Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd Symantec Endpoint Protection Product Roadmap 1
Safe Harbor Disclaimer Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available. 2
Sample Agenda 1 2 3 Changing Threat Landscape Protecting Endpoints Today Roadmap Futures and Near Term 3
Increase in Targeted Attacks 2013 2012 +91% Increase in targeted attack campaigns Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 4
Targeted Attack Campaigns Email per Campaign Recipient/Campaign 2011 2012 2013 78 122 111 779 29 61 408 23 Campaigns 165 Duration of Campaign 4 days 3 days 8.3 days Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 5
Targeted Industries Top 10 Industries Targeted in Spear-Phishing Attacks, 2013 Source: Symantec Public Administration (Gov.) Services Professional Services Non-Traditional Manufacturing Finance, Insurance & Real Estate Transportation, Gas, Communications, Electric Wholesale Retail Mining Construction 2 1 1 6 5 16% 15 14 13 13 Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 6
Zero-Day Vulnerabilities Zero-Day Vulnerabilities, Annual Total, 2006-2013 Source: Symantec 30 25 23 20 15 10 13 15 9 12 14 8 14 5 0 2006 2007 2008 2009 2010 2011 2012 2013 23 zero-day vulnerabilities discovered in 2013 Increase from 14 in 2012 More zero-day vulnerabilities discovered in 2013 than in any year since we started tracking More zero-days in 2013 than in past two years combined Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 7
Protecting Endpoints Today 8
Symantec IS Security Intelligence 7 Billion 1 Billion+ 2.5 Trillion File, URL & IP Classifications Devices Protected Rows of Security Telemetry Capturing previously unseen threats and attack methods More visibility across devices creates better context and deeper insight Putting big data analytics to work for every end user 2B+ events logged daily Monitors Threats in 157+ countries Over 100,000 security alerts generated annually 14 Data Centers World Wide 200,000 daily code submissions 550 Threat Researchers 9
INSIGHT: Reputation Monitoring for SEP Contextual intelligence for dynamic analysis Good Safety Rating Attack Quarantine System Analysts Hosted Intelligence File is whitelisted Endpoints Gateways DeepSight No Safety Rating Yet Can be blocked Honeypots Global Sensor Network Analytics Warehouse Intelligence Feeds Bad Safety Rating 3 rd Party Affiliates File is blocked Global Data Collection Big Data Analytics Global Intelligence Network Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 10
INSIGHT: Reduces SEP Scan Overhead by up to 70% Faster, Fewer, Smarter Scans On a typical system, 70% of programs can be skipped! Traditional Scanning Has to scan every file Insight - Optimized Scanning Skips any program we are sure is good, leading to much faster scan times Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 11
SONAR: Behavior Monitoring in SEP Provides Zero-Day Protection Against Unknown Threats Artificial Intelligence Based Classification Engine Human-authored Behavioral Signatures Behavioral Policy Lockdown Monitors 1390 file behaviors to answer: What has it done? Where did it come from? What did it contain? Who is it related to? 12
Intelligent Endpoint Protection Layered protection to stop mass, targeted and advanced threats Network Threat Protection Blocks malware before it spreads to your machine and controls traffic Advanced Scanning Blocks suspicious files even those with no fingerprint before they can run and steal your data Insight Reputation Safety ratings for every single software file on the planet, and uses this to block targeted attacks SONAR Behavior Blocking Blocks software with suspicious behaviors to stop advanced threats Symantec Power Eraser Aggressive SMR technology roots out entrenched infections and kills them in seconds Symantec Endpoint Protection Product Roadmap SYMANTEC VISION 2014 13
Roadmap Futures and Near Term 14
Today s Endpoint Protection Focused on protection Automatically block malware and targeted attacks No differentiation between attack types Minimize noise and false positives Only highlight events based on confidence Block all suspicious apps Symantec security intelligence baked in Customers do not see data decisions are based upon 15
Customers Demanding a New Approach Moving Beyond Protection to Detection and Response Help me discover new targeted attacks Minimize my time to respond and protect Help me distinguish targeted attacks from other security events Help me block more attacks without false positives 16
Curious to Learn More? Attend our Opening Keynote Tuesday 9-10.30am Brian Dye, Senior VP, Information Security 17
Near-term Roadmap Enhanced Protection Improved Performance Extended Platform Support Ease of Use 18
Enhanced Protection Against advanced threats Integrated Power Eraser -Aggressively scan an infected endpoint to locate APTs -Reduce time to clean infected systems -Mitigate false positive Improved System Lockdown & Whitelisting -Easier to enable, update, and manage Enhanced Device Control 19
Enhanced Protection Against advanced threats Enhanced Insight -Reduce attack surfaces of system Better SONAR -More complete remediation -Clean up the infected system from APTs 20
Improved Performance Physical and virtual environments Better control of bandwidth to SEPM Reduce network load -Flexible control to the number of connections and bandwidth Improve scan throttling for virtualization -Reduce disk load -Reduce scan time for normal laptops/desktops 21
Improved Performance Client performance and content deltas Reduce disk space on SEPM by 85-95% Allow customers to cache more revisions -Reduces the number of full definitions delivered Improve boot time by more than 10% 22
Extended Platform Support Improved management of endpoints Linux client management -Single client package fully managed by SEPM -Auto update -Auto-compile kernels during install Mac client management -Client remote deployment -Device control -Firewall 23
Extended Platform Support Embedded and VDI enhancements Embedded support -Support all flavors of embedded Windows -Reduce the size of the client Virtualization and VDI -Reduce size definition set 24
Ease of Use User friendly and time saving New web-based console -Support mobile devices -Support current browsers Updated competitive uninstaller -Remove over 300 products from more than 60 vendors 25
Customer Participation Opportunities SEP 12.1.5 Beta Program Summer 2014 Linux & Mac Client Management Client Performance Enhancements Better Control of Bandwidth to SEPM Scan Throttling for Virtualization SEP 12.1.6 Customer Previews Second Half, 2014 New enhanced reporting (mobile support) Embedded client updates System Lockdown enhancements 26
Other SEP Related Sessions & Labs Topic Type Day Time 1440 - Are You Harnessing the Full Protection Power of SEP 12? Lab Monday Wednesday 1:00 P.M. 9:00 A.M. 1438 - Best Practices For Migrating From SEP 11 to SEP 12 Lab Tuesday 11.00 A.M. 1544 - Best Practices for Deploying SEP 12 on Embedded Devices Lab Tuesday 2:45 P.M. 4:00 P.M. 1484 - The Evolving Threat Landscape 2014: Postmortem and Lessons Learned from Simple and Advanced Threats Discovered in 2013 Session Tuesday 4:00 P.M. 1724 - Best Practices for Deploying SEP 12 for VDI Lab Wednesday Thursday 1760 - Protecting Solusell: An Interactive Case Study in Policybased Endpoint Protection 10:15 A.M. 9:00 A.M. Lab Wednesday 2:00 P.M. 1761 - Endpoint Protection Break/Fix Lab Lab Wednesday Thursday 1459 - How Integration between MSS, SEP, and Next-generation Firewalls Catch Targeted and Advanced Persistent Threats 3:15 P.M. 11:30 A.M. Session Thursday 9:00 A.M. 27
Thank you! YOUR FEEDBACK IS VALUABLE TO US! Please take a few minutes to fill out the short session survey available on the mobile app the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference. To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the itunes or Android stores. Symantec Endpoint Protection Product Roadmap 28
Thank you! Suzanne Konvicka Paul Murgatroyd Suzanne_Konvicka@symantec.com Paul_Murgatroyd@symantec.com Tel: +1 650 527 2331 +44 (0) 7786 807480 Copyright 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Symantec Endpoint Protection Product Roadmap 29