Embed Size (px)
DESCRIPTION
Citation preview
1
Symantec Endpoint Protection 12
July 2011
Jan, 2007 - 250,000 viruses
Dec, 2009 – over 240 million
2
Malware authors have switched tactics
3
From:
A mass distribution of a relatively few threats e.g.
Storm made its way onto millions of machines across the globe
To:
A micro distribution model e.g.
The average Vundo variant is distributed to 18 Symantec users!
The average Harakit variant is distributed to 1.6 Symantec users!
75% of malware infect less than 50 machines
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
A Security Catastrophe… the growth in AV signatures
Signature based scanning won’t keep up
4
Single Agent, Single Console
On-Premise Infrastructure
Windows & Mac
5
Antivirus
Antispyware
Firewall
Intrusion Prevention
Device Control
Application Control
Network Access Control
(add-on)
What is SEP 12?
• Up to 70% reduction in scan overhead
• Smarter Updates• Faster Management
• Powered by Insight • Real Time Behavior
Monitoring with SONAR
• Tested and optimized for virtual environments
• Higher VM densities
6
Unrivaled Security
Built for Virtual Environments
Blazing Performance
What’s New in SEP 12
7
Powered by Insight
Proactive protection against new, mutating threats
• puts files in context, using their age, frequency, location and more to expose threats otherwise missed
• using community-based security ratings
• derived from Symantec's more than 175 million endpoints
2
Prevalence
Age
Source
Behavior3
4
Look for associations
Check the DB during scans
Rate nearly every file on the internet
5 Provide actionable data
1 Build a collection network
Associations
Is it new?
Bad reputation?
175 million
PCs
2.5 billion files
How Insight Works
8
Unrivaled Security
Hackers mutate threats to evade fingerprints
Mutated threats stick out like a sore thumb
It’s a catch-22 for the virus writers
– Mutate too much =Insight finds it
– Mutate too little = Easy to discover & fingerprint
9
Fc69ca74857db6c9c705f8688263239079988d40205ffaf9b0ea17b053e6352ad233
988d40205ffaf9b0ea17b053e6352ad233ae92bb2e9aa28542c685c59efcbac2490b
Symantec Protection Model
Defense in Depth
10
File-based
Protection Reputation-based
Protection
Behavioral-based
Protection
Network-based
Protection
Looks for and
eradicates malware
that has already taken
up residence on a
system
Establishes information
about entities e.g.
websites, files, IP
addresses to be used in
effective security
Looks at processes as
they execute and uses
malicious behaviors to
indicate the presence
of malware
Stops malware as it
travels over the network
and tries to take up
residence on a system
Domain Reputation
File Reputation
Insight
SONAR
Behavioral Signatures
Protocol aware IPS
Browser Protection
Network
Network File Reputation Behavioral
Website/
Domain/
IP address
File
Antivirus Engine
Auto Protect
Malheur
Proven Most Effective in Real World Test
11
% o
f sa
mp
les
96.2%
82.7%
63.5%57.7%
53.8% 51.9%
3.8%
3.8% 15.4%
5.8%3.8%
3.8%
13.5%
32.7%26.9%
40.4%44.2%
4%0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Symantec Sophos Kaspersky Trend Micro Microsoft McAfee
Infected
Partial
Blocked
FP
% False Po
sitives
Most Effective Remediation
12
10
5
10
15
20
25
30
0
20
40
60
80
100
120
Symantec Kaspersky Microsoft Sophos Malwarebytes McAfee Trend Micro
Rem
edia
tio
n S
core
(h
igh
er is
bet
ter)
Nu
mb
er of False Po
sitives (lo
we
r is better)
110104
94 93
75
69
24
Insight: Faster than Traditional Scanning
1313
Insight - Optimized ScanningSkips any file we are sure is good,leading to much faster scan timesOn a typical system, 70% of active
applications can be skipped!
Traditional ScanningHas to scan every file
Tests Prove SEP 12 Outperforms Competition
14
0
20
40
60
80
100
120
140
160
Symantec Kaspersky Trend Micro Microsoft Sophos McAfee Average
Symantec Endpoint Protection 12 Scans:
3.5X faster than McAfee
2X faster than Microsoft
Ranked 1st in overall Performance!
Lowest Memory Use
15
Symantec Endpoint Protection 12 uses:
66% less memory than McAfee
76% less memory than Microsoft
Memory Usage
0.0
20.0
40.0
60.0
80.0
100.0
120.0
140.0
160.0
180.0
Symantec Kaspersky Trend Micro
McAfee Sophos Microsoft Average
Built for Virtual Environments
16
Virtual Client Tagging
Virtual Image Exception
Shared Insight Cache
Resource Leveling
Together – up to 90% reduction in disk IO
Virtualization Features
17
Virtual Client Tagging
Virtual Image Exception
Shared Insight Cache
Offline Image Scanning
Resource Leveling
Together – up to 90% reduction in disk IO
Symantec Endpoint ProtectionSmall Business Edition 12.1
•Powered by Symantec Insight and SONAR
•Support for Macintosh
•Faster Installs and Upgrades
•Smart Scanning
18
Fastest
Most Effective
Simple
Solutions Tailored for Business of All Sizes
Desktops & Laptops
Servers, Desktops & Laptops
Servers, Desktops & Laptops
Servers, Desktops & Laptops
Servers, Desktops & Laptops
Desktops & Laptops
Servers, Desktops & Laptops
Servers, Desktops & Laptops
Servers, Desktops & Laptops
Desktops & Laptops
19
Desktops & Laptops
What’s Right For Your Business?
20
FeatureEndpoint
Protection Small Business Edition
EndpointProtection
Seats 5-99 seats 100+ seats
Antivirus/Antispyware • •
Desktop Firewall • •
Intrusion Detection/Prevention • •
Generic Exploit Blocking • •
Protection for Mac OS X and Windows • •
Protection for Linux •
Device and Application Control •
Network Access Control Self-Enforcement •
Flexible, granular policy management •
Enhanced Virtualization Features •
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
21
go.symantec.com/SEP12
