Intel and Symantec: Improving performance, security, manageability and data protection Terry Cutler Enterprise Solution Architect Omid Meshkin Strategic Business Development 1
Session Objectives By the end of this session you will be: Educated on the value of Intel silicon combined with Symantec Promoting the improved performance, security, manageability, and data protection enable via Intel and Symantec collaboration Eager to see the Intel showcase demonstrations 2
Where were Intel and Symantec Collaborating 2-3 years ago? Security Manageability Symantec Client Management Suite + Intel vpro Technology Information Management Consumer Other Programs This presentation will summarize many of the futures that now exist 3 3
Who is currently using or considering Symantec appliances? 4
Symantec Appliances Powered by Intel A new and fast growing generation of industry leading appliances for backup and security NetBackup BackupExec SSIM Strong collaboration for hardware & software differentiation Scalable architecture to meet customer needs Optimized for energy efficiency Business-critical Reliability, Availability, and Serviceability (RAS) Flexibility and scalability through Intel Integrated RAID and Intel SSDs
BackupExec 3600 R2 Appliance SAS Disk - 5.5 TB RAID 5 (Data Store) SSD Disk 2 x 80 GB RAID 1 (Windows ) CPU - Quad core Intel Xeon 2.4 GHz, 8MB cache Memory - 16 GB DDR3 1333, ECC USB - 4x USB 2.0 Ports Ethernet - 3x 1GB Ports Tape Out - SAS Port Software - Backup Exec 2012, Critical System Protection, Windows 2008 R2 Backup Exec 3600 R2 Appliance 6
Intel AppUp SM Small Business Service Built on the Intel Hybrid Cloud Platform SMB Intel AppUp SM Small Business Service Catalog Service Provider Break Fix Help Desk Cloud Backup Intel Hybrid Cloud Server Manager Secure Usage Monitoring Remote Mgmt Web Portal Intel Hybrid Cloud Server Reference Design Multiple Xeon based hardware options with Intel VT, TXT, AMT technologies SMB Benefits: Pay-as-you-go Software Cloud access to Software Catalog Data onsite, no capex MSP/ISV Benefits: Convert to subscription model Immediate On-Line Software Catalog Create your own offers Pre-configured, remotely managed OEM Benefits: Grow SMB sales with Hybrid Cloud appliance
How is Symantec integrating Intel Client Computing Technologies? 8
Announcing Ultrabook Ultrabook for Business extends current content creation capabilities with optimized mobile experiences without compromising security and manageability Ultra-Light. Ultra-Sleek. Ultra-Powerful. Business User Requirements Responsiveness User Interface(s) Mobility Form Factor Device Like Experience Ultrabook for Business IT Decision Maker Requirements Reliability Stability Security Manageability Business-Level Performance Intel vpro and Intel Small Business Advantage Full PC Functionality and Enterprise-Class Security in an Ultra-mobile Package only from Intel Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries
2012 Intel vpro Technology Platform Security Focus Points Threat Management Identity and Access Data Protection Security Monitoring Remediation Reporting Defending you against hidden Trojans and more Access to your systems and services is more secure Protect your valuable data and assets from theft or loss Quickly recover from an attack Only Intel Core vpro Processor offers these Unique Security Capabilities
Intel and Symantec product collaborations available today Holistic Approach to Securing and Managing the Client Threat Management Identity & Access Data Protection Intel Trusted Execution Technology (Intel TXT) Intel Virtualization Technology (Intel VT) Intel Operating System Guard (Intel OS Guard) Intel Identity Protection Technology (Intel IPT) with Public Key Infrastructure (PKI) Intel Identity Protection Technology with protected transaction display Intel Identity Protection Technology with Onetime Password Remote Encryption Management Intel Anti-Theft Technology (Intel AT) Intel Advanced Encryption Standard New Instructions (Intel AES-NI) Intel Secure Key Security Monitoring / Remediation/ Reporting Intel Active Management Technology (Intel AMT) Enhanced KVM
Who is using drive encryption today? 12
Intel AES-NI Technology Keep Data Safer and End-users More Productive Intel AES-NI Helps Speed Data Protection Accelerate Encryption Operations Whole-disk Encryption Internet Security File Storage Encryption Sample of Enabled Vendors i5-2400 (desktop) i5-2520m (laptop) Up to 4x faster encryption E6550 (desktop) T7250 (laptop) 0 1 2 3 4 PGP Whole Disk Encryption Enabled with AES-NI Today 13
Introducing Intel Secure Key in 2012 Platforms Digital Random Number Generator for more robust encryption High Quality With a high-quality, high-volume Entropy Source, resulting random numbers are at its highest quality (i.e. highly unpredictable). Standards compliant (NIST SP 800-90) and NIST FIPS 140-2 Level 2 certified. High Performance Faster than any other entropy source today. Easy Access RdRand instruction available to all applications and at any privilege level. Secure HW module implementation isolates Entropy Source and DRBG from attacks. To be included in future Symantec products High Performance, High Availability, and High Quality Cryptography 14
Using hardware tokens, smart cards, VeriSign VIP, or VeriSign MPKI? 15
Intel Identity Protection Technology One Time Password (OTP) Intel IPT provides a simple way for Web-sites and enterprises to validate that a user is logging in from a trusted PC. Embedded tokens work with all Symantec VIP Protected websites Who does this help? End users by adding security that is easy to use Web Sites, to protect their users accounts, and limit losses Enterprises who want more secure methods for employees to remotely log in, but don t want the hassles of tracking physical tokens or lowered security due to software tokens Traditional hardware token Supported Platforms? Introduced in 2011 with 2nd generation Intel Core processor-based PCs Intel IPT is embedded in the Intel Management Engine (ME) isolated from the OS The one time code is validated by a third party security ISV used by the websites or enterprises Now embedded into your PC 16
OTP Enterprise Deployment Use Case Enterprise OTP Generated by Intel IPT 17
Introducing Intel Identity Protection Technology with Public Key Infrastructure (PKI) in 2012 2012 Validate legitimate user Digital Signature Embedded Public Key Infrastructure (PKI) Private key generated and secured locally Used for authentication and encryption Lower cost versus smart cards Easier usability More secure than software-only solution Integrated with secure I/O Available on the Intel Core vpro processor family in 2012
Intel Identity Protection Technology with PKI and Protected Transaction Display in 2012 In addition to the embedded private key, a secure PIN pad entry required for two-factor authentication. Protected Transaction Display window, not visible to SW Now embedded into your PC Come See the Demonstration in the Intel Showcase Attend Session SS B03, Wednesday @ 1pm, Room 112 IPT-PKI= Platform Embedded Asymmetrical Token.
Intel Identity Protection Technologies OTP Ultrabook or vpro OTP: 927316250 + Username Password Protected Transaction Display (PTD) Ultrabook or vpro Password Entry 927316250 Token Server One-Time Password token built in to chipset enabling frictionless 2-factor user authentication for website and secure VPN access. Server Protects PC display from malware scraping and proves human presence at PC. PKI - vpro only Digital Certificate Server IPT with PKI* uses PKI certificates to authenticate User and Server to each other and to encrypt and sign documents. Symantec Enabled on IPT-OTP, IPT-PKI, and IPT-PTD Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries
Using Symantec s Altiris Client Management Suite (CMS) today? 21
Managing In-Band and Out-of-Band A Well Managed Client is a Secure Client In-Band Management Operating System Deployment Software Updates and Fixes Inventory and Data Collection Remote Desktop and Diagnostics Out-of-Band Management Control of system power state Integrated IP-KVM Control boot source Hardware based alerts 22
How does Intel AMT Work? Resides between the network interface and the OS Out-of-band Management traffic is handled directly by Intel AMT itself Intel AMT communications below OS Intel vpro Technology Client Management Engine Intel AMT Operating System Network Interface Network Chipset Come See the Demonstration in the Intel Showcase * A component of Intel vpro Technology, Intel Active Management Technology (AMT) enables Out-of-Band Management
Intel Active Management Technology Recovery and Enhanced Patching IT Help Desk Beyond the operating system management Intel Core vpro Processor Intel Chipset Beyond the operating system event New Features since 2010 Enhanced KVM Remote Control Host Based Configuration Intel Setup and Config Software v8 vpro PowerShell Module Intel Use Case Reference Designs Business Employees Intel Network Adapter Remote diagnose, isolate, and repair PCs even if they are unresponsive
What Intel Client platform has all of these features? 25
Intel Security Capabilities by Platform Entry-level computing Smart performance Built for Business, Engineered for Security Intel IPT with OTP Intel IPT with protected transaction Display* Only on Ultrabook or vpro Intel IPT with PKI* Intel AES-NI Intel Secure Key* Intel Anti-Theft Technology Remote KVM Intel AMT Intel vpro Technology platforms include all security and management technologies *Requires 3 rd Generation Intel Core platform Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries
Ready to learn more about Intel and Symantec collaborations? 27
Today: Symantec & Intel Collaboration Security Intel IPT & UserAuth (VIP) Intel PKI & Managed PKI Intel Protected Transaction Display & Managed PKI Intel AES-NI + Encryption Intel Secure Key + Encryption SSIM Appliance Hybrid Cloud Appliance (SEP) Manageability Symantec Client Management Suite + Intel vpro Technology Intel Small Business Advantage and Norton Suite Information Management NetBackup Appliances BackupExec Appliance BackupExec Channel Program Hybrid Cloud Appliance (BE) Consumer Intel Anti-Theft + Norton Intel AppUp + Norton PC Tools Norton AV Channel Bundle Other Programs Healthcare Initiative Medical Device (Altiris, CSP) Server Innovations Storage Innovations Growing Portfolio for Enhance Solution Value
Have the Session Objectives been met? By the end of this session you will be: Educated on the value of Intel silicon combined with Symantec Promoting the improved performance, security, manageability, and data protection enable via Intel and Symantec collaboration Eager to see the Intel showcase demonstrations 29
Thank you! Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 30
Intel Core vpro Processors with Intel Anti-Theft Technology¹ Protects PCs 1 Local intelligence on PC detects potential theft and triggers action or PC is disabled via poison pill sent over Internet IT Help Desk 3 PC can be easily reactivated via a local password or servergenerated code 2 PC shows customized message and remains disabled even if OS is re-installed Hardware-based Security to Help Protect Your PC and Data When it is Lost of Stolen 1 Intel Anti-Theft Technology requires the computer system to have an Intel AT-enabled chipset, BIOS, firmware release, software, and an Intel AT-capable Service Provider/ISV application and service subscription. 31