do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1
Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter: Critical System Protection 4 Summary 2
Threat Landscape 3
Four Key Trends Malware Attacks Rising Targeted Attacks Expand Mobile Threats Expose All Data Breaches Rising 4
Malware Attacks Continue to Grow Rapidly 5
The Big Numbers for 2011 5.5B Attacks blocked by Symantec +81% 403M Unique Variants of Malware +41% 4,597 Web Attacks per Day +36% 4,989 New Vulnerabilities -20% 8 Zero-Day Vulnerabilities -43% 315 New Mobile Vulnerabilities +93% 75% Spam rate -34% 6
Malware Authors Have Switched Tactics From: A mass distribution one worm hits millions of PCs Storm made its way onto millions of machines across the globe To: 75% of malware infect less than 50 machines A micro distribution model Hacked web site builds a trojan for each visitor Signature-based file scanning becomes less and less effective 7
Targeted Attacks Have Expanded 8
Advanced Targeted Threats Your Assumptions are Wrong 9
Assumption #1 Only large corporations, governments and defense industries are being targeted for attack. 10
Organizations of All Sizes at Risk of Targeted Attacks 13,428 13,518 1501-2500 1001-1500 501-1000 250-500 <250 18% 2,500+ 11
Targeted Attacks by Sector Government & Public Sector Manufacturing Finance IT Services Chemical & Pharmaceutical Transport & Utilities Non-Profit Marketing & Media Education Retail 12
Targeted Attacks by Sector Government & Public Sector Manufacturing Finance IT Services Chemical & Pharmaceutical Transport & Utilities Non-Profit Marketing & Media Education Retail 13
Assumption #2 Only CEOs and Senior Managers are targeted. 14
Targeted Attacks by at Job Function C-Level Senior R&D Sales Media Shared Mailbox PA Recruitment 15
Targeted Attacks by at Job Function C-Level Senior R&D Sales Media Shared Mailbox PA Recruitment 16
Number of Data Breaches Continues to Rise 17
Data Breaches Hactivism helped drive this dramatic increase over 2010 18
Mobile Threats Expose Organizations and Consumers 19
Mobile Threats This represents families of mobile malware There are 3,000-4,000 variants in the wild today and growing 20
do Endpoint Symantec Endpoint Protection 21
Symantec Endpoint Protection 12 Unrivaled Security Blazing Performance Built for Virtual Environments Powered by Insight Real Time Behavior Monitoring with SONAR Up to 70% reduction in scan overhead Smarter Updates Faster Management Tested and optimized for virtual environments Higher VM densities 22
Unrivaled Security 23
Symantec Insight Proactive Protection from New, Targeted Threats Leverages anonymous telemetry data from 175M+ machines to construct a massive nexus of files, machines and domains Tracks nearly every binary in the world 3.1 billion files, adding 37 million every week Uses age, prevalence, source and other attributes to assign a reputation rating to files Can accurately identify and block threats even if just a single Symantec user encounters them Bad Safety Rating File is blocked No Safety Rating Yet IT can set block/ allow thresholds Good Safety Rating File is whitelisted 24
SONAR Proactive Threat Protection Against: Heuristic Threats Determines if an unknown file behaves suspiciously and might be a high risk or low risk. System Changes Bad Behavior from Trusted Applications Identifies applications or files that try to modify DNS settings or a host file on a client computer. Detects suspicious behavior from trusted files. Removes bad applications before they can do damage. 25
Symantec Protection Model Defense in Depth File Network Website/ Domain/ IP address Network File Reputation Behavioral Repair Network-based Reputation- Protection Stops malware as it travels over the network and tries to take up residence on a system Protocol aware IPS Browser Protection File-based Protection Looks for and eradicates malware that has already taken up residence on a system Antivirus Engine Auto Protect Malheur based Protection Establishes information about entities e.g. websites, files, IP addresses to be used in effective security Domain Reputation File Reputation (Insight) Behavioralbased Protection Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware SONAR Behavioral Signatures Remediation Tools Aggressive tools for hard to remove infections Boot to a clean OS Power Eraser uses aggressive heuristics Threat-specific tools 26
Blazing Performance 27
Insight Faster, Smarter, Fewer Scans On a typical system, 70% of files can be skipped! Traditional Scanning Has to scan every file Insight - Optimized Scanning Skips any file we are sure is good, leading to much faster scan times 28
Built for Virtual Environments 29
Symantec Endpoint Protection Virtualization Features 5 features to optimize 1 Virtual Client Tagging 2 Virtual Image Exception Scan Cache 3 Offline Image Scanner Hypervisor 4 Shared Insight Cache 5 Resource Leveling 30
ESX Host ESX Host Uncompromising Security For Managed VMs Highly Optimized Agented Protection with Symantec Endpoint Protection 12.1 Scan Elimination via Insight Cloud & Out-of-Guest De-duplication Guest VMs Guest VMs Insight Security VM Scan 5,000 of 50,000 Files First, eliminate scan activity via easy whitelisting of golden VMs, using new feature Virtual Image Exception Then, eliminate scan activity by offloading to the Insight cloud Works in physical environments too Next, de-duplicate remaining scan activity using new out-of-guest feature Shared Insight Cache One VM de-dupes across the entire virtual environment Finally, smooth out remaining scan and definition activity with the feature Resource Leveling Optional: use new Offline Image Scanner feature (integrates with VMsafe) to find latent threats 31
What s New: Symantec Endpoint Protection Small Business Edition 2013 32
Simplifying SMB Endpoint Protection Previously Now Symantec Endpoint Protection.cloud (cloud-managed service) Symantec Endpoint Protection Small Business Edition 2013 Symantec Endpoint Protection Small Business Edition 12.1 (on-premise management) Login Get Started Choose Cloud- Managed or On-Premise Download 33
Symantec Endpoint Protection Small Business Edition 2013 Key Benefits Simple, Fast & Effective Set up in Just Minutes Cloud-Ready When You Are Always-on protection with automatic security updates Employee systems stay current Intelligent scanning means faster, fewer scans Easily protect remote laptops No additional hardware needed No special IT staff or training needed Fast protection of laptops, desktops and servers Start with on-premise management and move to the cloud-managed service at no additional cost Simple subscription fee covers either management choice and includes maintenance, updates and 24x7 support 34
Coming Soon: Symantec Endpoint Protection 12.1.2 35
What s New in Symantec Endpoint Protection 12.1.2 New Integration with VMware: vshield Endpoint Feature vshield enabled Shared Insight Cache Deduplicates File Scanning Across Multiple Virtual Machines Benefit Significant Resource Reduction for Virtual Machines Great Protection without Sacrificing Performance 36
What s New in Symantec Endpoint Protection 12.1.2 New Operating System Support 37
Enhanced Security: SONAR Drive-by and double-click protection Catches more zero-day threats Increased use of Artificial Intelligence Engine SONAR monitors nearly 1400 behaviors (up from 400) No impact on performance 38
ao Datacenter: Critical System Protection 39
Servers are the Primary Target 97% of stolen data is from servers. More often endpoints / user devices simply provide an initial foothold into the organization, from which the intruder stages the rest of their attack. 40
Servers are Different than Laptops Server Security Must be Different than Laptop Security user centric process centric 41
Symantec Critical System Protection Complete Protection for vsphere Stop Zero-Day and Targeted Attacks Real-time Visibility and Control of Compliance Monitor and harden vcenter Harden guest VMs based on unique workloads Harden VMware hypervisors based on VMware Hardening guidelines Leverage custom reporting for your VMware environment Prevent external attacks and protect against insider abuse Secure against un-patched vulnerabilities Restrict inbound/outbound server communication Provide audit evidence and forensics with detailed reporting Monitor file integrity realtime, report edits with differentials Manage config drift with File and System Tamper prevention 42
How does Critical System Protection Work? Intrusion Detection AUDITING & ALERTING SYSTEM CONTROLS NETWORK PROTECTION EXPLOIT PREVENTION Monitor file integrity in realtime for compliance. Alert/notify for early response. Lockdown configuration settings. Enforce security policy. Restrict device access. Intrusion Prevention Close back doors. Limit connectivity by app. Restrict traffic flow. Prevent zero-day attacks. De-escalate privileges i.e. sandboxing. Restrict behaviors. Buffer overflow protection. 43
Protecting Virtual Environments VM1 VM2 VM3 APP APP APP Harden guest VM s based on unique workloads OS OS OS Monitor and protect hypervisors based on VMware Hardening guidelines ESX/ESXi vcenter Protect vcenter against insider abuse and external attacks 44
Summary 45
Symantec Endpoint Protection 12 Faster Adoption than any Previous Release What s driving adoption? Ease-of-migration Virtualization 8 Million Users In 15 months since release Insight & SONAR Enhanced security, performance and management 46
: do Endpoint ao Datacenter Symantec Endpoint Protection Unrivaled Security Symantec Critical System Protection Protect vsphere Blazing Performance Stop Zero Day Attacks Built for Virtual Environments Visibility & Control of Compliance 47
Thank you! Piero DePaoli piero_depaoli@symantec.com +1 415 203 5991 Leandro Vicente leandro_vicente@symantec.com +55 11 5189 6228 Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 48