1
Intel and Symantec: Improving performance, security, manageability and data protection
Omid Meshkin Strategic Business Development
Terry Cutler Enterprise Solution Architect
SYMANTEC VISION 2012
Session Objectives
By the end of this session you will be:
• Educated on the value of Intel silicon combined with Symantec
• Promoting the improved performance, security, manageability, and data protection enable via Intel and Symantec collaboration
• Eager to see the Intel showcase demonstrations
2
SYMANTEC VISION 2012
Where were Intel and Symantec Collaborating 2-3 years ago?
3
Manageability
• Symantec Client Management
Suite + Intel vPro Technology
• Future
Security
• Future
• Future
• Future
• Future
• Future
• Future
• Future
Information Management
Consumer Other Programs
• Future
• Future
• Future
• Future
• Future
• Future
• Future
• Future
• Future
• Future
• Future
This presentation will summarize many of the “futures” that now exist
3
SYMANTEC VISION 2012
Symantec Appliances Powered by Intel
• A new and fast growing generation of industry leading appliances for backup and security
NetBackup
BackupExec
SSIM
• Strong collaboration for hardware & software differentiation
• Scalable architecture to meet customer needs
• Optimized for energy efficiency
• Business-critical Reliability, Availability, and Serviceability (RAS)
• Flexibility and scalability through Intel® Integrated RAID and Intel SSDs
SYMANTEC VISION 2012
Tape Out - SAS Port
Software - Backup Exec 2012, Critical System Protection, Windows 2008 R2
Ethernet - 3x 1GB Ports
USB - 4x USB 2.0 Ports
SSD Disk – 2 x 80 GB RAID 1 (Windows®)
CPU - Quad core Intel® Xeon 2.4 GHz, 8MB cache
Memory - 16 GB DDR3 1333, ECC
SAS Disk - 5.5 TB RAID 5 (Data Store)
6
BackupExec 3600 R2 Appliance
Backup Exec 3600 R2 Appliance
SYMANTEC VISION 2012
SMB
Intel® Hybrid Cloud Server Reference Design
Intel AppUpSM Small Business Service Catalog
Service Provider
Multiple Xeon® based hardware options with Intel® VT, TXT, AMT technologies
Break Fix Help Desk Cloud Backup
Intel® Hybrid Cloud Server Manager
Secure Usage Monitoring Remote Mgmt Web Portal
Intel AppUpSM Small Business Service Built on the Intel® Hybrid Cloud Platform
• SMB Benefits: • Pay-as-you-go Software • Cloud access to Software Catalog • Data onsite, no capex
• MSP/ISV Benefits: • Convert to subscription model • Immediate On-Line Software Catalog • Create your own offers • Pre-configured , remotely managed
• OEM Benefits: • Grow SMB sales with Hybrid Cloud appliance
SYMANTEC VISION 2012
Business User Requirements
Responsiveness
Mobility
User Interface(s)
Form Factor
Device Like Experience
Reliability
Security
Stability
Manageability
Business-Level Performance
IT Decision Maker Requirements
Ultrabook™ for Business
Ultrabook™ for Business extends current content creation capabilities with optimized
mobile experiences without compromising security and manageability
Intel® vPro and Intel®
Small Business
Advantage
Ultra-Light. Ultra-Sleek. Ultra-Powerful.
Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries
Announcing Ultrabook™
Full PC Functionality and Enterprise-Class Security in an Ultra-mobile Package – only from Intel®
SYMANTEC VISION 2012
Security
Monitoring
Remediation
Reporting
Threat
Management
Data Protection Identity and
Access
Quickly
recover from
an attack
Defending you
against hidden
Trojans and
more
Access to your
systems and
services is
more secure
Protect your
valuable data
and assets from
theft or loss
2012 Intel® vPro™ Technology Platform Security Focus Points
Only Intel® Core™ vPro™ Processor offers these
Unique Security Capabilities
SYMANTEC VISION 2012
• Intel® Trusted Execution Technology (Intel® TXT)
• Intel® Virtualization Technology (Intel® VT)
• Intel® Operating System Guard (Intel® OS Guard)
• Intel® Identity Protection Technology (Intel® IPT) with Public Key Infrastructure (PKI)
• Intel ® Identity Protection Technology with protected transaction display
• Intel ® Identity Protection Technology with Onetime Password
• Remote Encryption Management
• Intel® Anti-Theft Technology (Intel® AT)
• Intel® Advanced Encryption Standard – New Instructions (Intel® AES-NI)
• Intel® Secure Key
Holistic Approach to Securing and Managing the Client
Security Monitoring / Remediation/ Reporting
Threat Management Identity & Access Data Protection
Intel® Active Management Technology (Intel® AMT) Enhanced KVM
Intel and Symantec product collaborations available today
SYMANTEC VISION 2012
Intel® AES-NI Technology Keep Data Safer and End-users More Productive
13
Intel® AES-NI… …Helps Speed Data Protection
Whole-disk Encryption
Internet Security
File Storage Encryption Accelerate Encryption Operations
0 1 2 3 4
i5-2400 (desktop) i5-2520M (laptop)
E6550 (desktop) T7250 (laptop)
Up to 4x faster encryption
Sample of Enabled Vendors
PGP Whole Disk Encryption Enabled with AES-NI Today
SYMANTEC VISION 2012
Introducing Intel® Secure Key in 2012 Platforms
High Quality
• With a high-quality, high-volume Entropy Source, resulting random numbers are at its highest quality (i.e. highly unpredictable).
• “Standards” compliant (NIST SP 800-90) and NIST FIPS 140-2 Level 2 certified.
High Performance
• Faster than any other entropy source today.
Easy Access
• RdRand instruction available to all applications and at any privilege level.
Secure
• HW module implementation isolates Entropy Source and DRBG from attacks.
Digital Random Number Generator for more robust encryption
14
To be included in future Symantec products High Performance, High Availability, and High Quality Cryptography
SYMANTEC VISION 2012
Supported Platforms?
• Introduced in 2011 with 2nd generation Intel® Core™ processor-based PCs
• Intel® IPT is embedded in the Intel Management Engine (ME) isolated from the OS
• The one time code is validated by a third party security ISV used by the websites or enterprises
Who does this help?
• End users by adding security that is easy to use
• Web Sites, to protect their users accounts, and limit losses
• Enterprises who want more secure methods for employees to remotely log in, but don’t want the hassles of tracking physical tokens or lowered security due to software tokens
Intel® Identity Protection Technology One Time Password (OTP)
Traditional
hardware token
Now embedded into your PC
Intel® IPT provides a simple way
for Web-sites and enterprises to
validate that a user is logging in
from a trusted PC.
Embedded tokens work with all
Symantec VIP Protected websites
16
SYMANTEC VISION 2012
OTP Enterprise Deployment Use Case
Enterprise
17
OTP Generated by Intel® IPT
SYMANTEC VISION 2012
Introducing Intel® Identity Protection Technology with Public Key Infrastructure (PKI) in 2012
Validate legitimate user – Digital Signature 2012
Embedded Public Key Infrastructure (PKI)
Private key generated and secured locally
Used for authentication and encryption
Lower cost versus smart cards
Easier usability
More secure than software-only solution
Integrated with secure I/O
Available on the Intel® Core™ vPro™ processor family in 2012
SYMANTEC VISION 2012
Intel® Identity Protection Technology with PKI and Protected Transaction Display in 2012
Now embedded into your PC
IPT-PKI= Platform Embedded Asymmetrical Token.
Protected Transaction Display window, not visible to SW
In addition to the embedded private key, a secure PIN pad entry required for two-factor authentication.
Come See the Demonstration in the Intel Showcase Attend Session SS B03, Wednesday @ 1pm, Room 112
SYMANTEC VISION 2012
Intel® Identity Protection Technologies
One-Time Password token built in to chipset enabling frictionless 2-factor user authentication for website and secure VPN access.
Token
IPT with PKI* uses PKI certificates to authenticate User and Server to each other and to encrypt and sign documents.
Digital Certificate
Protects PC display from malware scraping and proves human presence at PC.
OTP – Ultrabook™ or vPro Protected Transaction Display (PTD) Ultrabook™ or vPro
PKI - vPro only
927316250
Server Server
Password Entry
Username Password +
OTP: 927316250
Server
Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries
Symantec Enabled on IPT-OTP, IPT-PKI, and IPT-PTD
SYMANTEC VISION 2012
Managing “In-Band” and “Out-of-Band”
A Well Managed Client is a Secure Client
22
In-Band Management
Operating System Deployment
Software Updates and Fixes
Inventory and Data Collection
Remote Desktop and Diagnostics
Out-of-Band Management
Control of system power state
Integrated IP-KVM
Control boot source
Hardware based alerts
SYMANTEC VISION 2012
How does Intel® AMT Work?
Intel® vPro™ Technology Client
Operating
System
Chipset
Management
Engine
Network
Interface
Intel® AMT
Network
• Resides between the network interface and the OS
• Out-of-band Management traffic is handled directly by Intel® AMT itself
• Intel® AMT communications below OS
* A component of Intel® vPro™ Technology, Intel® Active Management Technology (AMT) enables Out-of-Band Management
Come See the Demonstration in the Intel Showcase
SYMANTEC VISION 2012
Intel® Active Management Technology Recovery and Enhanced Patching
IT Help Desk
New Features since 2010
Enhanced KVM Remote Control
Host Based Configuration
Intel Setup and Config Software v8
vPro PowerShell Module
Intel Use Case Reference Designs Business Employees
Beyond the
operating
system event Beyond the operating system management
Intel® Core™ vPro™ Processor
Intel® Chipset
Intel® Network Adapter
Remote diagnose, isolate, and repair PCs – even if they are unresponsive
SYMANTEC VISION 2012
Entry-level computing
Smart performance
Built for Business,
Engineered for Security
Intel® IPT with OTP
Intel® AES-NI
Intel® Secure Key*
Intel® Anti-Theft Technology
Remote KVM
Intel® AMT
Intel® IPT with PKI*
Intel® IPT with protected transaction Display*
Only on Ultrabook™ or vPro
Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries
Intel Security Capabilities by Platform
*Requires 3rd Generation Intel® Core platform
Intel® vPro™ Technology platforms include all security and management technologies
SYMANTEC VISION 2012
Today: Symantec & Intel Collaboration
Security
• Intel IPT & UserAuth (VIP)
• Intel PKI & Managed PKI
• Intel Protected Transaction
Display & Managed PKI
• Intel AES-NI + Encryption
• Intel® Secure Key + Encryption
• SSIM Appliance
• Hybrid Cloud Appliance (SEP)
Manageability Information Management
Consumer Other Programs
• Symantec Client Management
Suite + Intel vPro Technology
• Intel® Small Business Advantage
and Norton Suite
• NetBackup Appliances
• BackupExec Appliance
• BackupExec Channel Program
• Hybrid Cloud Appliance (BE)
• Intel Anti-Theft + Norton
• Intel AppUp + Norton PC Tools
• Norton AV Channel Bundle
• Healthcare Initiative
• Medical Device (Altiris, CSP)
• Server Innovations
• Storage Innovations
Growing Portfolio for Enhance Solution Value
SYMANTEC VISION 2012
Have the Session Objectives been met?
By the end of this session you will be:
• Educated on the value of Intel silicon combined with Symantec
• Promoting the improved performance, security, manageability, and data protection enable via Intel and Symantec collaboration
• Eager to see the Intel showcase demonstrations
29
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
30
SYMANTEC VISION 2012
IT Help Desk
Intel® Core™ vPro™ Processors with Intel® Anti-Theft Technology¹ Protects PCs
1 Intel® Anti-Theft Technology requires the computer system to have an Intel® AT-enabled chipset, BIOS, firmware release, software, and an Intel AT-capable Service Provider/ISV application and service subscription.
PC shows customized message and remains disabled even if OS is re-installed
2
PC can be easily reactivated via a local password or server-generated code
3
Local intelligence on PC detects potential theft and triggers action or PC is disabled via poison pill sent over Internet
1
31
Hardware-based Security to Help Protect Your PC and Data When it is Lost of Stolen