advertisement

Redefining Endpoint Security

50 %
50 %
advertisement
Information about Redefining Endpoint Security
Technology

Published on December 17, 2008

Author: dayioglu

Source: slideshare.net

Description

Symantec redefines endpoint security
advertisement

Redefining Endpoint Security

Agenda Environment and Endpoint Challenges 1 Symantec Endpoint Protection 2 Symantec Network Access Control 4 Entitlement/Deployment/Migration 3 Available Now 5

Corporate Network is Continually Exposed Wireless Networks Web Applications Guests Consultants IPsec VPN Employees Working at Home WANs & Extranets SSL VPN Internet Kiosks & Shared Computers

Business Problems at the Endpoint Source: Internet Security Threat Report Vol. XIII; Mar 2008 Significant Increase in Malicious New Code Threats

Key Ingredients for Endpoint Protection Antivirus World’s leading AV solution Most (40) consecutive VB100 Awards Virus Bulletin – October 2008 Viruses, Trojans, Worms AntiVirus Symantec PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS PASS 40 0

World’s leading AV solution

Most (40) consecutive VB100 Awards

Key Ingredients for Endpoint Protection Antivirus Antispyware Antispyware Best rootkit detection and removal VxMS = superior rootkit protection Source: Thompson Cyber Security Labs, August 2006 Viruses, Trojans, Worms Spyware, Rootkits

Best rootkit detection and removal

VxMS = superior rootkit protection

Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Firewall Industry leading endpoint firewall technology Gartner MQ “Leader” – 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading Viruses, Trojans, Worms Spyware, Rootkits Worms, Spyware

Industry leading endpoint firewall technology

Gartner MQ “Leader” – 4 consecutive years

Rules based FW can dynamically adjust port settings to block threats from spreading

Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Intrusion Prevention Intrusion Prevention Combines NIPS (network) and HIPS (host) Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants Granular application access control TruScan TM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate Detects 1,000 new threats/month - not detected by leading av engines Worms, Spyware Spyware, Rootkits Viruses, Trojans, Worms 0-day, Key Logging 25M Installations Fewer than 50 False Positives for every 1 MM PC’s

Combines NIPS (network) and HIPS (host)

Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants

Granular application access control

TruScan TM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate

Detects 1,000 new threats/month - not detected by leading av engines

Intrusion Prevention System (IPS) Combined technologies offer best defense Intrusion Prevention (IPS) (N)IPS Network IPS (H)IPS Host IPS Deep packet inspection Attack-facing (Symantec sigs. via LiveUpdate, Custom sigs, SNORT-like) TruScan TM Behavior-based (Proactive Threat Scan technology) Generic Exploit Blocking Vulnerability-facing (Signatures for vulnerability) System Lockdown White listing (tightly control which applications can run)

TruScan TM - Proactive Threat Scan 6 months testing with Norton consumer technology Very low false positive rate (0.004%) Fewer than 50 False Positives for every 1M computers No set up or configuration required Detects 1,000 threats/month not detected by top 5 leading antivirus engines

6 months testing with Norton consumer technology

Very low false positive rate (0.004%)

Fewer than 50 False Positives for every 1M computers

No set up or configuration required

Key Ingredients for Endpoint Protection Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Device and Application Control Prevents data leakage Restrict Access to devices (USB keys, Back-up drives) Whitelisting – allow only “trusted” applications to run W32.SillyFDC targets removable memory sticks spreads by copying itself onto removable drives such as USB memory sticks automatically runs when the device is next connected to a computer Spyware, Rootkits Viruses, Trojans, Worms Worms, Spyware Slurping, IP theft 0-day, Key Logging

Prevents data leakage

Restrict Access to devices (USB keys, Back-up drives)

Whitelisting – allow only “trusted” applications to run

W32.SillyFDC

targets removable memory sticks

spreads by copying itself onto removable drives such as USB memory sticks

automatically runs when the device is next connected to a computer

Key Ingredient for Endpoint Compliance Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Network Access Control Comes ready for Network Access Control – add on Agent is included, no extra agent deployment Simply license SNAC Enforcement

Comes ready for Network Access Control – add on

Agent is included, no extra agent deployment

Simply license SNAC Enforcement

Next Generation Symantec AntiVirus Results: Antivirus Antispyware Firewall Intrusion Prevention Device and Application Control Network Access Control Single Agent, Single Console Managed by Symantec Endpoint Protection Manager Reduced Cost, Complexity & Risk Exposure Increased Protection, Control & Manageability Symantec Network Access Control 11.0 Symantec Endpoint Protection 11.0

Next Generation Management Comprehensive Reporting 50+ canned reports Customizable Dashboard Monitors

50+ canned reports

Customizable Dashboard

Monitors

What analysts are saying Gartner Magic Quadrant Endpoint Protection Platforms, 12/2007 Organizations should consider Symantec Endpoint Protection if they ….. are looking for a more complete protection platform that supports the selection of multiple styles of protection from an extensible agent framework and managed from a single console.

Productivity Impact: Open Word and PowerPoint Faster with Symantec Microsoft Office 2007/Vista File “Open” Times (Increase Over Unprotected System) Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008) Symantec 100% Faster Symantec 800% Faster

Complement Security with Management Altiris Client Management Suite Policy-based software delivery Application Management Software Virtualization Patch Management Backup and Recovery Application Usage Remote Control Altiris Software Delivery Suite Apply Patches Ensure software is installed and stays installed Report machines not connecting Identify missing hard-drives Symantec Endpoint Protection Integrated Component Streamline migrations Initiate scans or agent health tasks Dashboards integrate security and operational information

Policy-based software delivery

Application Management

Software Virtualization

Patch Management

Backup and Recovery

Application Usage

Remote Control

Apply Patches

Ensure software is installed and stays installed

Report machines not connecting

Identify missing hard-drives

Streamline migrations

Initiate scans or agent health tasks

Dashboards integrate security and operational information

Is Endpoint Protection Enough Protection? Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention Employee Laptop Internet Through Firewall Non-Employee Laptop VPN Home System Don’t Know Other 43% 39% 34% 27% 8% 8% “ What Are The Most Common Sources Of Automated Internet Worm Attacks ?”

Challenge: Access to Corporate Networks Corporate Network Open access to corporate networks means higher risk for infection Partners Consultants Auditors Home PC Hotel Business Center Partners Consultants

Solution: Network Access Control Checks adherence to endpoint security policies  Antivirus installed and current?  Firewall installed and running?  Required patches and service packs?  Required configuration? Fixes configuration problems Controls guest access Enforce Monitor Remediate Network Access Control helps prevent malware from spreading throughout the network NAC is process that creates a much more secure network Discover

Checks adherence to endpoint security policies

 Antivirus installed and current?

 Firewall installed and running?

 Required patches and service packs?

 Required configuration?

Fixes configuration problems

Controls guest access

Network Access Control (continued) Restricts access to your network by creating a closed system Offers automatic endpoint remediation before access is granted Checks adherence to endpoint security policies even when connected to network Corporate Network Employees Non-employees Managed Unmanaged On-site Remote

Restricts access to your network by creating a closed system

Offers automatic endpoint remediation before access is granted

Checks adherence to endpoint security policies even when connected to network

Symantec Network Access Control 3 Key Components 1. Central Management Console 2. Endpoint Evaluation Technology 3. Enforcer

1. Central Management Console Policy Management Web-based GUI Enterprise class/scale Role-based access Hierarchical views Integration with Active Directory Symantec Endpoint Protection Manager Same Management Console used for Symantec Endpoint Protection 11.0

Policy Management

Web-based GUI

Enterprise class/scale

Role-based access

Hierarchical views

Integration with Active Directory

2. Endpoint Evaluation Technologies Symantec Endpoint Protection 11.0 agent is SNAC ready Dissolvable Agents ‘ Unmanaged’ Endpoints Better Remote Scanner ‘ Unmanagable’ Endpoints Good Persistent Agents ‘ Managed’ Endpoints Best

3. Enforcers Symantec LAN Enforcer-802.1X Symantec DHCP Enforcer Symantec Gateway Enforcer Symantec Self-Enforcement Host-based Network-based (optional) Best Better Good

How SNAC is Packaged Central Management Console Endpoint Evaluation Technology Endpoint Evaluation Technology Symantec Endpoint Protection Manager Persistent Agent (SNAC Agent) Dissolvable Agent (On-Demand Agent) Remote Vulnerability Scanner Self - Enforcement Gateway Enforcement DHCP Enforcement LAN (802.1x) Enforcement       *   *  Add On Add On Add On Add On  * Symantec Network Access Control v 11.0 Symantec Network Access Control Starter Edition v 11.0 * Required purchase of an enforcer appliance

Symantec NAC Self-Enforcement: How It Works Onsite or Remote Laptop Symantec Endpoint Protection Manager Remediation Resources Persistent Agent Protected Network Quarantine Client connects to network and validates policy Persistent Agent performs self-compliance checks Compliance fail: Apply “Quarantine” firewall policy Compliance pass: Apply “Office” firewall policy Host Integrity Rule Status Anti-Virus On  Anti-Virus Updated  Personal Firewall On  Service Pack Updated  Patch Updated  Patch Updated 

Where Endpoint Security Fits Satellite office Corporate Network Home office Coffee House File Server Web Server CD USB Server Endpoint Protection Endpoint Encryption Advanced Server Protection Mobile Security Network Access Control Partners Symantec TM Endpoint Protection Symantec TM Endpoint Encryption Symantec TM Critical System Protection Symantec TM Mobile Security Symantec TM Network Access Control Home PC Mobile Device Mobile office

Available Today Customers with valid maintenance will automatically receive an email notification from which they can easily download the software Download software by directly visiting Symantec’s electronic software distribution website (“FileConnect”- serial number required) http:// www.symantec.com/downloads/fileconnect/index.jsp Visit Symantec’s Licensing Portal that delivers multi-function capabilities in one easy-to-navigate portal (serial and/or account number required) http:// www.symantec.com/enterprise/licensing/index.jsp?src = symsug_us

Customers with valid maintenance will automatically receive an email notification from which they can easily download the software

Download software by directly visiting Symantec’s electronic software distribution website (“FileConnect”- serial number required)

http:// www.symantec.com/downloads/fileconnect/index.jsp

Visit Symantec’s Licensing Portal that delivers multi-function capabilities in one easy-to-navigate portal (serial and/or account number required)

http:// www.symantec.com/enterprise/licensing/index.jsp?src = symsug_us

Symantec™ Global Intelligence Network > 7,000 Managed Security Devices + 120 Million Systems Worldwide + 2Million Probe Network + Advanced Honeypot Network 4 Symantec SOCs 80 Symantec Monitored Countries 40,000+ Registered Sensors in 180+ Countries 11 Symantec Security Response Centers Austin, TX Chengdu, China Chennai, India * Source: virusbtn.org; ** Source: Symantec Reading, England Alexandria, VA Sydney, Australia Mountain View, CA Culver City, CA Calgary, Canada San Francisco, CA Dublin, Ireland Pune, India Taipei, Taiwan Tokyo, Japan Received 40 consecutive Virus Bulletin 100% Certification awards* TruScan TM technology catches 1,000 more threats per month than other AV vendors**

Received 40 consecutive Virus Bulletin 100% Certification awards*

TruScan TM technology catches 1,000 more threats per month than other AV vendors**

Thank You! Copyright © 2007 Symantec Corporation. All rights reserved.  Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

The Future is Now: Redefining Endpoint Security

Hear an exclusive discussion on redefining endpoint security technologies and learn what you can do to stay protected against advanced threats.
Read more

Redefining Endpoint Security Article | InterGuard

10 May 2010 Redefining Endpoint Security Written by Ron Penna Redefining Endpoint Security Most security professionals believe that Endpoint security is a ...
Read more

Redefining Endpoint Security with McAfee - BrightTALK

Today’s threats to endpoints and data are more complex, more numerous, more varied—and changing every second. McAfee catalogs over 100,000 new malware ...
Read more

Redefining Endpoint Security | Bromium

Bromium customers and executives discuss the issues in protecting the enterprise, and how the micro-VM architecture can thwart attacks on the client.
Read more

Redefining Endpoint Security: Symantec Endpoint Protection

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen Sr. Presales Engineer, CISSP, MCSE
Read more

Agile Network

Redefining Endpoint Security. By trying to adapt conventional antivirus solutions to new threats, ... Agile Network Sdn. Bhd. Unit 4805-2-5, CBD Perdana 2,
Read more

Redefining Endpoint Protection for ... - Security Intelligence

The endpoint protection market has historically relied on antivirus products to protect endpoints. In recent years, however, the threat has shifted from ...
Read more

EXPERT ADVICE Redefining Endpoint Security

EXPERT ADVICE Redefining Endpoint Security By Ron Penna TechNewsWorld 07/27/10 The point at which a device becomes "valuable" to criminals is typically when it
Read more

Redefining Endpoint Security | Hacking | TechNewsWorld

Most security professionals believe that endpoint security is a strategy in which security software is distributed to end-user devices but centrally managed.
Read more

What is endpoint security management? - Definition from ...

Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are ...
Read more