View
222
Download
7
Tags:
Embed Size (px)
Citation preview
Redefining Endpoint Security
Alexander ParalManager Pre Sales Consulting19.11.2008
2
Environment and Endpoint Challenges11
Symantec Endpoint Protection22
Symantec Network Access Control44
Agenda
Entitlement/Deployment/Migration33
Available Now55
3
Corporate Network is Continually Exposed
WirelessNetworks
WebApplications
Guests
Consultants
IPsec VPN
EmployeesWorking at Home
WANs& Extranets
SSL VPN
Internet Kiosks& Shared
Computers
4
Business Problems at the Endpoint
Source: Internet Security Threat Report Vol. XIII; Mar 2008Source: Internet Security Threat Report Vol. XIII; Mar 2008
Significant Increase in Malicious New Code Threats
55
Key Ingredients for Endpoint Protection
Antivirus
AntiVirus
• World’s leading AV solution
• Most (40) consecutive VB100 Awards
Virus Bulletin – October 2008Virus Bulletin – October 2008
SymantecPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASS
400
66
Key Ingredients for Endpoint Protection
Antivirus
Antispyware
Antispyware
• Best rootkit detection and removal
• VxMS = superior rootkit protection
Source: Thompson Cyber Security Labs, August 2006
Viruses, Trojans, WormsViruses, Trojans, Worms
77
Key Ingredients for Endpoint Protection
Antivirus
Antispyware
Firewall
Firewall
• Industry leading endpoint firewall technology
• Gartner MQ “Leader” – 4 consecutive years
• Rules based FW can dynamically adjust port settings to block threats from spreading
Viruses, Trojans, WormsViruses, Trojans, Worms
Spyware, RootkitsSpyware, Rootkits
88
Key Ingredients for Endpoint Protection
Antivirus
Antispyware
Firewall
IntrusionPrevention
Intrusion Prevention
• Combines NIPS (network) and HIPS (host)
• Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants
• Granular application access control
• TruScanTM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate
• Detects 1,000 new threats/month - not detected by leading av engines
No False Alarm
False Alarms
25M Installations25M Installations
Fewer than 50 False Positives for every 1 MM PC’s
Fewer than 50 False Positives for every 1 MM PC’s
Worms, SpywareWorms, Spyware
Spyware, RootkitsSpyware, Rootkits
Viruses, Trojans, WormsViruses, Trojans, Worms
9
Intrusion Prevention System (IPS)Combined technologies offer best defense
(N)IPSNetwork IPS
(H)IPSHost IPS
Deep packet inspectionAttack-facing(Symantec sigs. via LiveUpdate, Custom sigs, SNORT-like)
IntrusionPrevention
(IPS)
TruScanTM Behavior-based (Proactive Threat Scan technology)
Generic Exploit Blocking Vulnerability-facing (Signatures for vulnerability)
System Lockdown
White listing (tightly control which applications can run)
10
Detects 1,000 threats/month not detected by top 5 leading antivirus engines
TruScanTM - Proactive Threat Scan
• 6 months testing with Norton consumer technology
• Very low false positive rate (0.004%)
• Fewer than 50 False Positives for every 1M computers
• No set up or configuration required
1111
Key Ingredients for Endpoint Protection
Antivirus
Antispyware
Firewall
IntrusionPrevention
Device and ApplicationControl
Device and Application Control
• Prevents data leakage
• Restrict Access to devices (USB keys, Back-up drives)
• Whitelisting – allow only “trusted” applications to run
W32.SillyFDC
• targets removable memory sticks
• spreads by copying itself onto removable drives
such as USB memory sticks
• automatically runs when the device is next
connected to a computer
Spyware, RootkitsSpyware, Rootkits
Viruses, Trojans, WormsViruses, Trojans, Worms
Worms, SpywareWorms, Spyware
0-day, Key Logging0-day, Key Logging
1212
Key Ingredient for Endpoint Compliance
Antivirus
Antispyware
Firewall
IntrusionPrevention
Device and Application Control
Network AccessControl
Network Access Control
• Comes ready for Network Access Control – add on
• Agent is included, no extra agent deployment
• Simply license SNAC Enforcement
1313
Next Generation Symantec AntiVirus
Results:
Reduced Cost, Complexity &
Risk Exposure
Increased Protection, Control &
Manageability
Antivirus
Antispyware
Firewall
IntrusionPrevention
Device and ApplicationControl
Network AccessControl
Single Agent, Single ConsoleSingle Agent, Single Console
Managed by Symantec Endpoint Protection Manager
Managed by Symantec Endpoint Protection Manager
Symantec Network Access Control 11.0
Symantec Endpoint Protection 11.0
14
Next Generation Management
Comprehensive Reporting
• 50+ canned reports
• Customizable Dashboard
• Monitors
15
What analysts are saying
Organizations should consider Symantec Endpoint Protection if they ….. are looking for a more complete protection platform that supports the selection of multiple styles of protection from an extensible agent framework and managed from a single console.
Organizations should consider Symantec Endpoint Protection if they ….. are looking for a more complete protection platform that supports the selection of multiple styles of protection from an extensible agent framework and managed from a single console.
Gartner Magic QuadrantEndpoint Protection Platforms, 12/2007
1616
Productivity Impact:Open Word and PowerPoint Faster with Symantec
Microsoft Office 2007/Vista File “Open” Times
(Increase Over Unprotected System)
Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008)
Symantec100% Faster
Symantec800% Faster
17
Altiris
Client ManagementSuite
• Policy-based software delivery• Application Management• Software Virtualization• Patch Management• Backup and Recovery• Application Usage• Remote Control
Altiris
Software Delivery Suite
•Apply Patches •Ensure software is installed and stays installed
• Report machines not connecting•Identify missing hard-drives
Complement Security with Management
Symantec
Endpoint Protection Integrated Component
• Streamline migrations• Initiate scans or agent health tasks• Dashboards integrate security and
operational information
18
Is Endpoint Protection Enough Protection?
Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Employee Laptop
Internet Through Firewall
Non-Employee Laptop
VPN Home System
Don’t Know
Other
43%
39%
34%
27%
8%
8%
“What Are The Most Common Sources Of Automated Internet Worm Attacks ?”
19
Challenge:Access to Corporate Networks
Corporate Network
Partners
Consultants
AuditorsHome PC
Hotel Business Center
Partners
Open access to corporate networks meanshigher risk for infection
Consultants
Solution:Network Access Control
• Checks adherence to endpoint security policies Antivirus installed and current?
Firewall installed and running?
Required patches and service packs?
Required configuration?
• Fixes configuration problems
• Controls guest access
Network Access Control helps prevent malware from spreading throughout the network
NAC is process that creates a much
more secure network
Network Access Control (continued)
• Restricts access to your network by creating a closed system
• Offers automatic endpoint remediation before access is granted
• Checks adherence to endpoint security policies even when connected to network
Corporate Network
Employees Non-employees
ManagedUnmanaged
On-site Remote
22
Symantec Network Access Control 3 Key Components
1. Central Management Console
2. Endpoint Evaluation Technology
3. Enforcer
23
1. Central Management Console
• Policy Management
• Web-based GUI
• Enterprise class/scale
• Role-based access
• Hierarchical views
• Integration with Active Directory
Symantec Endpoint Protection Manager
Same Management Console used for Symantec Endpoint Protection 11.0
24
2. Endpoint Evaluation Technologies
Symantec Endpoint Protection 11.0 agentis SNAC ready
Dissolvable Agents‘Unmanaged’ Endpoints
Better
Remote Scanner‘Unmanagable’ Endpoints
Good
Persistent Agents‘Managed’ Endpoints
Best
25
3. Enforcers
Symantec LAN Enforcer-802.1X
Symantec DHCP Enforcer
Symantec Gateway Enforcer
Symantec Self-Enforcement
Ho
st-b
ased
Net
wo
rk-b
ased
(o
pti
on
al)
Best
Better
Good
26
How SNAC is Packaged
Central Management Console
Endpoint Evaluation Technology
Endpoint Evaluation Technology
Symantec Endpoint Protection Manager
Persistent Agent (SNAC Agent)
Dissolvable Agent (On-Demand Agent)
Remote Vulnerability Scanner
Self - Enforcement
Gateway Enforcement
DHCP Enforcement
LAN (802.1x) Enforcement
*
*
Add On
Add On
Add On
Add On
*
SymantecNetworkAccess Controlv 11.0
SymantecNetworkAccess Control
Starter Editionv 11.0
* Required purchase of an enforcer appliance
27
Symantec NAC Self-Enforcement:How It Works
Onsite or Remote Laptop
Symantec Endpoint
Protection Manager
RemediationResources
Client connects to network and
validates policy
PersistentAgent
performs self-
compliance checks
Compliance fail: Apply “Quarantine”
firewall policy
Compliance pass: Apply “Office” firewall policy
Host Integrity Rule Status
Anti-Virus On Anti-Virus Updated Personal Firewall On Service Pack Updated
Patch Updated
Persistent Agent
Protected Network
Quarantine
Patch Updated
28
Satelliteoffice
Where Endpoint Security Fits
Corporate Network
Home PC
Homeoffice
CoffeeHouse
Mobile Device
Mobileoffice
File Server
Web Server
CD
USB
Server
Endpoint Protection Endpoint EncryptionAdvanced Server Protection
Mobile Security Network Access Control
Partners
SymantecTM Endpoint Protection
SymantecTM
Endpoint Encryption
SymantecTM Critical System Protection
SymantecTM
Mobile Security
SymantecTM
Network Access Control
29
Available Today
• Customers with valid maintenance will automatically receive an email notification from which they can easily download the software
• Download software by directly visiting Symantec’s electronic software distribution website (“FileConnect”- serial number required)
– http://www.symantec.com/downloads/fileconnect/index.jsp
• Visit Symantec’s Licensing Portal that delivers multi-function capabilities in one easy-to-navigate portal (serial and/or account number required)
– http://www.symantec.com/enterprise/licensing/index.jsp?src=symsug_us
3030
Symantec™ Global Intelligence Network
> 7,000 Managed Security Devices + 120 Million Systems Worldwide + 2Million Probe Network + Advanced Honeypot Network
Reading, England
Alexandria, VA
Sydney, Australia
Mountain View, CA
Culver City, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, India
Taipei, Taiwan
Tokyo, Japan
4 Symantec SOCs80 Symantec Monitored
Countries40,000+ Registered Sensors
in 180+ Countries11 Symantec Security
Response Centers
Austin, TX
Chengdu, China
Chennai, India
• Received 40 consecutive Virus Bulletin 100% Certification awards*
• TruScanTM technology catches 1,000 more threats per month than other AV vendors**
* Source: virusbtn.org; ** Source: Symantec
Thank You!
Alexander Paral, Manager Pre Sales Consulting
M: +43 (664) 5013926
Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.