Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Sr. Presales Engineer, CISSP, MCSE
Key Ingredients for Endpoint Protection Antivirus World s leading AV solution Most (44) consecutive VB100 Awards Virus Bulletin June 2009 Antivirus Symantec: Submitted all supported environment s for analysis since Nov. 99 ONLY vendor to obtain 44 consecutive VB100 Awards Redefining Endpoint Security 2
Key Ingredients for Endpoint Protection Antispyware Best rootkit detection and removal VxMS = superior rootkit protection Antispyware Viruses, Trojans, Worms Antivirus Source: Thompson Cyber Security Labs, Redefining Endpoint Security 3
Key Ingredients for Endpoint Protection Firewall Industry leading endpoint firewall technology Gartner MQ Leader 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading Firewall Spyware, Rootkits Antispyware Viruses, Trojans, Worms Antivirus Redefining Endpoint Security 4
Key Ingredients for Endpoint Protection Intrusion Prevention Intrusion Prevention Worms, Spyware Firewall Spyware, Rootkits Combines NIPS (network) and HIPS (host) Generic Exploit Blocking (GEB) one signature to proactively protect against all variants Granular application access control TruScan TM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate Detects 1,000 new threats/month - not detected by leading av engines No False Alarm 25M Installations Antispyware Viruses, Trojans, Worms Antivirus Redefining Endpoint Security False Alarms Fewer than 50 False Positives for every 1 MM PC s 5
Intrusion Prevention System (IPS) Combined technologies offer best defense Intrusion Prevention (IPS) (N)IPS Network IPS (H)IPS Host IPS Deep packet inspection Attack-facing (Symantec sigs. via LiveUpdate, Custom sigs, SNORT-like) System Lockdown White listing (tightly control which applications can run) Generic Exploit Blocking Vulnerability-facing (Signatures for vulnerability) TruScan TM Behavior-based (Proactive Threat Scan technology) Redefining Endpoint Security 6
Key Ingredients for Endpoint Protection Device and Application Control Device and Application Control 0-day, Key Logging Intrusion Prevention Prevents data leakage Restrict Access to devices (USB keys, Back-up drives) Whitelisting allow only trusted applications to run Worms, Spyware Firewall Spyware, Rootkits Antispyware Viruses, Trojans, Worms Antivirus Redefining Endpoint Security 7
Single Agent, Single Console Results: Device and Application Control Intrusion Prevention Increased Protection, Control & Manageability Firewall Reduced Cost, Complexity & Risk Exposure Antispyware Antivirus Symantec Endpoint Protection Redefining Endpoint Security 8
Comprehensive Reporting 50+ pre-defined reports Customizable Dashboard Monitors Redefining Endpoint Security 9
What s new in Symantec Endpoint Protection? 1 Clients for Mac OS X and Linux Resource Utilization Leveling for Virtualization Symantec Endpoint Recovery Tool IT Analytics for Advanced Reporting Symantec Protection Center
Mac Support Blocks both Mac and PC viruses - preventing Mac users from spreading PC viruses Manage Mac OS X and PC clients from one console Compatible with Apple Remote Desktop and other software distribution tools Mac Intel and PPC, OSX10.4 (Tiger), OSX 10.5 (Leopard), OSX 10.6 (Snow Leopard) Redefining Endpoint Security
Macintosh Management from SEPM Console Client package and group Policies Antivirus and Antispyware policy Centralized Exceptions policy LiveUpdate policy Run commands Enable Auto-Protect Restart Client Computers Scan Update Content Update Content and Scan Redefining Endpoint Security 12
SEP for Mac Features Area Features/Details Management Execute commands from SEPM to Mac Clients Reporting/Dashboard view, license auditing of Mac Clients Policy Configuration (including AntiVirus/AntiSpyware, LiveUpdate, Centralized Exceptions) Note: Mac clients can receive content (definitions) from LiveUpdate (No SEPM Updates) - Administrators can also set up LiveUpdate Administrator as another option Note: Deployment of Mac client packages to remote Mac systems via SEPIC, email deployment and Third Party applications (i.e. Apple Remote Desktop, etc) Migration Supports migration of existing SAV for Mac clients to SEP for Mac Supports migration of clients/group membership from existing SACM to SEPM Client Mac AV Client enhanced to support being managed by SEP Manager Supports Mac OS 10.4, 10.5, and 10.6 operating systems Localized for English and Japanese languages 13
Virtualization in Symantec Endpoint Protection SEP 11.0.6 supports virtualization today VMWare (at least WS 5.0, GSX 3.2, and ESX 2.5) Microsoft Virtual Server 2005 Hyper-V Supporting Documentation Virtualization Best Practices White Paper Best Practices Guide Symantec Endpoint Protection Virtualization 14
SEP 11.0.6 Enhanced for Virtual Environments An client in each VM Utilization Leveling Randomized scan times prevents CPU utilization spikes Randomized updates from SEP Management server or directly from Symantec Performance optimized scan engine with IO aware Scan Tuning, and multithreading CPU utilization aware scanning Removes the latency associated with definition updates on virtual desktops Symantec Endpoint Protection Virtualization 15
Symantec Endpoint Recovery Tool Boots outside your OS so deeply embedded malware can be detected and removed easier than ever before. New wizard creates recovery tool Burns CD/DVD, install to USB or create ISO File State-of-the-art malware removal and remediation Symantec Endpoint Protection Virtualization 16
IT Analytics - Symantec Endpoint Protection Optimize investment in Endpoint Protection Make fully informed decisions about organization s performance and security 1 Continuously improve IT Security operations Timeliness & quality of information Observe compliance Standards and reduce costs Top level summary of your essential IT Security data Analyze trends and diagnose outbreaks Improve scalability Offload reporting & replication burden from SEPM Increases speed of useful report generation SEP Database Analysis & Reporting Services Redefining Endpoint Security 17 17
IT Analytics - Symantec Endpoint Protection Ad-hoc Data Mining Visibility Navigate & explore a unified view of data extracted from multiple Symantec Endpoint Protection Servers Break down Symantec Endpoint Protection client data by virus occurrences, computer details, history of virus definition distribution, and much more Charts, Reports and Trend Analysis Improve productivity Symantec Endpoint Protection client settings communication history Alert & risk categorization trends over time Monitor trends of threats & infections detected by scans Executive Dashboards Holistic View / Strategic Decisions Examples of Endpoint Protection dashboards might include: Overview of Symantec Endpoint Protection clients by version Summary of threat categorization and action taken for a period of time Summary of Virus Definition and Intrusion Prevention Signature distribution Redefining Endpoint Security 18
SEP Reporting Tactical View of frontline endpoint defenses. Current view of events and the state of SEP clients. IT Analytics Strategic View over time of endpoint defenses. Trend analysis and data mining via a consolidated view of multiple Endpoint Protection Managers. Symantec Security Incident Manager Centralized security event reporting. Correlation between SEP, CCS, DLP and other vendor solutions. Incident response and forensics. Redefining Endpoint Security 19
Symantec Protection Center Key Security Challenges For Enterprise Lack of Security Visibility No Understanding of Risk Faster, More Complex Threats Slow Response Times Sophistication Is Increasing Budgets Are Decreasing Threat Visibility Unparalleled Intelligence Increased Productivity Single Console Access Pinpoint Threats Faster Deep Visibility Across Infrastructure Integrated GIN Faster Time To Remediate Threats Automated Intelligence; Less Risk Use Case Based Scenarios Real-Time Consolidated Access Lowered TCO Single-Sign On for Improved Productivity Redefining Endpoint Security 20
Roadmap Development Guiding Principles Superior Protection Reduce Complexity Drive Efficiency Agent Simplification Agent consolidation Smaller footprints Minimal performance impact Prompt platform support Detection, Remediation & Response Change threat economics Expanding technology toolkit In-product and online delivery Leverage Symantec scale Visibility & Orchestration Console consolidation Flexible process automation Auditability Cross-organization alignment Key Bets: End users want security to be invisible Changing the cost of attack changes the threat landscape The right centralized management drives out operational cost Endpoint Security and Management are converging 21
Jasper 11.0.5 (Jade) 11.0.6 (Jasper) 12.1 (Amber) September 2009 Q2 2010 1H 2011 Environment Coverage Unified Management Revolutionary Protection 22
Symantec Endpoint Protection Jasper (SEP 11.0.6) SEPM managed Mac client (AV Only) Symantec Protection Center Web-based, cross product UI portal Cross product reports SSO/RBAC Symantec Endpoint Recovery Tool Posted online for download Quality Data Collection Virtualization: Randomized Scheduled Scan
Downloading Symantec Endpoint Protection 11 Visit the NUIT Web site to download a copy of this software or to view quick reference guides and step-by-step instructions for Windows or Mac machines. www.it.northwestern.edu/software/sav/ Redefining Endpoint Security 24
Thank you! Russ Jensen Russell_jensen@symantec.com 320-761-8948 Copyright 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Redefining Endpoint Security 25