symantec protection engine - veritasvox.veritas.com/legacyfs/online/veritasdata/is b27.pdf · 2016....
TRANSCRIPT
Symantec Protection Engine
Kevin Kingston Senior Product Manager
Ian McShane Senior Manager, Product Management
Symantec Protection Engine 1
SYMANTEC VISION 2012
Where is your data?
Symantec Protection Engine 2
SYMANTEC VISION 2012
What’s the problem?
• You shouldn’t trust any of them. Ever. File uploads
• You shouldn’t trust any files. Ever. File sharing
• You must establish trust before this happens, but don’t rely on it. File processing
• You shouldn’t trust any files, ever. File storage /
archiving
Symantec Protection Engine 3
SYMANTEC VISION 2012
The solution has to be Client Agnostic
No security agent
No management
No guarantees
Symantec Protection Engine 4
SYMANTEC VISION 2012
Evolution of Protection Engine
Symantec Carrier
Scan 2002
Symantec Scan
Engine 2005
Symantec Protection
Engine 2012
Symantec Protection Engine 5
Performance
Scalability
Enterprise
Storage protection
Policy Control
Next Gen Protection
Mobile threats
Insight Reputation
Content Sanitising
SYMANTEC VISION 2012
Protection Engine for Cloud Services
6 Symantec Protection Engine
SYMANTEC VISION 2012
Client(s)
Symantec Protection Engine
Provide on-time/real-time protection
Applications, URLs, Files, etc….
Exchange SharePoint
Network Storage Cloud Services/ SAAS
..etc...
Storage, web apps,
LOB apps, collaboration,
Virtual Machine storage,
carrier/telco…
Symantec Protection Engine
Symantec Protection Engine 7
SYMANTEC VISION 2012
What can Protection Engine do?
Threat Detection
Policy Control
URL Filtering
Next Gen AV. Most popular file types. Latest AV definitions available via LiveUpdate, Rapid Release and Intelligent Update technologies.
RuleSpace technology with intelligence on more than 33 million URLs. User defined category support. Latest URL definitions available via LiveUpdate technology.
File size File type Scan result Container policies
Symantec Protection Engine 8
SYMANTEC VISION 2012
The Scanning Components
Typer Accurate file identification
Decomposer Inspect containers and almost all file types and formats
STAR components
Signature based threat detection
Advanced Heuristics for
threat detection
File reputation based threat
detection (2013)
Symantec Protection Engine 9
SYMANTEC VISION 2012
Popular Deployment Scenarios for ISP’s and Enterprise
Integrate with ANY application either via ICAP or SDK
Symantec Protection Engine 10
• URL classification / Blocking with Symantec RuleSpace
• File upload & download protection
• SMTP & MMS attachments
• Android application (apk) protection
• Cloud storage
SYMANTEC VISION 2012
Software Developer Kit v7.0 (C SDK)
Operating system Arch Compiler
Red Hat Enterprise Linux 5.5 x64 gcc 4.1.2
Red Hat Enterprise Linux 6 x86_64 gcc 4.4.5-6
Red Hat Enterprise Linux (SELinux)] 5 x86 gcc 3.4.6
Solaris 10 (SPARC) 32bit gcc 3.4.6
Solaris 10 (SPARC) 64bit gcc 3.4.3
Solaris 10 (x86) 32bit gcc 3.4.3
Solaris 10 (x86) 64bit gcc 3.4.3
Windows Server 2008 R2 x64 MS Visual Studio 2008 MS Visual Studio 2010
Windows Server 2003 R2 x86 MS Visual Studio 2003
Symantec Protection Engine
Latest compilers added for each platform
SDK updated to support new ICAP services for Enhanced Threat Categorization. New return codes added for Unscannable File Handling
11
SYMANTEC VISION 2012
Software Developer Kit v7.0 (Java and .Net SDK)
Operating system Arch Compiler
Microsoft Windows Server 2003 R2 x86 jdk 1.6
Microsoft Windows Server 2008 x86 jdk 1.6
Solaris (SPARC) 10 x86 jdk 1.6
Red Hat Enterprise Linux 5.5 x86 jdk 1.6
Microsoft Windows Server 2008 R2 x64 jdk 1.6
Solaris (SPARC) 10 x64 jdk 1.6
Red Hat Enterprise Linux 5.5 x64 jdk 1.6
Symantec Protection Engine
Java SDK – Supported Platforms and Compilers
.Net SDK – Supported Platforms and Compilers
Operating system Arch Compiler
Microsoft Windows Server 2003 R2 x86 .NET 2005
Microsoft Windows Server 2008 R2 x64 .NET 2008
12
SYMANTEC VISION 2012
Protection Engine for NAS
13 Symantec Protection Engine
SYMANTEC VISION 2012
Why does Network Attached Storage need protection?
• Defense in Depth
– Provides protection on storage that can not be bypassed by clients
• Massive Centralized Repository for Sensitive Data
– Centralized vector of infection!
– Can be specifically targeted by hackers
• Unmanaged Clients that have access to Storage
– PCs, Linux, Mac, Virtual Machines
Symantec Protection Engine 14
SYMANTEC VISION 2012
What is Protection Engine for NAS?
• Network based virus scanner
– Supports ICAP and RPC protocols(RPC used for NetApp support only)
• Most common integration with NetApp DataONTAP client
– RPC-based connector built-in to ONTAP’s CIFS protocol
– Determines which files to Scan
• Read, Write, Read/Write
• Include/Exclude list
• Already Scanned?
• Mandatory scan option
Symantec Protection Engine 15
SYMANTEC VISION 2012
Other common storage integrations
• Hitachi NAS
• EMC Isilon, VNX(formerly Celerra)
• IBM Sonas and Storwize
* These platforms utilize ICAP protocol and are certified by vendor
Symantec Protection Engine 16
SYMANTEC VISION 2012
Protection Engine for SharePoint
17 Symantec Protection Engine
SYMANTEC VISION 2012
Client(s)
Symantec Protection Engine
Provide on-time/real-time protection
Files
Symantec Protection Engine
Symantec Protection Engine 18
SYMANTEC VISION 2012
Deployment Option 1
Onbox Architecture
Symantec Protection Engine 19
SharePoint Front-End
SQL Servers
Symantec Protection Engine
SPSS Connector
Symantec Protection Engine
SPSS Connector
• Protection Engine and SPSS Connector installed on front-end server
• No additional hardware required
• Simple installation
SYMANTEC VISION 2012
Deployment Option 2
Off-box Architecture
Symantec Protection Engine 20
SharePoint Front-End
SQL Servers
SPSS Connector
SPSS Connector
•Connector installed on each front-end server
•Can point each WFE to one or more scan engines installed on separate server
•Increases performance
•Designed to handle larger loads
Symantec Protection Engine
Symantec Protection Engine
SYMANTEC VISION 2012
Deployment Option 3
Hybrid Architecture
Symantec Protection Engine 21
SharePoint Front-End
SQL Servers
Symantec Protection Engine
SPSS Connector
Symantec Protection Engine
SPSS Connector
• One scan engine resides on front end server with connector
• Can handle one or more off-box scanners
• Increased performance with prioritization capabilities
• Designed to handle larger loads of scanning files
• Utilizes all available hardware
Symantec Protection Engine
Symantec Protection Engine
SYMANTEC VISION 2012
Symantec Protection Engine
• Next generation threat detection technologies powered by the largest threat intelligence network
Strongest Protection
• Vast platform support for server and SDK spanning Linux, Solaris and Windows.
Flexibility and Choice
• Provide robust malware protection for NAS platform, and almost any other application via SDK or ICAP.
Security Leadership
Symantec Protection Engine 22
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Symantec Protection Engine
Kevin Kingston - [email protected]
Ian McShane - @ianmcshane
23