1 symantec endpoint protection 12.1 unrivaled security. blazing performance. built for virtual...

1

Symantec Endpoint Protection 12.1

Unrivaled Security. Blazing Performance.

Built for Virtual Environments.

May 2011

2

Disclaimer

“This information is about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available.”

2

Social Networksand socially

engineered attacks

Virtualization had become the

rule

IncreasedCost of

Incidents

Targeted &Rapidly Mutating

Attacks

Symantec Endpoint ProtectionDriven by Key IT Security Trends


Jan, 2007 - 250,000 viruses

Dec, 2010 – over 288 million

4Symantec Endpoint Protection 12.1

Malware Authors Have Switched Tactics

5

From:

A mass distribution – one worm hits millions of PCs Storm made its way onto millions

of machines across the globe

To:

A micro distribution model. Hacked web site builds a trojan

for each visitor The average Harakit variant is

distributed to 1.6 users!

75% of malware is “rapidly mutating”


Only malware mutates

If we track every file on the internet . . .

New or mutated files will stick out

How often has this file been downloaded?

Where is it from?

Have other users reported infections?

Is the source associated with infections?

How will this file behave if executed?

How old is the file?

How many people are using it?

Is the source associated with SPAM?

Is the source associated with many new files?

Does the file look similar to malware?

Is the file associated with files that are linked to infections?

Who created it?

Does it have a security rating?

Is it signed?

What rights are required?

Who owns it?

Insight spots rapidly changing & mutated files

What does it do?

How new is this program?

How many copies of this file exist?

Have other users reported infections?

6

Which lead us to think . . .


2

Prevalence

Age

Source

Behavior

3

4

Look for associations

Check the DB during scans

Rate nearly every file on the internet

5 Provide actionable data

1 Build a collection network

Associations

Is it new?Bad reputation?

175 million

PCs

2.5 billion files

How Symantec™ Insight Works


Symantec Endpoint Protection Family

• Ideal for less than 100 users

•Maintain your own infrastructure

•All data stored on premise

Small Business Edition

•Scales from hundreds to thousands of users

•Powerful central management

• Ideal for virtual environments

Symantec Endpoint

Protection

•Hosted management•Monthly subscription•No need to manage hardware

Endpoint Protection.Cloud

8Symantec Endpoint Protection 12.1

Great Performance

Powerful Protection

Antivirus

Antispyware

Firewall

IntrusionPrevention

Fastest, Most Effective, Simple

9

Symantec Endpoint Protection SBE


Reduced Cost, Complexity &

Risk Exposure

Increased Protection, Control &

Manageability

Antivirus

Antispyware

Firewall

IntrusionPrevention

Device and ApplicationControl

Network AccessControl

Single Agent, Single Console

10

Built for Virtualization

Version12.1

Symantec Endpoint Protection

Symantec Network Access Control

Symantec Endpoint Protection


• Up to 70% reduction in scan overhead

• Smarter Updates• Faster Management

What’s New

• Powered by Insight • Real Time Behavior

Monitoring with SONAR

• Tested and optimized for virtual environments

• Higher VM densities

11

Unrivaled Security

Built for Virtual Environments (SEP

only)

Blazing Performance


The Security Stack – for 32 & 64 bit systems

12

Network IPS & Browser

Protect & FW

Insight Lookup

Heuristics & Signature Scan

Real time behavioral

SONAR

IPS & Browser Protection• Firewall• Network & Host IPS• Monitors vulnerabilities• Monitors traffic• Looks for system

changes

Stops stealth installs and drive by downloadsFocuses on the vulnerabilities, not the exploitImproved firewall supports IPv6, enforces policies


Insight – Provides Context

13

Network IPS & Browser Protect

Insight



SONAR

InsightReputation on 2.5 Billion

filesAdding 31 million per

week

Identifies new and mutating filesFeeds reputation to our other security enginesOnly system of its kind


File Scanning

14


Insight


SONAR

File ScanningCloud and Local Signatures

New, Improved update mechanism

Most accurate heuristics on the planet.Uses Insight to prevent false positives



SONAR – Completes the Protection Stack

15


Insight Lookup

File Based Protection –

Sigs/Heuristics


SONAR

SONAR• Monitors processes and

threads as they execute• Rates behaviors• Feeds Insight

Only hybrid behavioral-reputation engine on the planetMonitors 400 different application behaviorsSelective sandbox (ex Adobe)


16

16

Insight - Optimized ScanningSkips any file we are sure is good,leading to much faster scan times

Traditional ScanningHas to scan every file

On a typical system, 70% of active applications can be skipped!

Faster Scans


Detected 25% more threats than any other vendor tested.

Detected 6x as many threats as Microsoft. Kasp

ersky

McAfee

Microso

ft

Sophos

Syman

tec

Trend M

icro

0

20

40

60

80

100

Removed more threats than any other vendor tested including 36% more than

McAfee more than 4x the number as Trend Micro.0

20

40

60

80

100

120

Scanned faster, used less memory and outperformed all products in its class

Scanned 3.5x as fast as McAfee and used 66% less memory than Microsoft

Syman

tec

Kaspers

ky

Trend M

icro

Averag

e

McAfee

Sophos

Microso

ft 0.0

40.0

80.0

120.0

160.0

The Results are In: Symantec Endpoint Protection:

17


Policies based on Risk

Only software with at least 10,000 users over 2 months old.

Finance Dept

Can install medium-reputation software

with at least 100 other users.

Help Desk

No restrictions but machines must

comply with access control policies.

Developers

18


Built for Virtual Environments


20

• Optimized for VMware, Citrix and Microsoft virtual environments

• Easy to manage physical and virtual clients

• Maximizes performance and density without sacrificing security

• Best in class performance and security

Hypervisor

Scan Cache


Virtual Insight FeaturesVirtual Image Exception• U

sed on cloned images

• Excludes all files

• Reduces scan impact

Shared Insight Cache• C

lients share scan results

• Scan files once

• Leverages Insight

Virtual Client Tagging• I

dentifies hypervisor

• Set group specific policy

• Search for virtual clients

Resource Leveling• U

sed for all virtual systems

• Reduce overlap of events

• Scans and def updates

Enhances Management and

Reduces Scan Impact by ~90%

21


IT Analytics - Symantec Endpoint Protection

• Ad-hoc Data Mining – Pivot Tables– Data from multiple Symantec Endpoint Protection

Servers

– Break down by virus occurrences, computer details, history of virus definition distribution . . .

• Charts, Reports and Trend Analysis– Alert & risk categorization trends over time

– Monitor trends of threats & infections detected by scans

• Dashboards– Overview of clients by version

– Summary of threat categorization and action taken for a period of time

– Summary of Virus and IPS signature distribution

22


23

SEP ReportingTactical View of frontline endpoint defenses. Current view of events and the state of SEP clients.

IT AnalyticsStrategic View over time of endpoint defenses. Trend analysis and data mining via a consolidated view of multiple Endpoint Protection Managers.

Symantec Protection Center 2.0Single sign on management as well as cross-product reporting and dashboards of Symantec Endpoint Protection, Messaging Gateway, SNAC, PGP Universal Server.


The Symantec Endpoint Protection Family

24

Feature SEP SBE 12.1 SEP.Cloud SEP 12.1

Seats 5-99 seats 5-99 seats 100+ seatsAntivirus/Antispyware • • •Desktop Firewall • • •Intrusion Detection/Prevention • • •Insight / SONAR • • •Protection for Mac OS X • • •Protection for Linux •Device and Application Control •Network Access Control Self-Enforcement ready •

Symantec Hosted Infrastructure •Built for Virtual Environments •


Symantec Endpoint Protection 12

Powered by Insight

25

Unrivaled SecurityBlazing Performance


26


27Symantec Endpoint Protection 12.1 27

Appendix: Symantec Network Access Control 12.1

Symantec Network Access Control

28

• Checks adherence to endpoint security policies Antivirus installed and current?

Firewall installed and running?

Required patches and service packs?

Required configuration?

• Fixes configuration problems• Controls guest access

Network Access Control puts you in control of what attaches to your netwok

NAC is process that creates a much

more secure network


What to Control with Each Phase

29

Phase 3 Network

Lockdown(complete)

Phase 2 Network

Lockdown(partial)

Phase 1Endpoint

Lockdown

Company-owned laptops & desktops

UnmanagedEndpoints

ManagedEndpoints

Self-Enforced with the SEP client

Ingress Control• Wireless, VPN, Key

subnets• Use Enforcer

Complete Access Control

for LAN & remote endpoints

Complete Access for remote & LAN

Guests

N/AIngress Control• Wireless, VPN, Key

subnets• Use Enforcer


What Type of Enforcement to Usewith Each Phase

30

Phase 3 Network

Lockdown(complete)

Phase 2 Network

Lockdown(partial)

Phase 1Endpoint

Lockdown

UnmanagedEndpoints

ManagedEndpoints

Self-Enforcement Gateway Enforcement LAN (802.1X), DHCP Enforcement

N/AGateway

EnforcementLAN (802.1X), DHCP, Gateway

Enforcement

Start with SEP Enforcement then move to network-based enforcement


Symantec Network Access Control 3 Key Components

SEP Management Console (SEPM)

Endpoint Client (SEP)

Enforcer Appliance

31


2. Endpoint Evaluation Technologies

Symantec Endpoint Protection 12.1 clientis SNAC ready

Dissolvable Agents‘Unmanaged’ Endpoints

Remote Scanner‘Unmanagable’ Endpoints

Persistent Agents‘Managed’ Endpoints

Best

32


Better

Good

3. Enforcers

Symantec LAN Enforcer-802.1X

Symantec DHCP Enforcer

Symantec Gateway Enforcer

Symantec Self-Enforcement

Hos

t-ba

sed

Net

wor

k-ba

sed

(opt

iona

l)

33


Best

Better

Good

How SNAC is Packaged

Central Management Console

Endpoint Evaluation Technology

Endpoint Evaluation Technology

Symantec Endpoint Protection Manager

Persistent Agent (SNAC Agent)

Dissolvable Agent (On-Demand Agent)

Remote Vulnerability Scanner

Self - Enforcement

Gateway Enforcement

DHCP Enforcement

LAN (802.1x) Enforcement

*

*

Add On

Add On

Add On

Add On

*

SymantecNetworkAccess Controlv 12.1

SymantecNetworkAccess Control

Starter Editionv 12.1

* Requires purchase of an enforcer appliance

34


Global ExpertiseMore researchers

Comprehensive data sourcesMore virus samples analyzedExtensive customer support

In-depth AnalysisSignatures: AV,AS,IPS,GEB,

SPAM, White listsDeepSight Database

IT Policies and Controls Rigorous False Positive Testing

Automated UpdatesFast & Accurate

Variety of Distribution MethodsRelevant Information

Relevancy

Accuracy

Protection

ResponseCenters

Users

Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection

Symantec Endpoint Protection 12.1 35

Global ExpertiseMore researchers

Comprehensive data sourcesMore virus samples analyzedExtensive customer support

In-depth AnalysisSignatures: AV,AS,IPS,GEB,

SPAM, White listsDeepSight Database

IT Policies and Controls Rigorous False Positive Testing

Automated UpdatesFast & Accurate

Variety of Distribution MethodsRelevant Information

Relevancy

Accuracy

Protection

ResponseCenters

Users

Symantec Security Intelligence Integrated Global Intelligence, Analysis, and Protection

Symantec Endpoint Protection 12.1 36

Thank you!

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

37


1 symantec endpoint protection 12.1 unrivaled security. blazing performance. built for virtual...

Documents