SYMANTEC ENDPOINT SUITESYMANTEC ENDPOINT SUITE WITH EMAIL

Ján Kvasnička

Senior Pre-Sales Consultant

ENDPOINT SUITE’S PRODUCTS AND BENEFITS

2

Agenda

1 Symantec Endpoint Protection

2 Symantec Endpoint Encryption

3

Symantec Mobile Threat Protection

and

Symantec Mobile Management

4 Symantec Messaging Gateway

Copyright © 2014 Symantec Corporation3

Symantec Endpoint Protection

4

WHAT THIS MEANS FOR ENDPOINT PROTECTION

5

Simple Management

Optimized for Performance

Layered Protection at the Endpoint

Need layers of protection in a single client, managed through a single console

Must protect against mass malware, mutating malware, zero-day threats and targeted attacks

Solution should be designed to minimize impact on systems and users, especially endpoints with low bandwidth

Security Intelligence and

Analytics

Need security intelligence backed by global data collection capabilities and highly skilled security analysts

UNRIVALED SECURITY WITH LAYERED PROTECTIONLayered protection to stop targeted attacks and zero-day threats

6

FIREWALL AND INTRUSION

PREVENTION

ANTIVIRUS SONAR

Blocks malware

before it spreads

to your machine

and controls

traffic

Scans and

eradicates

malware that

arrives on a

system

Determines safety

of files and

websites using

the wisdom of the

community

Monitors and

blocks files

that exhibit

suspicious

behaviors

Aggressive

remediation of

hard-to-remove

infections

NETWORK FILE REPUTATION BEHAVIOR REPAIR

POWER

ERASER

INSIGHT

UNRIVALED SECURITY WITH INSIGHTAge, frequency, and location are used to expose unknown

threats

7

Big Data Analytics

Analytics

Warehouse

Analysts

Attack Quarantine System

Endpoints

Gateways

3rd Party Affiliates

Global SensorNetwork

Symantec Threat Intelligence Network

Global Data Collection

Honeypots

Bad safety ratingFile is blocked

No safety rating yetCan be blocked

Good safety ratingFile is whitelisted

UNRIVALED SECURITY WITH SONARBehavioral monitoring stops zero-day and unknown threats

8

Human-authored

Behavioral Signatures

Behavioral Policy

Lockdown

Monitors nearly 1400 file behaviors to answer:

Who is it related to? What did it contain? Where did it come

from? What has it done?

Artificial Intelligence

Based Classification Engine

BLAZING PERFORMANCE WITH INSIGHTUp to 70% reduction in scan overhead

9

Insight allows you to skip known good

files only scanning unknown flies

Traditional scanning has to scan

every file

� � � � �

� � � � �

� � � � �

SMARTER MANAGEMENT

10

VDI

SEP Manager

MAC OSX

LINUX

GUPEMBEDDEDWINDOWS

Single high-performance

client

Broad platform support• Windows (+Win 10), Mac,

Linux, Virtual machines,

embedded systems

Single management

console

Reporting and Analytics

• Multi-dimensional analysis, robust graphical reporting, and an easy-to-use dashboard (IT Analytics)

Remote deployment and

management

Efficient updates with

Group Update Provider

SYMANTEC ENDPOINT PROTECTION 12.1.6

11

UNRIVALED SECURITY

BLAZING PERFORMANCE

SMARTER MANAGEMENT

• Layered endpoint

protection

• Insight reputation

analysis

• SONAR behavioral

analysis

• Largest civilian threat

intelligence network

• 70% less scan overhead

• Reduced client size

• 90% smaller clients for

embedded

• Scan de-duplication

• Smaller definition sets

• Single client and

management console

• Granular policy control

• Broad OS support

• Remote management

• Integrated reporting and

repair

Symantec Endpoint Encryption

12

SEE 11.0.1 Drive Encryption

Demonstration

Pre-Boot

Authentication Screen

After authentication, Windows loads…

No Windows login needed (Single Sign On)

Incorrect authentication

Help screen

Recovery Options

Help Desk Recovery Option

Or Self-Help Recovery Option

Symantec Endpoint Encryption Manager

Configure software options

Group and user management

Built-In reports

Client information

Client drive encryption information

Users associated with a client system

Symantec Mobile Threat Protection

Symantec Mobile Management

Norton Mobile Insight: Proactive App Risk Reporting

010101010101010101010101010101101010101010

0101010101010101010101010101010101011111

1 Android only. Data as of February 2015

16 MILLIONAndroid apps in our database

30,000 NEW APPSProcessed every 24 hours

200+ APP STORESCrawled continuously

900,000 APPSWith medium or high battery or data usage

4 MILLION MALICIOUS Apps identified

10 MILLION APPS With intrusive behaviors or potential privacy leaks

Cloud-enabled, automated system dynamically generating unique mobile app risk intelligence

1TM

30

Refreshed UI

apps with non-malware risks

Enables users to easily make informed choices

about potentially risky apps

Default is to display only the “Highest Concern” risks to avoid unnecessary worry

App Advisor

31

Scans and notifies users about apps that can excessively drain the

battery or have high data usage

1 Data collection in early stages.

Users can make informed choices about apps that can impact their experience and increase data plan cost

App Scanning for Performance Risks

32

Scans and notifies users about potential app issues. Users can click

on the notification for further information before downloading

Users can make informed choices about apps before they download

App Advisor for Google Play1

33

1Auto scan of apps on Google Play supported on Android 4.0 or later except for

Samsung devices. Samsung devices running Android 4.2 or later is supported.

Web protection from known Malicious sites

34

Symantec Messaging Gateway

35

EMAIL SECURITY IS MORE THAN JUST STOPPING SPAM

36

Lower expenses and investment in

administration and infrastructure.

REDUCE COST

Keepunwanted mail out of the inbox without blocking

legitimate messages.

PROTECT USERS

Identify and control the spread

of confidential information and

comply with regulations.

CONTROL DATA

Detect and block targeted attacks,

malware, and phishing from entering your environment.

PREVENT THREATS

$

CUSTOMIZABLE PROTECTION AGAINST MALWARE,

SPAM, AND GREY MAIL

37

Scans for newsletters,

marketing email, and

suspicious URLs

Configure policies by

group with distinct

actions for each type of

mail

PERSONALIZED

PROTECTION

Tracks over 400 million

known spam and safe

senders IPs.

Filters out up to 95% of

spam traffic based on

reputation.

ADAPTIVE REPUATATION

MANAGEMENT

Disarm attachment

cleaning

Over 20 detection

technologies

Greater than 99%

antispam effectiveness

ANTISPAM &

ANTIMALWARE

CONTROL OUTBOUND EMAIL TO PREVENT DATA LOSS

38

Use on-premise Gateway

Email Encryption or

cloud-based encryption

Policy based for

automatic encryption

ADD-ON CONTENT

ENCRYPTION

Protect confidential data

across Endpoint,

Network and Storage

Systems

Tight integration and

unified management

INTEGRATE WITH

SYMANTEC DLP

Over 100 pre-built

dictionaries, patterns,

and policy templates

Workflow and

remediation tools

Dedicated DLP

quarantine

BUILT-IN DATA LOSS

PREVENTION

Inbound Email

Security.cloud protection

Outbound Messaging

Gateway control with

DLP

HYBRID SOLUTION

VMware ESX, ESXi,

vSphere

Microsoft Hyper-V

VIRTUAL APPLIANCE

Three appliance sizes to

meet business needs

PHYSICAL APPLIANCE

FLEXIBLE DEPLOYMENT OPTIONS FOR ON-PREMISE

MAIL

39

• First layer of email security

• Network and protocol level email security appliance

• Throttles and drops spam connections to reduce load on internal mail servers

• Protects internal mail servers from SMTP attacks

• Scans email to eliminate viruses, spam, and advanced attacks

• Ensures compliance with corporate email policies

• Prevents sensitive data from leaving the organization

Overview – Symantec Messaging Gateway

40

Multiple layers of antivirus protection

41

• Virus Signature Protection

• Block executable file types

• Filter based on attachments, subject lines, SMTP headers, etc.

Complete Message Content Analysis

• Zero-day Malware Protection

• Bloodhound Heuristic Analysis

• In-depth macro scanning

Predictive Content Inspection

• Multi-threaded Scanning

• LiveUpdate enables definition updates without downtime

• Flexible Workflow with Multiple Dispositions

• Mail/Zip Bomb Protection

High Performance

Symantec Antivirus Engine

• Viruses

• Mass-mailer

worms

• Trojan horses

• Spyware

• Bloodhound™

Heuristic

Definitions

• Script-Blocking

• Mail/zip Bomb

Protection

• Multi-threaded

Scanning for

Performance

• Engine Repair

• Decomposer and

File Typer for

Attachment

Scanning

• Scans within

container files

(zip, rar, etc.)

Disarm Advanced Persistent Threats & Targeted Attacks

42

• 85% of all recent high profile targeted attacks leveraged exploits in email attachments for incursion.

• Luckcat, Nitro, Duqu, Taidoor, Elderwood

• The most secure approach is to remove this attack vector completely.

Disarm can remove all potentially malicious

content, while preserving the visual integrity of

the document.

Disarm can remove all potentially malicious

content, while preserving the visual integrity of

the document.

Diarm removes all vulnerable content, not just

identified threats.

43

Vulnerable Content PDF Office 2003 Office 2007+

Javascript �

Launch �

Macros � �

Flash � � �

3d �

Attachments � � �

Unused Objects � �

Custom Fonts �

Image Reconstruct �

Active X � �

Unknown � � �

Embedded Doc � � �

Antispam Protection

Multiple Layers of Antispam Protection

44

Adaptive Reputation Analysis

Signatures & Heuristics

Authentication

User & Admin

Rules

1

2

3

4

Adaptive Reputation Analysis

Antispam Protection

Multiple Layers of Antispam Protection

45

• Global Reputation

• Open Proxy/Zombies

• Safe/Trusted Senders

• Suspect Spam

• Local Reputation

• Connection Classification

• Fastpass

Signature & Heuristics

Authentication

User & Admin Rules

1

2

3

4

Adaptive Reputation Management

46

• DNS Based lists leveraging Symantec’s Global Bad and Good Senders Lists

• Directory Harvest Attack protection

• Mass virus email attack recognition and protection

• Customizable administrator level bad and good sender lists

• Fastpass spam bypass to conserve system resources

Key Features

Adaptive Reputation Analysis

Antispam Protection

Multiple Layers of Antispam Protection

47

• Message Body & Attachment Signatures

• Fuzzy Body Hash Analysis

• URL Filtering (Fraud, HTTP, Adult)

• Message Header, Content, Language, Structural, and Image AnalysisAuthentication

User & Admin Rules

1

3

4

Signatures & Heuristics2

Optional Suspected Spam Threshold

48

• Message is assigned a spam score

• Messages over 90 are confirmed “spam”

• Administrators can set a lower threshold

• Message scored between 90 and the admin set threshold is “Suspect Spam”

How it works

• Allows for more aggressive spam filtering

• Flexible policy enforcement

• Set different actions for spam and suspect spam

Benefits

49

Pre-defined Antispam Policies

Symantec Messaging Gateway

• Production ready with pre-defined policies

• Customize actions based on end-user requirements

• Set different actions for confirmed spam and suspect spam

Key Features

Web-Based Spam Quarantine

50Symantec Messaging Gateway

• Release quarantined message to the inbox

• Integration with LDAP for single sign-on

• Customizable end-user digest

• Flexible search functionality

• Automated message expiration

Key Features

End-user Quarantine Notifications

51

• Configurable delivery of email digest

• Informs users of new spam only

• Users can access, view, and release messages quickly

• Users do not have to check quarantine directly

Key Features

Adaptive Reputation Analysis

Antispam Protection

Multiple Layers of Antispam Protection

52

• Bounce Attack Prevention

• SMTP Authentication

• SPF, SenderID, DKIM

• SMTP over TLS

User & Admin Rules

1

4

Authentication/Encryption3

Signatures & Heuristics2

Adaptive Reputation Analysis

Antispam Protection

Multiple Layers of Antispam Protection

53

• End-User and Global Allow and Block Lists

• Global 3rd Party IP List Integration

• Probe Accounts

• Multiple Dispositions:

o Spam, Suspect Spam, Newsletters, Marketing Mail, Bounce Attacks, Sender Authentication Failures, and Suspicious URLs

• Customer-specific rules

1

Signatures & Heuristics2

Authentication3

User & Admin Rules4

Multiple Dispositions

54

• Gives more control to the customer

• Customizable actions for each disposition

• Allows customers the ability to define what is spam to them

• Available dispositions (spam): Bounce Attacks, Marketing Mail, Suspicious URLs, Newsletters, Spam, Sender Authentication Failure, and Suspect Spam

Key Features

Sensitive Data is Leaving the Enterprise, Risking Brand and

Reputation

55

Intellectual Property

Competitive

� Source Code

� Engineering Specs

� Strategy Documents

� Pricing

Customer, Employee,

Patient Data

Regulatory Compliance

� HIPAA, GLBA, PCI, State

Data Privacy, Caldicott,

PIPEDA

� SSN, Credit Card

Numbers, Health Info

Company Confidential

Reputation

� Press Release

� Quarterly Earnings

� M&A

� CEO Internal Email

• 1:400 emails contain confidential information

• 99% of data loss caused by breakdowns in process controls by good

employees

• Intelligent dictionaries for many data classifications

• PCI, HIPPA, Personally Identifiable Information (PII)

• Wizard-based rule creation for simple policy enforcement

Built-in data loss prevention and compliance features

56

• Directory Integration via LDAP

– Control Center authentication

– Recipient validation

– Address resolution

– Administrative rights

– Quarantine access

• Control Center

– Deploys software settings

– Manages encryption keys

– Central quarantine

Centralized Management

57

Centralized Reporting

58

Logs consolidated from all scanners to a single Control Center, enabling both granular and summary reports

ENDPOINT SUITE’S PRODUCTS AND BENEFITS

59

ENDPOINT SUITE SIMPLIFIES SECURITY

• Symantec Messaging

Gateway defends your

email and infrastructure at

the perimeter with real-

time antispam and

antimalware protection.

• Symantec Email Encryption

Gateway, powered by PGP,

encrypts messages to

safeguard the confidential

data.

• Symantec Mail Security for

Microsoft Exchange

prevents the spread of

email-borne threats.

• Measurable savings from

simplified subscription-

based pricing and take the

mystery out of license,

support, and renewal costs.

• Remove complexity and

consolidate patchwork,

multi-vendor, solutions.

• Single purchase, single

support for trouble-

shooting, reduces up-front

and on-going costs.

• Symantec Endpoint

Protection provides the

security with a single, high-

powered agent, for the

fastest, most-effective

protection available.

• Symantec Endpoint

Encryption, powered by

PGP, protects data with

strong full-disk and

removable media

encryption.

• Symantec Mobile threat

protection and device

management provides

trusted security for mobile

devices.

Prevent data loss at

email gateway/server, and

email encryption

Single solution

to drive down costs and

stretch IT budgets

Complete

malware protection for

endpoints and mobile

Information

Protection

Lower Cost

Solution

Threat

Protection

Protect the users, devices and data for less money

60

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Ján Kvasnička

jan_kvasnicka@symantec.com