Symantec Endpoint Protection 12.1 Symantec Protection Center 2.0

Similar documents
Protecting the Infrastructure: Symantec Web Gateway

End to End Security do Endpoint ao Datacenter

Confidence in a Connected World. MEEC Symantec Product Availability. John Lally MD Education Account Executive John_Lally@symantec.

Symantec Endpoint Protection Datasheet

#ITtrends #ITTRENDS SYMANTEC VISION

Symantec Endpoint Protection

Symantec Endpoint Protection

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Symantec Endpoint Protection

Best Practices for a BYOD World

UP L13: Leveraging the full protection of SEP 12.1.x

Cyber and Mobile Landscape, Challenges, & Best Practices

Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!

Find the needle in the security haystack

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

Securing the endpoint and your data

ORGANIZADOR: APOIANTE PRINCIPAL:

Insight. Security Response. Deployment Best Practices

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Symantec Endpoint Protection Small Business Edition Implementation Guide

Symantec Endpoint Protection Small Business Edition Installation and Administration Guide

Cybercrime Security Risks and Challenges Facing Business

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Symantec Endpoint Protection

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

INFORMATION PROTECTED

Symantec Virtual Machine Management 7.1 User Guide

On and off premises technologies Which is best for you?

Symantec Endpoint Protection Analyzer Report

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Secure Your Mobile Workplace

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Introducing IBM s Advanced Threat Protection Platform

How To Set Up A Shared Insight Cache Server On A Pc Or Macbook With A Virtual Environment On A Virtual Computer (For A Virtual) (For Pc Or Ipa) ( For Macbook) (Or Macbook). (For Macbook

Symantec Endpoint Protection Small Business Edition Getting Started Guide

Unified Security, ATP and more

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

Best Practices in Virtualization & Cloud Security with Symantec DCS

Integrating MSS, SEP and NGFW to catch targeted APTs

Endpoint protection for physical and virtual desktops

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Symantec Endpoint Protection

Symantec Endpoint Security Management Solutions Presentation and Demo for:

Symantec Advanced Threat Protection: Network

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

INTRODUCING: KASPERSKY SECURITY FOR VIRTUALIZATION LIGHT AGENT

Virtual Desktops Security Test Report

SIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection (V12.1) Preface 1. Virus scanner administration 2.

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

IBM Security X-Force Threat Intelligence

Symantec Cyber Security Services: DeepSight Intelligence

Cloud and Data Center Security

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

Getting Started with Symantec Endpoint Protection

Automated Protection on UCS with Trend Micro Deep Security

Netzwerkvirtualisierung? Aber mit Sicherheit!

Managing Remote and Mobile Workers Adam Licata, Enterprise Mobility SE, TSO Brian Sheedy, Sr. Principal TEC, Endpoint Management

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Symantec Security Information Manager 4.8 Release Notes

Symantec Protection Center Enterprise 3.0. Release Notes

IBM Endpoint Manager for Core Protection

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Devising a Server Protection Strategy with Trend Micro

Countering Insider Threats Jeremy Ho

Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper

Symantec Endpoint Protection 11.0 Securing Virtual Environments Best Practices White Paper. Updated 7/20/2010

Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines. Regional Product Management Team Endpoint Security

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Devising a Server Protection Strategy with Trend Micro

IBM Security Intrusion Prevention Solutions

Solution Brief: Enterprise Security

Cisco Advanced Malware Protection for Endpoints

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Endpoint protection for physical and virtual desktops

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

IBM Security IBM Corporation IBM Corporation

How To Protect A Virtual Desktop From Attack

Symantec Endpoint Protection Getting Started Guide

Symantec Messaging Gateway 10.5

McAfee Network Security Platform Administration Course

Symantec Messaging Gateway 10.6

IBM QRadar Security Intelligence April 2013

McAfee Network Security Platform

An Oracle Technical White Paper May How to Configure Kaspersky Anti-Virus Software for the Oracle ZFS Storage Appliance

Protecting the un-protectable Addressing Virtualisation Security Challenges

You ll learn about our roadmap across the Symantec and gateway security offerings.

Transcription:

Symantec Endpoint Protection 12.1 Symantec Protection Center 2.0 Let me phone a friend Jimmy Sandberg Presale Engineer

What s new in Symantec Endpoint Protection 12.1 Unrivaled Security Blazing Performance Built for Virtual Environments Powered by Insight Real Time Behavior Monitoring with SONAR Up to 70% reduction in scan overhead Smarter Updates Faster Management Tested and optimized for virtual environments Higher VM densities

Research Powered by Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland San Francisco, CA Mountain View, CA Culver City, CA Austin, TX Pune, India Chengdu, China Chennai, India Taipei, Taiwan Tokyo, Japan Worldwide Coverage Global Scope and Scale Rapid Detection 24x7 Event Logging Attack Activity 240,000+ sensors 200+ countries and territories Malware Intelligence 150M client, server, gateways monitored Global coverage Vulnerabilities 35,000+ vulnerabilities 11,000 vendors 80,000 technologies Spam/Phishing 5M decoy accounts 8B+ email messages/day 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions

Traditional Signatures The changing threat landscape - An explosion of malware 7000000 In 2010 >50,000 signatures a day 6000000 5000000 Expected in the end of 2011: >100.000 unique signatures a day 4000000 3000000 2000000 1000000 In 2000 5 signatures a day In 2007 1,500 signatures a day 0 4

Malware authors have switched tactics From: A mass distribution one worm hits millions of PCs Storm made its way onto millions of machines across the globe To: 75% of malware infect less than 50 machines A micro distribution model. Hacked web site builds a trojan for each visitor The average Harakit variant is distributed to 1.6 users!

The Idea Only malware mutates So... if an executable is unique, it s suspicious... but how to know if a file is unique?

Unrivaled Security

Foundation of reputation based security Reputation: Game-changing approach Leverages data on hundreds of millions of files Reduces reliance on signatures Amplifies current protection Shifts the odds in our favor

The protection stack Network IPS Insight Heuristics & Signature Scan Real time behavioral SONAR Firewall Network & Host IPS Monitors vulnerabilities Monitors traffic Application & Device ctrl. Stops stealth installs and drive by downloads Focuses on the vulnerabilities, not the exploit (GEB) Improved firewall supports IPv6, enforces policies

Insight Provides Context Network IPS & Browser Protect Insight Insight: Before we scan check the reputation Heuristics & Signature Scan Real time behavioral SONAR Identifies new and mutating files Feeds reputation to our other security engines Only system of it s kind

How Symantec Insight works 2 Rate nearly 3.0 billion every file on files* the internet (* Sept 2011) 4 Check the DB during scans 1 Build 175 a collection million network PCs Is it new? Bad reputation? Prevalence Age 5 Provide actionable data 3 Look for reputation Source Behavior

Insight - Reputation Protection Allow the customization of a policy for end user experience Threshold can be set for age and prevalence Log and report on infection source Includes protection for browsers, peer to peer apps, email, and chat

Policies based on Risk Finance Dept Help Desk Developers

So what is special about Insight? Symantec Insight Ranks all executable files Tracks prevalence Tracks age Signatures for new malware Only Insight can answer: How old is the file? How many copies are there? Is the file associated with infections? Only Insight can use reputation to identify mutating threats

File Scanning Network IPS & Browser Protect Insight File Scanning Cloud and Local Signatures New, Improved update mechanism Heuristics & Signature Scan Real time behavioral SONAR Most accurate heuristics on the planet. Uses Insight to prevent false positives

SONAR (TruScan) Completes the Protection Stack Network IPS & Browser Protect Insight SONAR Monitors processes and threads as they execute Rates behaviors Feeds Insight Heuristics & Signature Scan Real time behavioral SONAR Only hybrid behavioralreputation engine on the planet Monitors 400 different application behaviors Sonar is formerly known as TruScan

SONAR - Reputation Protection Enhanced by Insight to keep False Positive detects to a minimum Analyzes file system and network behavior Tamper Protection utilizes same technology

Browser Intrusion Protection Can be updated in the field to protect against new browser vulnerabilities Protection for Internet Explorer, Firefox and Chrome

File-Based Signatures are NOT Enough 2009 33% Insight -blocking 90,000 downloads 2010 /day Sonar 53,000 malicious files and processes blocked /day This is an increase of 50% >3.000% since 2008 Insight helping convict >1000,000 files / day AV Detection AV Detections IPS Dections IPS Detections

Blazing Performance

Faster Scans with Insight On a typical system, 70% of active applications can be skipped! Traditional Scanning Has to scan every file Insight - Optimized Scanning Skips any file we are sure is good, leading to much faster scan times 24

Improved client performance: ScanLess and Scan on Idle Use reputation to whitelist Symantec trusted and community trusted files Provide administrator with choices to use the information or run in paranoid mode Scan when system is idle Applicable to scheduled and on demand scans Chart for Demonstration Purposes Only And tons of new features and performance enhancements under the hood

Built for Virtual Environments

SEP 12.1 is built for Virtual Environments Optimized for VMware, Citrix and Microsoft virtual environments Easy to identify and manage physical and virtual clients Maximizes performance and density without sacrificing security Best in class performance and security Hypervisor Scan Cache

Virtualization Features Image Exception Used on cloned images Excludes all files Reduces scan impact Shared Insight Cache Clients share scan results Scan files once Leverages Insight Enhances Management Reduces Disk I/O up to 90% Virtual Client Tagging Identifies hypervisor Set group specific policy Search for virtual clients Resource Leveling Used for all virtual systems Reduce overlap of events Scans and def updates

Shared Insight Cache - High Level Shared Insight Cache Server (SIC) File Hash Def Ver Result AE32D 2011.1... Clean B923E 2011.1 Clean F9123 2011.1 Clean C3FDA 2010.2 Clean VM VM VM VM VM VM ESX Server VM Cluster* *Works for ESX, Citrix and Hyper-V VM VM VM VM VM VM ESX Server

But, what about agent-less installations? If we take the scanner out of the VM clients it would work. However, it won t support a full endpoint protection package No client-based packet inspection No client-firewall (HIPS/NIPS) No application control or device control No system integrity monitoring No real-time behavioral protection (SONAR)

What s needed to defend the Virtual Endpoint Signature and Heuristic File Scanning Insight Network and Host IPS Browser Protection SONAR Application and Device Control

Simplified Administration

A Friendly Welcome Screen Provide guidance with a welcome screen that highlights the common tasks Features: Deploy SEP client Run LiveUpdate Product tour License status Adjust the server configuration

The new SEPM home page Features: Allow administrators of all signature deployments Launch of common tasks like client deployment Simplified endpoint status Simplified ThreatCon License status

New and improved email notifications Features: Can be viewed on a smartphone (HTML) License renewal and partner messages New client software is available Detecting unprotected clients Policy changes

Package deployment: Include latest Virus Definitions Provides an option that reduces signature impact on network Option to include latest signatures Option to limit signatures

Installation status reporting Register client in console as soon as installation starts Features: Report includes detailed client installation status Populates for all installation methods Reboot commands initiated from the report

Enhanced Disaster Recovery Solution: Allow a SEPM reinstall to use existing backed-up certificates so that clients just reconnect. Notes: This was the #1 supportability request

In Product Licensing Supports Trialware conversion In product activation License status, reports and notification reminders (content enforcement for SBE)

Symantec Protection Center 2.0

Key Buyer: Security Operations Customer Objectives Internal Threat Reporting Prioritized Actions Implement commands to products based on role Symantec Solution Protection Center 2.0 Single Sign On Data collection Action Existing Tools!!!!!

What s New in SPC 2.0? Three levels of integration- Single Sign on, Data collection, Action Symantec GIN Integration Basic event correlation Cross Product Reportingmalware, email, asset Dashboard Notifications Prebuilt workflow templates- Symantec Endpoint Protection STEP 3 rd Party Program

Email

Protection Center Console Reports Dashboards Notifications Settings Technical Architecture Information Flow Symantec Services DeepSight SPC Data https://servername/symantec/protectioncenter Symantec Protection Center Server Security Event Data Storage Exchange Event Channel Event Event Channel Channel Event Summarizer Workflow Event Trigger Asset Processor Data Collection Service Registration Wizard Event Event Archives Event Archives Archives CMDB Integration Web Services Data Feed Registration

Protection Center 2.0 Integrated Products Symantec Endpoint Protection Symantec Messaging Gateway Symantec Mail Security for Microsoft Exchange Symantec Data Loss Prevention Suite PGP Encryption from Symantec Symantec Control Compliance Suite VeriSign Managed Public Key Infrastructure (PKI) for SSL Deepsight Intelligence Services Bay Dynamics IT Analytics Bit 9 Parity Suite: Endpoint Protection

Symantec Protection Center for ipad

Protection Center for the ipad Relevant, Actionable Security Intel for Executives Role Based Dashboard. Executive summary of corporate risk posture relative to your organization Real-time Threat Intelligence. Global threat data from one of the largest sources of external threat intelligence Location aware compliance. Cross product reporting for internal and external IT compliance policies

Welcome Dashboard

What s New in Symantec Endpoint Protection 12.1 Unrivaled Security Blazing Performance Built for Virtual Environments Powered by Insight Real Time Behavior Monitoring with SONAR Up to 70% reduction in scan overhead Smarter Updates Faster Management Tested and optimized for virtual environments Higher VM densities

Thank you! http://www.emea.symantec.com/blackmarket/sv Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.