html5-img
1 / 43

February 2011

Symantec Endpoint Protection 12.1 Unrivaled Security. Blazing Performance. Built for Virtual Environments. February 2011. Sophisticated Attacks – targeted Rapidly mutating. Virtualization had become the rule. Social Networks and socially engineered attacks. Increased Cost of Incidents.

aisha
Download Presentation

February 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symantec Endpoint Protection 12.1Unrivaled Security. Blazing Performance. Built for Virtual Environments. February 2011

  2. SophisticatedAttacks – targetedRapidly mutating Virtualization had become the rule Social Networksand socially engineered attacks IncreasedCost ofIncidents Symantec Endpoint Protection 12Driven by Key IT Security Trends

  3. Jan, 2007 - 250,000 viruses Dec, 2009 – over 240 million

  4. Today, 650,000 new viruses were created 4

  5. A Security Catastrophe… the growth in AV signatures Soon, a world with 100s of millions of viruses Signature based scanning won’t keep up Something has to change

  6. Introducing the New Symantec Endpoint Protection 12Powered by Insight Unrivaled Security Blazing PerformanceBuilt for Virtual Environments

  7. Symantec Endpoint Protection 12 • What’s New • Unrivaled Security • Insight • SONAR • Blazing Performance • Reduce scan overhead by 70% • Built for Virtual Environments • Identify and Manage Virtual Clients • Reduced Scan Overheads Win, OS X, Linux One console One agent Powered by Insight

  8. A new approach to stopping malware • Uses telemetry from 175 million systems to identify the reputation of file. Powered by Insight

  9. How many copies of this file exist? How new is this program? Is it signed? How often has this file been downloaded? How many people are using it? Where is it from? Does it have a security rating? Have other users reported infections? Insight Because the context of a file is as telling as its content Is the source associated with infections? How will this file behave if executed? What rights are required? Is the file associated with files that are linked to infections? Does the file look similar to malware? How old is the file? Is the source associated with SPAM? Have other users reported infections? Who created it? Is the source associated with many new files? Who owns it? What does it do? 9

  10. The Idea Only malware mutates So . . . if an executable is unique, it’s suspicious . . . but how to know if a file is unique?

  11. All you need is a database . . . . of nearly every program file on the internet

  12. How Insight Works Check the DB during scans Rate nearly every file on the internet 2.5 billion files 1 2 4 3 5 Build a collection network 175 million PCs Is it new? Bad reputation? Look for associations Provide actionable data Associations

  13. The Security Stack – for 32 & 64 bit systems • IPS & Browser Protection • Firewall • Network & Host IPS • Monitors vulnerabilities • Monitors traffic • Looks for system changes Stops stealth installs and drive by downloads Focuses on the vulnerabilities, not the exploit Improved firewall supports IPv6, enforces policies

  14. Insight – Provides Context Insight Reputation on 2.5 Billion files Adding 31 million per week Identifies new and mutating files Feeds reputation to our other security engines Only system of its kind

  15. File Scanning File Scanning Cloud and Local Signatures New, Improved update mechanism Heuristics & Signature Scan Most accurate heuristics on the planet. Uses Insight to prevent false positives

  16. SONAR – Completes the Protection Stack • SONAR • Monitors processes and threads as they execute • Rates behaviors • Feeds Insight Only hybrid behavioral-reputation engine on the planet Monitors 400 different application behaviors Selective sandbox (ex Adobe)

  17. What’s Special about Insight? Only Insight can answer: How old is the file? How many copies are there? Is the file associated with infections? Only Insight can use reputation to identify mutating threats

  18. Unrivaled Security B7 93 8F 4C 15 FE • Unrivaled Security Hackers mutate threats to evade fingerprints Mutated threats stick out like a sore thumb It’s a catch-22 for the virus writers • Mutate too much =Insight finds it • Mutate too little = Easy to discover & fingerprint 18

  19. Policies based on Risk • Only software with at least 10,000 users over 2 months old. • Can install medium-reputation software with at least 100 other users. • No restrictions but machines must comply with access control policies. • Unrivaled Security • Finance Dept • Help Desk • Developers

  20. Real World Test % of samples % False Positives

  21. Remediation Test Remediation Score (higher is better) 110 104 Number of False Positives (lower is better) 94 93 75 69 24

  22. Faster Scans • Blazing Performance On a typical system, 70% of active applications can be skipped! ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü Traditional Scanning Has to scan every file Insight - Optimized Scanning Skips any file we are sure is good,leading to much faster scan times 22

  23. Scan Speed Symantec Endpoint Protection Scans: 3.5X faster than McAfee 2X faster than Microsoft Ranked 1st in overall Performance! • Blazing Performance • PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport

  24. Memory Use • Blazing Performance Memory Usage Symantec Endpoint Protection uses: 66% less memory than McAfee 76% less memory than Microsoft • PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport

  25. Built for Virtual Environments

  26. Built for Virtual Environments Virtual Client Tagging Virtual Image Exception Shared Insight Cache Resource Leveling Together – up to 90% reduction in disk IO

  27. IT Analytics - Symantec Endpoint Protection • Ad-hoc Data Mining – Pivot Tables • Data from multiple Symantec Endpoint Protection Servers • Break down by virus occurrences, computer details, history of virus definition distribution . . . • Charts, Reports and Trend Analysis • Alert & risk categorization trends over time • Monitor trends of threats & infections detected by scans • Dashboards • Overview of clients by version • Summary of threat categorization and action taken for a period of time • Summary of Virus and IPS signature distribution

  28. Symantec Endpoint ProtectionSmall Business Edition (SBE) 12.1 Target companies with less than 100 users Same threat detection technologies as Symantec Endpoint Protection Reduced footprint Simplified deployment and management

  29. SEP 12 vs. SEP SBE 12.1

  30. Symantec Endpoint Protection 12Changes the Rules of the Game No longer relies solely on signatures Use data from over 175 million users Shifts the odds in our favor – attackers can no longer evade us by tweaking their threats Built for Virtual Environments

  31. Partners Partners Consultants Consultants Hotel Business Center Auditors Home PC Challenge:Access to Corporate Networks Corporate Network Open access to corporate networks meanshigher risk for infection

  32. Checks adherence to endpoint security policies  Antivirus installed and current?  Firewall installed and running?  Required patches and service packs?  Required configuration? Fixes configuration problems Controls guest access Discover Solution:Network Access Control Monitor Enforce NAC is process that creates a much more secure network Remediate Network Access Control helps prevent malware from spreading throughout the network Redefining Endpoint Security

  33. Restricts access to your network by creating a closed system Offers automatic endpoint remediation before access is granted Checks adherence to endpoint security policies even when connected to network Network Access Control (continued) Non-employees Employees Managed Unmanaged Corporate Network Remote On-site Redefining Endpoint Security

  34. Symantec Network Access Control 3 Key Components 1. Central Management Console 2. Endpoint Evaluation Technology 3. Enforcer Redefining Endpoint Security

  35. 1. Central Management Console Symantec Endpoint Protection Manager Same Management Console used for Symantec Endpoint Protection 11.0 Policy Management Web-based GUI Enterprise class/scale Role-based access Hierarchical views Integration with Active Directory Redefining Endpoint Security

  36. Best Persistent Agents ‘Managed’ Endpoints Better Dissolvable Agents ‘Unmanaged’ Endpoints Good Remote Scanner ‘Unmanagable’ Endpoints 2. Endpoint Evaluation Technologies Symantec Endpoint Protection 11.0 agentis SNAC ready Redefining Endpoint Security

  37. 3. Enforcers Host-based Good Symantec Self-Enforcement Symantec Gateway Enforcer Network-based (optional) Better Symantec DHCP Enforcer Best Symantec LAN Enforcer-802.1X Redefining Endpoint Security

  38. How SNAC is Packaged SymantecNetworkAccess Controlv 11.0 Symantec Network Access Control Starter Edition v 11.0 Central Management Console   Symantec Endpoint Protection Manager Endpoint Evaluation Technology   Persistent Agent (SNAC Agent) Add On Dissolvable Agent (On-Demand Agent) Add On Add On Add On Remote Vulnerability Scanner Endpoint Evaluation Technology   Self - Enforcement * * Gateway Enforcement  DHCP Enforcement * LAN (802.1x) Enforcement * Requires purchase of an enforcer appliance

  39. Compliance pass: Apply “Office” firewall policy Client connects to network and validates policy PersistentAgent performs self-compliance checks Compliance fail: Apply “Quarantine” firewall policy Symantec NAC Self-Enforcement:How It Works Symantec Endpoint Protection Manager Persistent Agent Protected Network Onsite or Remote Laptop Quarantine RemediationResources Redefining Endpoint Security

  40. Mobile office Home PC Mobile Device Where Endpoint Security Fits Coffee House Server Home office Web Server Satellite office USB Partners File Server Corporate Network CD Endpoint Protection Endpoint Encryption Advanced Server Protection Mobile Security Network Access Control SymantecTM Endpoint Protection SymantecTM Endpoint Encryption SymantecTM Critical System Protection SymantecTM Mobile Security SymantecTM Network Access Control Redefining Endpoint Security

  41. Relevancy ResponseCenters Users Accuracy Protection Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection Global Expertise More researchers Comprehensive data sources More virus samples analyzed Extensive customer support In-depth Analysis Signatures: AV,AS,IPS,GEB, SPAM, White lists DeepSight Database IT Policies and Controls Rigorous False Positive Testing Automated Updates Fast & Accurate Variety of Distribution Methods Relevant Information Redefining Endpoint Security Redefining Endpoint Security 42

  42. Redefining Endpoint Security

More Related