Symantec Protection Engine

Kevin Kingston Senior Product Manager

Ian McShane Senior Manager, Product Management

Symantec Protection Engine 1

SYMANTEC VISION 2012

Where is your data?

Symantec Protection Engine 2

SYMANTEC VISION 2012

What’s the problem?

• You shouldn’t trust any of them. Ever. File uploads

• You shouldn’t trust any files. Ever. File sharing

• You must establish trust before this happens, but don’t rely on it. File processing

• You shouldn’t trust any files, ever. File storage /

archiving

Symantec Protection Engine 3

SYMANTEC VISION 2012

The solution has to be Client Agnostic

No security agent

No management

No guarantees

Symantec Protection Engine 4

SYMANTEC VISION 2012

Evolution of Protection Engine

Symantec Carrier

Scan 2002

Symantec Scan

Engine 2005

Symantec Protection

Engine 2012

Symantec Protection Engine 5

Performance

Scalability

Enterprise

Storage protection

Policy Control

Next Gen Protection

Mobile threats

Insight Reputation

Content Sanitising

SYMANTEC VISION 2012

Protection Engine for Cloud Services

6 Symantec Protection Engine

SYMANTEC VISION 2012

Client(s)

Symantec Protection Engine

Provide on-time/real-time protection

Applications, URLs, Files, etc….

Exchange SharePoint

Network Storage Cloud Services/ SAAS

..etc...

Storage, web apps,

LOB apps, collaboration,

Virtual Machine storage,

carrier/telco…

Symantec Protection Engine

Symantec Protection Engine 7

SYMANTEC VISION 2012

What can Protection Engine do?

Threat Detection

Policy Control

URL Filtering

Next Gen AV. Most popular file types. Latest AV definitions available via LiveUpdate, Rapid Release and Intelligent Update technologies.

RuleSpace technology with intelligence on more than 33 million URLs. User defined category support. Latest URL definitions available via LiveUpdate technology.

File size File type Scan result Container policies

Symantec Protection Engine 8

SYMANTEC VISION 2012

The Scanning Components

Typer Accurate file identification

Decomposer Inspect containers and almost all file types and formats

STAR components

Signature based threat detection

Advanced Heuristics for

threat detection

File reputation based threat

detection (2013)

Symantec Protection Engine 9

SYMANTEC VISION 2012

Popular Deployment Scenarios for ISP’s and Enterprise

Integrate with ANY application either via ICAP or SDK

Symantec Protection Engine 10

• URL classification / Blocking with Symantec RuleSpace

• File upload & download protection

• SMTP & MMS attachments

• Android application (apk) protection

• Cloud storage

SYMANTEC VISION 2012

Software Developer Kit v7.0 (C SDK)

Operating system Arch Compiler

Red Hat Enterprise Linux 5.5 x64 gcc 4.1.2

Red Hat Enterprise Linux 6 x86_64 gcc 4.4.5-6

Red Hat Enterprise Linux (SELinux)] 5 x86 gcc 3.4.6

Solaris 10 (SPARC) 32bit gcc 3.4.6

Solaris 10 (SPARC) 64bit gcc 3.4.3

Solaris 10 (x86) 32bit gcc 3.4.3

Solaris 10 (x86) 64bit gcc 3.4.3

Windows Server 2008 R2 x64 MS Visual Studio 2008 MS Visual Studio 2010

Windows Server 2003 R2 x86 MS Visual Studio 2003

Symantec Protection Engine

Latest compilers added for each platform

SDK updated to support new ICAP services for Enhanced Threat Categorization. New return codes added for Unscannable File Handling

11

SYMANTEC VISION 2012

Software Developer Kit v7.0 (Java and .Net SDK)

Operating system Arch Compiler

Microsoft Windows Server 2003 R2 x86 jdk 1.6

Microsoft Windows Server 2008 x86 jdk 1.6

Solaris (SPARC) 10 x86 jdk 1.6

Red Hat Enterprise Linux 5.5 x86 jdk 1.6

Microsoft Windows Server 2008 R2 x64 jdk 1.6

Solaris (SPARC) 10 x64 jdk 1.6

Red Hat Enterprise Linux 5.5 x64 jdk 1.6

Symantec Protection Engine

Java SDK – Supported Platforms and Compilers

.Net SDK – Supported Platforms and Compilers

Operating system Arch Compiler

Microsoft Windows Server 2003 R2 x86 .NET 2005

Microsoft Windows Server 2008 R2 x64 .NET 2008

12

SYMANTEC VISION 2012

Protection Engine for NAS

13 Symantec Protection Engine

SYMANTEC VISION 2012

Why does Network Attached Storage need protection?

• Defense in Depth

– Provides protection on storage that can not be bypassed by clients

• Massive Centralized Repository for Sensitive Data

– Centralized vector of infection!

– Can be specifically targeted by hackers

• Unmanaged Clients that have access to Storage

– PCs, Linux, Mac, Virtual Machines

Symantec Protection Engine 14

SYMANTEC VISION 2012

What is Protection Engine for NAS?

• Network based virus scanner

– Supports ICAP and RPC protocols(RPC used for NetApp support only)

• Most common integration with NetApp DataONTAP client

– RPC-based connector built-in to ONTAP’s CIFS protocol

– Determines which files to Scan

• Read, Write, Read/Write

• Include/Exclude list

• Already Scanned?

• Mandatory scan option

Symantec Protection Engine 15

SYMANTEC VISION 2012

Other common storage integrations

• Hitachi NAS

• EMC Isilon, VNX(formerly Celerra)

• IBM Sonas and Storwize

* These platforms utilize ICAP protocol and are certified by vendor

Symantec Protection Engine 16

SYMANTEC VISION 2012

Protection Engine for SharePoint

17 Symantec Protection Engine

SYMANTEC VISION 2012

Client(s)

Symantec Protection Engine

Provide on-time/real-time protection

Files

Symantec Protection Engine

Symantec Protection Engine 18

SYMANTEC VISION 2012

Deployment Option 1

Onbox Architecture

Symantec Protection Engine 19

SharePoint Front-End

SQL Servers

Symantec Protection Engine

SPSS Connector

Symantec Protection Engine

SPSS Connector

• Protection Engine and SPSS Connector installed on front-end server

• No additional hardware required

• Simple installation

SYMANTEC VISION 2012

Deployment Option 2

Off-box Architecture

Symantec Protection Engine 20

SharePoint Front-End

SQL Servers

SPSS Connector

SPSS Connector

•Connector installed on each front-end server

•Can point each WFE to one or more scan engines installed on separate server

•Increases performance

•Designed to handle larger loads

Symantec Protection Engine

Symantec Protection Engine

SYMANTEC VISION 2012

Deployment Option 3

Hybrid Architecture

Symantec Protection Engine 21

SharePoint Front-End

SQL Servers

Symantec Protection Engine

SPSS Connector

Symantec Protection Engine

SPSS Connector

• One scan engine resides on front end server with connector

• Can handle one or more off-box scanners

• Increased performance with prioritization capabilities

• Designed to handle larger loads of scanning files

• Utilizes all available hardware

Symantec Protection Engine

Symantec Protection Engine

SYMANTEC VISION 2012

Symantec Protection Engine

• Next generation threat detection technologies powered by the largest threat intelligence network

Strongest Protection

• Vast platform support for server and SDK spanning Linux, Solaris and Windows.

Flexibility and Choice

• Provide robust malware protection for NAS platform, and almost any other application via SDK or ICAP.

Security Leadership

Symantec Protection Engine 22

Thank you!

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Symantec Protection Engine

Kevin Kingston - kevin_kingston@symantec.com

Ian McShane - @ianmcshane

23