Upload
marketingarrowecscz
View
608
Download
0
Embed Size (px)
Citation preview
SYMANTEC ENDPOINT SUITESYMANTEC ENDPOINT SUITE WITH EMAIL
Ján Kvasnička
Senior Pre-Sales Consultant
ENDPOINT SUITE’S PRODUCTS AND BENEFITS
2
Agenda
1 Symantec Endpoint Protection
2 Symantec Endpoint Encryption
3
Symantec Mobile Threat Protection
and
Symantec Mobile Management
4 Symantec Messaging Gateway
Copyright © 2014 Symantec Corporation3
Symantec Endpoint Protection
4
WHAT THIS MEANS FOR ENDPOINT PROTECTION
5
Simple Management
Optimized for Performance
Layered Protection at the Endpoint
Need layers of protection in a single client, managed through a single console
Must protect against mass malware, mutating malware, zero-day threats and targeted attacks
Solution should be designed to minimize impact on systems and users, especially endpoints with low bandwidth
Security Intelligence and
Analytics
Need security intelligence backed by global data collection capabilities and highly skilled security analysts
UNRIVALED SECURITY WITH LAYERED PROTECTIONLayered protection to stop targeted attacks and zero-day threats
6
FIREWALL AND INTRUSION
PREVENTION
ANTIVIRUS SONAR
Blocks malware
before it spreads
to your machine
and controls
traffic
Scans and
eradicates
malware that
arrives on a
system
Determines safety
of files and
websites using
the wisdom of the
community
Monitors and
blocks files
that exhibit
suspicious
behaviors
Aggressive
remediation of
hard-to-remove
infections
NETWORK FILE REPUTATION BEHAVIOR REPAIR
POWER
ERASER
INSIGHT
UNRIVALED SECURITY WITH INSIGHTAge, frequency, and location are used to expose unknown
threats
7
Big Data Analytics
Analytics
Warehouse
Analysts
Attack Quarantine System
Endpoints
Gateways
3rd Party Affiliates
Global SensorNetwork
Symantec Threat Intelligence Network
Global Data Collection
Honeypots
Bad safety ratingFile is blocked
No safety rating yetCan be blocked
Good safety ratingFile is whitelisted
UNRIVALED SECURITY WITH SONARBehavioral monitoring stops zero-day and unknown threats
8
Human-authored
Behavioral Signatures
Behavioral Policy
Lockdown
Monitors nearly 1400 file behaviors to answer:
Who is it related to? What did it contain? Where did it come
from? What has it done?
Artificial Intelligence
Based Classification Engine
BLAZING PERFORMANCE WITH INSIGHTUp to 70% reduction in scan overhead
9
Insight allows you to skip known good
files only scanning unknown flies
Traditional scanning has to scan
every file
� � � � �
� � � � �
� � � � �
SMARTER MANAGEMENT
10
VDI
SEP Manager
MAC OSX
LINUX
GUPEMBEDDEDWINDOWS
Single high-performance
client
Broad platform support• Windows (+Win 10), Mac,
Linux, Virtual machines,
embedded systems
Single management
console
Reporting and Analytics
• Multi-dimensional analysis, robust graphical reporting, and an easy-to-use dashboard (IT Analytics)
Remote deployment and
management
Efficient updates with
Group Update Provider
SYMANTEC ENDPOINT PROTECTION 12.1.6
11
UNRIVALED SECURITY
BLAZING PERFORMANCE
SMARTER MANAGEMENT
• Layered endpoint
protection
• Insight reputation
analysis
• SONAR behavioral
analysis
• Largest civilian threat
intelligence network
• 70% less scan overhead
• Reduced client size
• 90% smaller clients for
embedded
• Scan de-duplication
• Smaller definition sets
• Single client and
management console
• Granular policy control
• Broad OS support
• Remote management
• Integrated reporting and
repair
Symantec Endpoint Encryption
12
SEE 11.0.1 Drive Encryption
Demonstration
Pre-Boot
Authentication Screen
After authentication, Windows loads…
No Windows login needed (Single Sign On)
Incorrect authentication
Help screen
Recovery Options
Help Desk Recovery Option
Or Self-Help Recovery Option
Symantec Endpoint Encryption Manager
Configure software options
Group and user management
Built-In reports
Client information
Client drive encryption information
Users associated with a client system
Symantec Mobile Threat Protection
Symantec Mobile Management
Norton Mobile Insight: Proactive App Risk Reporting
010101010101010101010101010101101010101010
0101010101010101010101010101010101011111
1 Android only. Data as of February 2015
16 MILLIONAndroid apps in our database
30,000 NEW APPSProcessed every 24 hours
200+ APP STORESCrawled continuously
900,000 APPSWith medium or high battery or data usage
4 MILLION MALICIOUS Apps identified
10 MILLION APPS With intrusive behaviors or potential privacy leaks
Cloud-enabled, automated system dynamically generating unique mobile app risk intelligence
1TM
30
Refreshed UI
apps with non-malware risks
Enables users to easily make informed choices
about potentially risky apps
Default is to display only the “Highest Concern” risks to avoid unnecessary worry
App Advisor
31
Scans and notifies users about apps that can excessively drain the
battery or have high data usage
1 Data collection in early stages.
Users can make informed choices about apps that can impact their experience and increase data plan cost
App Scanning for Performance Risks
32
Scans and notifies users about potential app issues. Users can click
on the notification for further information before downloading
Users can make informed choices about apps before they download
App Advisor for Google Play1
33
1Auto scan of apps on Google Play supported on Android 4.0 or later except for
Samsung devices. Samsung devices running Android 4.2 or later is supported.
Web protection from known Malicious sites
34
Symantec Messaging Gateway
35
EMAIL SECURITY IS MORE THAN JUST STOPPING SPAM
36
Lower expenses and investment in
administration and infrastructure.
REDUCE COST
Keepunwanted mail out of the inbox without blocking
legitimate messages.
PROTECT USERS
Identify and control the spread
of confidential information and
comply with regulations.
CONTROL DATA
Detect and block targeted attacks,
malware, and phishing from entering your environment.
PREVENT THREATS
$
CUSTOMIZABLE PROTECTION AGAINST MALWARE,
SPAM, AND GREY MAIL
37
Scans for newsletters,
marketing email, and
suspicious URLs
Configure policies by
group with distinct
actions for each type of
PERSONALIZED
PROTECTION
Tracks over 400 million
known spam and safe
senders IPs.
Filters out up to 95% of
spam traffic based on
reputation.
ADAPTIVE REPUATATION
MANAGEMENT
Disarm attachment
cleaning
Over 20 detection
technologies
Greater than 99%
antispam effectiveness
ANTISPAM &
ANTIMALWARE
CONTROL OUTBOUND EMAIL TO PREVENT DATA LOSS
38
Use on-premise Gateway
Email Encryption or
cloud-based encryption
Policy based for
automatic encryption
ADD-ON CONTENT
ENCRYPTION
Protect confidential data
across Endpoint,
Network and Storage
Systems
Tight integration and
unified management
INTEGRATE WITH
SYMANTEC DLP
Over 100 pre-built
dictionaries, patterns,
and policy templates
Workflow and
remediation tools
Dedicated DLP
quarantine
BUILT-IN DATA LOSS
PREVENTION
Inbound Email
Security.cloud protection
Outbound Messaging
Gateway control with
DLP
HYBRID SOLUTION
VMware ESX, ESXi,
vSphere
Microsoft Hyper-V
VIRTUAL APPLIANCE
Three appliance sizes to
meet business needs
PHYSICAL APPLIANCE
FLEXIBLE DEPLOYMENT OPTIONS FOR ON-PREMISE
39
• First layer of email security
• Network and protocol level email security appliance
• Throttles and drops spam connections to reduce load on internal mail servers
• Protects internal mail servers from SMTP attacks
• Scans email to eliminate viruses, spam, and advanced attacks
• Ensures compliance with corporate email policies
• Prevents sensitive data from leaving the organization
Overview – Symantec Messaging Gateway
40
Multiple layers of antivirus protection
41
• Virus Signature Protection
• Block executable file types
• Filter based on attachments, subject lines, SMTP headers, etc.
Complete Message Content Analysis
• Zero-day Malware Protection
• Bloodhound Heuristic Analysis
• In-depth macro scanning
Predictive Content Inspection
• Multi-threaded Scanning
• LiveUpdate enables definition updates without downtime
• Flexible Workflow with Multiple Dispositions
• Mail/Zip Bomb Protection
High Performance
Symantec Antivirus Engine
• Viruses
• Mass-mailer
worms
• Trojan horses
• Spyware
• Bloodhound™
Heuristic
Definitions
• Script-Blocking
• Mail/zip Bomb
Protection
• Multi-threaded
Scanning for
Performance
• Engine Repair
• Decomposer and
File Typer for
Attachment
Scanning
• Scans within
container files
(zip, rar, etc.)
Disarm Advanced Persistent Threats & Targeted Attacks
42
• 85% of all recent high profile targeted attacks leveraged exploits in email attachments for incursion.
• Luckcat, Nitro, Duqu, Taidoor, Elderwood
• The most secure approach is to remove this attack vector completely.
Disarm can remove all potentially malicious
content, while preserving the visual integrity of
the document.
Disarm can remove all potentially malicious
content, while preserving the visual integrity of
the document.
Diarm removes all vulnerable content, not just
identified threats.
43
Vulnerable Content PDF Office 2003 Office 2007+
Javascript �
Launch �
Macros � �
Flash � � �
3d �
Attachments � � �
Unused Objects � �
Custom Fonts �
Image Reconstruct �
Active X � �
Unknown � � �
Embedded Doc � � �
Antispam Protection
Multiple Layers of Antispam Protection
44
Adaptive Reputation Analysis
Signatures & Heuristics
Authentication
User & Admin
Rules
1
2
3
4
Adaptive Reputation Analysis
Antispam Protection
Multiple Layers of Antispam Protection
45
• Global Reputation
• Open Proxy/Zombies
• Safe/Trusted Senders
• Suspect Spam
• Local Reputation
• Connection Classification
• Fastpass
Signature & Heuristics
Authentication
User & Admin Rules
1
2
3
4
Adaptive Reputation Management
46
• DNS Based lists leveraging Symantec’s Global Bad and Good Senders Lists
• Directory Harvest Attack protection
• Mass virus email attack recognition and protection
• Customizable administrator level bad and good sender lists
• Fastpass spam bypass to conserve system resources
Key Features
Adaptive Reputation Analysis
Antispam Protection
Multiple Layers of Antispam Protection
47
• Message Body & Attachment Signatures
• Fuzzy Body Hash Analysis
• URL Filtering (Fraud, HTTP, Adult)
• Message Header, Content, Language, Structural, and Image AnalysisAuthentication
User & Admin Rules
1
3
4
Signatures & Heuristics2
Optional Suspected Spam Threshold
48
• Message is assigned a spam score
• Messages over 90 are confirmed “spam”
• Administrators can set a lower threshold
• Message scored between 90 and the admin set threshold is “Suspect Spam”
How it works
• Allows for more aggressive spam filtering
• Flexible policy enforcement
• Set different actions for spam and suspect spam
Benefits
49
Pre-defined Antispam Policies
Symantec Messaging Gateway
• Production ready with pre-defined policies
• Customize actions based on end-user requirements
• Set different actions for confirmed spam and suspect spam
Key Features
Web-Based Spam Quarantine
50Symantec Messaging Gateway
• Release quarantined message to the inbox
• Integration with LDAP for single sign-on
• Customizable end-user digest
• Flexible search functionality
• Automated message expiration
Key Features
End-user Quarantine Notifications
51
• Configurable delivery of email digest
• Informs users of new spam only
• Users can access, view, and release messages quickly
• Users do not have to check quarantine directly
Key Features
Adaptive Reputation Analysis
Antispam Protection
Multiple Layers of Antispam Protection
52
• Bounce Attack Prevention
• SMTP Authentication
• SPF, SenderID, DKIM
• SMTP over TLS
User & Admin Rules
1
4
Authentication/Encryption3
Signatures & Heuristics2
Adaptive Reputation Analysis
Antispam Protection
Multiple Layers of Antispam Protection
53
• End-User and Global Allow and Block Lists
• Global 3rd Party IP List Integration
• Probe Accounts
• Multiple Dispositions:
o Spam, Suspect Spam, Newsletters, Marketing Mail, Bounce Attacks, Sender Authentication Failures, and Suspicious URLs
• Customer-specific rules
1
Signatures & Heuristics2
Authentication3
User & Admin Rules4
Multiple Dispositions
54
• Gives more control to the customer
• Customizable actions for each disposition
• Allows customers the ability to define what is spam to them
• Available dispositions (spam): Bounce Attacks, Marketing Mail, Suspicious URLs, Newsletters, Spam, Sender Authentication Failure, and Suspect Spam
Key Features
Sensitive Data is Leaving the Enterprise, Risking Brand and
Reputation
55
Intellectual Property
Competitive
� Source Code
� Engineering Specs
� Strategy Documents
� Pricing
Customer, Employee,
Patient Data
Regulatory Compliance
� HIPAA, GLBA, PCI, State
Data Privacy, Caldicott,
PIPEDA
� SSN, Credit Card
Numbers, Health Info
Company Confidential
Reputation
� Press Release
� Quarterly Earnings
� M&A
� CEO Internal Email
• 1:400 emails contain confidential information
• 99% of data loss caused by breakdowns in process controls by good
employees
• Intelligent dictionaries for many data classifications
• PCI, HIPPA, Personally Identifiable Information (PII)
• Wizard-based rule creation for simple policy enforcement
Built-in data loss prevention and compliance features
56
• Directory Integration via LDAP
– Control Center authentication
– Recipient validation
– Address resolution
– Administrative rights
– Quarantine access
• Control Center
– Deploys software settings
– Manages encryption keys
– Central quarantine
Centralized Management
57
Centralized Reporting
58
Logs consolidated from all scanners to a single Control Center, enabling both granular and summary reports
ENDPOINT SUITE’S PRODUCTS AND BENEFITS
59
ENDPOINT SUITE SIMPLIFIES SECURITY
• Symantec Messaging
Gateway defends your
email and infrastructure at
the perimeter with real-
time antispam and
antimalware protection.
• Symantec Email Encryption
Gateway, powered by PGP,
encrypts messages to
safeguard the confidential
data.
• Symantec Mail Security for
Microsoft Exchange
prevents the spread of
email-borne threats.
• Measurable savings from
simplified subscription-
based pricing and take the
mystery out of license,
support, and renewal costs.
• Remove complexity and
consolidate patchwork,
multi-vendor, solutions.
• Single purchase, single
support for trouble-
shooting, reduces up-front
and on-going costs.
• Symantec Endpoint
Protection provides the
security with a single, high-
powered agent, for the
fastest, most-effective
protection available.
• Symantec Endpoint
Encryption, powered by
PGP, protects data with
strong full-disk and
removable media
encryption.
• Symantec Mobile threat
protection and device
management provides
trusted security for mobile
devices.
Prevent data loss at
email gateway/server, and
email encryption
Single solution
to drive down costs and
stretch IT budgets
Complete
malware protection for
endpoints and mobile
Information
Protection
Lower Cost
Solution
Threat
Protection
Protect the users, devices and data for less money
60
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Ján Kvasnička