Ian McShane Senior Manager, Product Management Kevin Kingston Senior Product Manager 1
Where is your data? 2
What s the problem? File uploads You shouldn t trust any of them. Ever. File sharing You shouldn t trust any files. Ever. File processing File storage / archiving You must establish trust before this happens, but don t rely on it. You shouldn t trust any files, ever. 3
The solution has to be Client Agnostic No security agent No management No guarantees 4
Evolution of Protection Engine 2002 Symantec Carrier Scan 2005 Symantec Scan Engine 2012 Symantec Protection Engine Performance Scalability Enterprise Storage protection Policy Control Next Gen Protection Mobile threats Insight Reputation Content Sanitising 5
Protection Engine for Cloud Services SYMANTEC VISION 2012 6
Provide on-time/real-time protection Client(s) Exchange SharePoint Network Storage Cloud Services/ SAAS..etc... Applications, URLs, Files, etc. Storage, web apps, LOB apps, collaboration, Virtual Machine storage, carrier/telco 7
What can Protection Engine do? Threat Detection URL Filtering Policy Control Next Gen AV. Most popular file types. Latest AV definitions available via LiveUpdate, Rapid Release and Intelligent Update technologies. RuleSpace technology with intelligence on more than 33 million URLs. User defined category support. Latest URL definitions available via LiveUpdate technology. File size File type Scan result Container policies 8
The Scanning Components Typer Accurate file identification Decomposer Inspect containers and almost all file types and formats STAR components Signature based threat detection Advanced Heuristics for threat detection File reputation based threat detection (2013) 9
Popular Deployment Scenarios for ISP s and Enterprise URL classification / Blocking with Symantec RuleSpace File upload & download protection SMTP & MMS attachments Android application (apk) protection Cloud storage Integrate with ANY application either via ICAP or SDK 10
Software Developer Kit v7.0 (C SDK) Latest compilers added for each platform SDK updated to support new ICAP services for Enhanced Threat Categorization. New return codes added for Unscannable File Handling Operating system Arch Compiler Red Hat Enterprise Linux 5.5 x64 gcc 4.1.2 Red Hat Enterprise Linux 6 x86_64 gcc 4.4.5-6 Red Hat Enterprise Linux (SELinux)] 5 x86 gcc 3.4.6 Solaris 10 (SPARC) 32bit gcc 3.4.6 Solaris 10 (SPARC) 64bit gcc 3.4.3 Solaris 10 (x86) 32bit gcc 3.4.3 Solaris 10 (x86) 64bit gcc 3.4.3 Windows Server 2008 R2 x64 MS Visual Studio 2008 MS Visual Studio 2010 Windows Server 2003 R2 x86 MS Visual Studio 2003 SYMANTEC VISION 2012 11
Software Developer Kit v7.0 (Java and.net SDK) Java SDK Supported Platforms and Compilers Operating system Arch Compiler Microsoft Windows Server 2003 R2 x86 jdk 1.6 Microsoft Windows Server 2008 x86 jdk 1.6 Solaris (SPARC) 10 x86 jdk 1.6 Red Hat Enterprise Linux 5.5 x86 jdk 1.6 Microsoft Windows Server 2008 R2 x64 jdk 1.6 Solaris (SPARC) 10 x64 jdk 1.6 Red Hat Enterprise Linux 5.5 x64 jdk 1.6.Net SDK Supported Platforms and Compilers Operating system Arch Compiler Microsoft Windows Server 2003 R2 x86.net 2005 Microsoft Windows Server 2008 R2 x64.net 2008 SYMANTEC VISION 2012 12
Protection Engine for NAS SYMANTEC VISION 2012 13
Why does Network Attached Storage need protection? Defense in Depth Provides protection on storage that can not be bypassed by clients Massive Centralized Repository for Sensitive Data Centralized vector of infection! Can be specifically targeted by hackers Unmanaged Clients that have access to Storage PCs, Linux, Mac, Virtual Machines 14
What is Protection Engine for NAS? Network based virus scanner Supports ICAP and RPC protocols(rpc used for NetApp support only) Most common integration with NetApp DataONTAP client RPC-based connector built-in to ONTAP s CIFS protocol Determines which files to Scan Read, Write, Read/Write Include/Exclude list Already Scanned? Mandatory scan option 15
Other common storage integrations Hitachi NAS EMC Isilon, VNX(formerly Celerra) IBM Sonas and Storwize * These platforms utilize ICAP protocol and are certified by vendor 16
Protection Engine for SharePoint SYMANTEC VISION 2012 17
Provide on-time/real-time protection Client(s) Files 18
Deployment Option 1 Onbox Architecture Protection Engine and SPSS Connector installed on front-end server No additional hardware required Simple installation SharePoint Front-End SPSS Connector SQL Servers SPSS Connector 19
Deployment Option 2 Off-box Architecture Connector installed on each front-end server Can point each WFE to one or more scan engines installed on separate server Increases performance Designed to handle larger loads SharePoint Front-End SPSS Connector SQL Servers SPSS Connector 20
Deployment Option 3 Hybrid Architecture One scan engine resides on front end server with connector SharePoint Front-End Can handle one or more off-box scanners Increased performance with prioritization capabilities Designed to handle larger loads of scanning files Utilizes all available hardware SPSS Connector SQL Servers SPSS Connector 21
Strongest Protection Next generation threat detection technologies powered by the largest threat intelligence network Flexibility and Choice Vast platform support for server and SDK spanning Linux, Solaris and Windows. Security Leadership Provide robust malware protection for NAS platform, and almost any other application via SDK or ICAP. 22
Thank you! Kevin Kingston - kevin_kingston@symantec.com Ian McShane - @ianmcshane Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 23