Upload
dsunte-wilson
View
1.451
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, Windows and Mac computers, and servers in your network against malware. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your computers against known and unknown threats.
Citation preview
1
SYMANTEC ENDPOINT PROTECTION
ADMINISTRATION
2
MODULE 1: INTRODUCTION
3
INTRODUCTION TO SYMANTEC ENDPOINT PROTECTION Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, Windows and Mac computers, and servers in your network against malware.
Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your computers against known and unknown threats.
4
TYPES OF PROTECTION
Virus and Spyware Protection
Network Threat Protection
Proactive Threat Protection
5
VIRUS AND SPYWARE PROTECTION Virus and Spyware Protection protects computers from viruses and security risks, and in many cases can repair their side effects.
The protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans.
6
VIRUS AND SPYWARE PROTECTION
7
NETWORK THREAT PROTECTION Network Threat Protection provides a firewall and an intrusion prevention system to prevent intrusion attacks and malicious content from reaching the computer that runs the client software.
8
NETWORK THREAT PROTECTION
Internet
CompanyNetworks
9
PROACTIVE THREAT PROTECTION
Proactive Threat Protection uses SONAR to protect against zero-day attack vulnerabilities in your network.
Zero-day attack vulnerabilities are the new vulnerabilities that are not yet publicly known.
THREAT LANDSCAPE IS EVOLVING
10
Percentage of Top 50 Malicious Code
THREAT LANDSCAPE IS EVOLVING
11
Number of Zero Day threats
CAUSES OF SENSITIVE DATA LOSS
0% 10% 20% 30% 40% 50%
ITPolicyCompliance.com“Taking Action to Protect Sensitive Data”, Feb. 2007
User Errors
Violations of Policies
Internet Threats,Attacks and Hacks
Cause of Data Losses by Number of Events
12
13
ADDRESSING IT RISKS &
ENABLING IT PERFORMANCE
13
MaximizeIT Performance
ManageIT Risk
Information
Interactions
Infrastructure
SYMANTEC ENTERPRISE SOLUTIONS:A POWERFUL COMBINATION OF PRODUCT & SERVICES
14
SECURITY IT COMPLIANCE
BUSINESS CONTINUITYSTORAGE IT OPERATIONS
ManageIT Risk
MaximizeIT Performance
INFORMATION MANAGEMENT
SYMANTEC ENDPOINT PROTECTION IN A NUTSHELL
15
• The World’s leading anti-virus solution• More consecutive Virus Bulletin certifications (31) than
any vendor
• Best anti-spyware, leading the pack in rootkit detection and removal
• Includes VxMS scanning technology (Veritas)
• Industry’s best managed desktop firewall• Adaptive policies lead the pack for location awareness• Sygate and Symantec Client Security
• Behavior-based Intrusion prevention (Whole Security)• Network traffic inspection adds vulnerability-based
protection
• Device control to prevent data leakage at the endpoint (Sygate)
• Restricts access to registry, files, folders, and processes
• Includes a NAC agent to ensure each endpoint is “NAC-ready” (Sygate)
• Adds endpoint compliance to endpoint protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device and ApplicationControl
Network AccessControl
INGREDIENTS FOR ENDPOINT PROTECTION
16
AntiVirus
AntiVirus
• World’s leading AV solution• Most (32) consecutive VB100 Awards
INGREDIENTS FOR ENDPOINT PROTECTION
17
AntiVirus
Antispyware
Antispyware
• Best rootkit detection and removal• Raw Disk Scan for superior Rootkit protection
Source: Thompson Cyber Security Labs, August 2006
INGREDIENTS FOR ENDPOINT PROTECTION
18
AntiVirus
Antispyware
Firewall
Firewall
• Industry leading endpoint firewall technology• Gartner MQ “Leader” – 4 consecutive years• Rules based FW can dynamically adjust port
settings to block threats from spreading
19
INGREDIENTS FOR ENDPOINT PROTECTION
19
Antivirus
Antispyware
Firewall
IntrusionPrevention
Intrusion Prevention
• Most Comprehensive IPS capabilities in the industry• Generic Exploit Blocking (GEB) – one
signature to proactively protect against all variants
• Proactive Threat Scan –
Detects 1,000 threats/month not detected by top 4 leading antivirus engines
• Very low false positive rate (0.004%)
• Only 40 FP for every 1M computers
• No set up or configuration required
INTRUSION PREVENTION SYSTEM (IPS)COMBINED TECHNOLOGIES OFFER BEST DEFENSE
20
(N)IPSNetwork IPS
(H)IPSHost IPS
Application ControlRules-based(System lockdown by controlling an application’s ability to read, write, execute and network connections)
Proactive Threat ScanBehavior-based(Whole Security)
Deep packet inspectionSignature–based(Can create custom sigs, SNORT-like)
Generic Exploit BlockingVulnerability-based(Sigs for vulnerability)
IntrusionPrevention (IPS)
=Services Opportunity
INGREDIENTS FOR ENDPOINT PROTECTION
21
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Device Control
• Prevents data leakage• Restrict Access to devices (USB keys, Back-
up drives)• W32.SillyFDC (May 2007)
W32.SillyFDC
• targets removable memory sticks
• spreads by copying itself onto removable drives
such as USB memory sticks
• automatically runs when the device is next
connected to a computer
=Services Opportunity
INGREDIENT FOR ENDPOINT COMPLIANCE
22
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Network Access Control
• Network access control – ready• Agent is included, no extra agent deployment• Simply license SNAC Server
SYMANTEC NETWORK ACCESS CONTROL
1. Reduce IT costs & greater network availability
2. Increased control over unmanaged and managed endpoints
3. Maximize investment of security technologies
23
Ensures endpoints are protected and compliant prior to accessing network resources
24
INTRODUCING: SINGLE AGENT, SINGLE CONSOLE
24
Results:
Reduced Cost, Complexity & Risk Exposure
Increased Protection, Control & Manageability
Symantec Endpoint Protection 12.0
Symantec Network Access Control 11.0
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
25
HOW DO WE LOWER COST, COMPLEXITY AND RISK?
Cost Lowered system resource demands,
smaller footprint Single product, license, support
program Operational efficiency
Complexity Fewer consoles and agents allows
standardization of technologies Improved UI suits any size
organization
Risk Includes behavior-based IPS to
protect against unknown attacks Device control helps protect against
data loss and intellectual property theft
Product Baseline Memory Usage
Symantec AntiVirus Corporate Edition 62 MB
Symantec Client Security 129 MB
Symantec AntiVirus + Symantec Sygate Enterprise Protection
72 MB
McAfee Total Protection SMB 71 MB
Trend Micro OfficeScan Client Server 50 MB
Symantec Endpoint Protection 12.0
21 MB!
25
Average of 84% reduction in memory usage requirements
????
SYMANTEC ANTIVIRUS EXTENDED LICENSING
Symantec Endpoint
Protection
Symantec Endpoint
Protection Small Business Edition
Symantec Multi-tier
Protection
Antivirus X X X
Antispyware X X X
Desktop Firewall X X X
Intrusion Prevention X X X
Device Control X X X
Mail Security X MS Exchange
X MS Exchange/Domino/SMTP
Gateway
Antivirus for Mac and Linux
X
26
SNAC PACKAGING
27
LAN-802.1x(Appliance)
Endpoint(Uses SEP Desktop Firewall)
Gateway(Appliance)
DHCP(Appliance/Plug-in)
Client(Persistent)
On-Demand(Dissolvable)
Agentless(Scanner)
Enforcement Type Agent Type
SymantecNetworkAccess Control v11.0
SymantecNetworkAccess Control Starter EditionV 11.0
P P P P P P P
P P P
28
Symantec Endpoint Protection Manager
Database
Symantec Endpoint Protection client
Symantec Protection Center (optional)
LiveUpdate Administrator (optional)
Central Quarantine (optional)
COMPONENTS OF SYMANTEC ENDPOINT PROTECTION
29
REQUIREMENTS FOR SYMANTEC ENDPOINT PROTECTION MANAGER
30
REQUIREMENTS FOR SYMANTEC ENDPOINT PROTECTION CLIENT