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection

Global Expertise

More researchers

Comprehensive data sources

More virus samples analyzed

Extensive customer support

In-depth Analysis

Signatures: AV,AS,IPS,GEB, SPAM, White lists

DeepSight Database

IT Policies and Controls

Rigorous False Positive Testing

Automated Updates

Fast & Accurate

Variety of Distribution Methods

Relevant Information

Redefining Endpoint Security

Redefining Endpoint Security

42