Sample Title Slide Standard Template
Download
Report
Transcript Sample Title Slide Standard Template
Redefining Endpoint Security
Alexander Paral
Manager Pre Sales Consulting
19.11.2008
Agenda
1
Environment and Endpoint Challenges
2
Symantec Endpoint Protection
3
Entitlement/Deployment/Migration
4
Symantec Network Access Control
5
Available Now
2
Corporate Network
is Continually Exposed
Guests
WANs
& Extranets
Internet Kiosks
& Shared
Computers
SSL VPN
Consultants
IPsec VPN
Employees
Working at Home
Web
Applications
Wireless
Networks
3
Business Problems at the Endpoint
Significant Increase in
Malicious New Code Threats
Source: Internet Security Threat Report Vol. XIII; Mar 2008
4
Key Ingredients for Endpoint Protection
AntiVirus
• World’s leading AV solution
• Most (40) consecutive VB100 Awards
Virus Bulletin – October 2008
Antivirus
Symantec
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
40
0
5
Key Ingredients for Endpoint Protection
Antispyware
• Best rootkit detection and removal
• VxMS = superior rootkit protection
Antispyware
Viruses, Trojans, Worms
Antivirus
Source: Thompson Cyber Security Labs, August 2006
6
Key Ingredients for Endpoint Protection
Firewall
• Industry leading endpoint firewall technology
• Gartner MQ “Leader” – 4 consecutive years
• Rules based FW can dynamically adjust port
settings to block threats from spreading
Firewall
Spyware, Rootkits
Antispyware
Viruses, Trojans, Worms
Antivirus
7
Key Ingredients for Endpoint Protection
Intrusion Prevention
• Combines NIPS (network) and HIPS (host)
• Generic Exploit Blocking (GEB) – one signature to
proactively protect against all variants
• Granular application access control
Intrusion
Prevention
Worms, Spyware
Firewall
Spyware, Rootkits
• TruScanTM - Proactive Threat Scanning technology Very low (0.0049%) false positive rate
• Detects 1,000 new threats/month - not detected by
leading av engines
No False
Alarm
25M Installations
Antispyware
Viruses, Trojans, Worms
Antivirus
False
Alarms
Fewer than 50 False Positives
for every 1 MM PC’s
8
Intrusion Prevention System (IPS)
Combined technologies offer best defense
Intrusion
Prevention
(IPS)
(N)IPS
Network IPS
Deep packet inspection
Generic Exploit Blocking
(H)IPS
Host IPS
Attack-facing
(Symantec sigs. via
LiveUpdate, Custom
sigs, SNORT-like)
Vulnerability-facing
(Signatures for
vulnerability)
System Lockdown
TruScanTM
White listing (tightly
control which
applications can run)
Behavior-based
(Proactive Threat
Scan technology)
9
TruScanTM - Proactive Threat Scan
Detects 1,000 threats/month not detected by top 5
leading antivirus engines
• 6 months testing with
Norton consumer technology
• Very low false positive
rate (0.004%)
• Fewer than 50 False Positives for every
1M computers
• No set up or
configuration required
10
Key Ingredients for Endpoint Protection
Device and Application Control
• Prevents data leakage
Device and Application
Control
0-day, Key Logging
Intrusion
Prevention
• Restrict Access to devices (USB keys, Back-up
drives)
• Whitelisting – allow only “trusted” applications to run
Worms, Spyware
Firewall
Spyware, Rootkits
Antispyware
Viruses, Trojans, Worms
Antivirus
11
Key Ingredient for Endpoint Compliance
Network Access
Control
Network Access Control
• Comes ready for Network Access Control – add on
Device and Application
Control
• Agent is included, no extra agent deployment
• Simply license SNAC Enforcement
Intrusion
Prevention
Firewall
Antispyware
Antivirus
12
Next Generation Symantec AntiVirus
Network Access
Control
Single Agent, Single Console
Results:
Device and Application
Control
Increased
Protection, Control &
Manageability
Intrusion
Prevention
Firewall
Reduced
Cost, Complexity &
Risk Exposure
Antispyware
Antivirus
Symantec Endpoint
Protection 11.0
Symantec Network
Access Control 11.0
Managed by Symantec Endpoint
Protection Manager
13
Next Generation Management
Comprehensive
Reporting
• 50+ canned
reports
• Customizable
Dashboard
• Monitors
14
What analysts are saying
Organizations should consider
Symantec Endpoint Protection if
they ….. are looking for a more
complete protection platform that
supports the selection of multiple
styles of protection from an
extensible agent framework and
managed from a single console.
Gartner Magic Quadrant
Endpoint Protection Platforms, 12/2007
15
Productivity Impact:
Open Word and PowerPoint Faster with Symantec
Microsoft Office 2007/Vista File “Open” Times
(Increase Over Unprotected System)
Symantec
100% Faster
Symantec
800% Faster
Time (seconds)
Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page
16 1 (08/2008)
16
Complement Security with Management
Symantec
Altiris
Altiris
Endpoint Protection
Software Delivery
Client Management
Integrated Component
Suite
Suite
• Streamline migrations
• Initiate scans or agent health tasks
• Dashboards integrate security and
operational information
•Apply Patches
•Ensure software is installed and stays
installed
• Report machines not connecting
•Identify missing hard-drives
• Policy-based software delivery
• Application Management
• Software Virtualization
• Patch Management
• Backup and Recovery
• Application Usage
• Remote Control
17
Is Endpoint Protection Enough
Protection?
“What Are The Most Common Sources Of Automated Internet Worm Attacks ?”
43%
Employee Laptop
39%
Internet Through Firewall
34%
Non-Employee Laptop
27%
VPN Home System
Don’t Know
8%
Other
8%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
18
Challenge:
Access to Corporate Networks
Partners
Partners
Consultants
Consultants
Hotel Business
Center
Auditors
Corporate Network
Home PC
Open access to corporate networks means
higher risk for infection
19
Solution:
Network Access Control
• Checks adherence to endpoint
security policies
Antivirus installed and current?
NAC is process
that creates a much
more secure
network
Firewall installed and running?
Required patches and service packs?
Required configuration?
• Fixes configuration problems
• Controls guest access
Network Access Control helps prevent malware from
spreading throughout the network
Network Access Control (continued)
• Restricts access to your network by creating a closed system
• Offers automatic endpoint remediation before access is granted
• Checks adherence to endpoint security policies even when connected to network
Employees
Unmanaged
On-site
Non-employees
Managed
Remote
Corporate Network
Symantec Network Access Control
3 Key Components
1. Central Management Console
2. Endpoint Evaluation Technology
3. Enforcer
22
1. Central Management Console
Symantec Endpoint Protection Manager
• Policy Management
• Web-based GUI
• Enterprise class/scale
• Role-based access
• Hierarchical views
• Integration with Active Directory
Same Management Console used for
Symantec Endpoint Protection 11.0
23
2. Endpoint Evaluation Technologies
Remote Scanner
Good
Dissolvable Agents
Better
‘Unmanagable’ Endpoints
‘Unmanaged’ Endpoints
Persistent Agents
Best
‘Managed’ Endpoints
Symantec Endpoint Protection 11.0 agent
is SNAC ready
24
Host-based
3. Enforcers
Symantec Self-Enforcement
Good
Network-based
(optional)
Symantec Gateway Enforcer
Better
Symantec DHCP Enforcer
Symantec LAN Enforcer-802.1X
Best
25
How SNAC is Packaged
Symantec
Network
Access
Control
v 11.0
Symantec
Network
Access
Control
Starter Edition
v 11.0
Central Management Console
Symantec Endpoint Protection Manager
Endpoint Evaluation Technology
Persistent Agent (SNAC Agent)
Dissolvable Agent (On-Demand Agent)
Remote Vulnerability Scanner
Add On
Add On
Add On
Add On
Endpoint Evaluation Technology
Self - Enforcement
Gateway Enforcement
DHCP Enforcement
LAN (802.1x) Enforcement
*
*
*
* Required purchase of an enforcer appliance
26
Symantec NAC Self-Enforcement:
How It Works
Symantec
Endpoint
Protection
Manager
Persistent Agent
Protected
Network
Onsite or
Remote
Laptop
Quarantine
Remediation
Resources
Host Integrity Rule
Client
connects to
network and
validates
policy
Persistent
Agent
performs
selfcompliance
checks
Compliance pass:
Apply “Office”
firewall policy
Compliance fail:
Apply “Quarantine”
firewall policy
Status
Anti-Virus On
Anti-Virus Updated
Personal Firewall On
Service Pack
Updated
Patch Updated
27
Where Endpoint Security Fits
Mobile
office
Coffee
House
Server
Home
office
Web
Server
Satellite
office
Home PC
USB
Partners
CD
SymantecTM
Endpoint Protection
Endpoint Protection
File
Server
SymantecTM
Mobile
Device
Corporate Network
Endpoint Encryption
Endpoint Encryption
SymantecTM
Advanced
Server
Critical System
Protection
Protection
SymantecTM
Mobile Security
Mobile Security
SymantecTM
Network Access
Network Access
Control
Control
28
Available Today
• Customers with valid maintenance will automatically receive
an email notification from which they can easily download the
software
• Download software by directly visiting Symantec’s electronic
software distribution website (“FileConnect”- serial number
required)
– http://www.symantec.com/downloads/fileconnect/index.jsp
• Visit Symantec’s Licensing Portal that delivers multi-function
capabilities in one easy-to-navigate portal (serial and/or
account number required)
– http://www.symantec.com/enterprise/licensing/index.jsp?src=symsug_
us
29
Symantec™ Global Intelligence Network
4 Symantec SOCs
80 Symantec Monitored
Countries
40,000+ Registered Sensors
in 180+ Countries
11 Symantec Security
Response Centers
> 7,000 Managed Security Devices + 120 Million Systems Worldwide + 2Million Probe Network + Advanced Honeypot Network
Dublin, Ireland
Tokyo, Japan
Calgary, Canada
San Francisco, CA
Mountain View, CA
Chengdu, China
Reading, England
Culver City, CA
Austin, TX
Alexandria, VA
Pune, India
Taipei, Taiwan
Chennai, India
Sydney, Australia
• Received 40 consecutive Virus
Bulletin 100% Certification awards*
• TruScanTM technology catches 1,000
more threats per month than other
AV vendors**
* Source: virusbtn.org; ** Source: Symantec
30
Thank You!
Alexander Paral, Manager Pre Sales Consulting
M: +43 (664) 5013926
@: [email protected]
Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or
implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.