Introducing Next Generation Symantec AntiVirus: Symantec Endpoint Protection Bernard Laroche Endpoint security Product marketing
Agenda 1 Organizational Risk and Endpoint Challenges 32 Symantec Endpoint Protection 3 Entitlement/Deployment/Migration 4 Symantec Network Access Control 45 Competitive comparison 2
Networks are Continually Exposed Internet Kiosks & Shared Computers Guests WANs & Extranets Consultants SSL VPN Employees Working at Home Wireless Networks Web Applications IPsec VPN
Business Problems at the Endpoint Costs to managed endpoints are increasing Number of Zero Day threats Complexity is increasing as well Growing number of known and unknown threats Stealth-based and silent Insider Threat Lack of Control over laptops and external devices connecting to systems and networks Antivirus is not enough!
Next Generation Symantec AntiVirus Network Access Control Results: Device Control Intrusion Prevention Increased Protection, Control & Manageability Firewall Antispyware Symantec Endpoint Protection 11.0 Symantec Network Access Control 11.0 Reduced Cost, Complexity & Risk Exposure AntiVirus Single Agent, Single Console 5
Beta Customer Value Data Single console Customers who participated reduced man-hours by 75% Security Related Reporting One customer expects to save 97% of the man hours on weekly security related reporting Application Control One customer: anticipates a 50% reduction in calls to the support center and the avoidance of re-imaging over 100 PCs per week Recovering over 600 man hours a week from analyst and technicians time. Another: anticipates recovering over $2.0 million from network outages caused by unauthorized peer to peer applications
Single Agent, Small Footprint Symantec Endpoint Protection v11.0 Competitive Products B A C *Varies from one OS to another Single Agent 24 MB* 75 MB 50 MB 25 MB SEP Agent with Vista=15MB SNAC= 1.5MB additional 7
Ingredients for Endpoint Protection Antivirus Worlds leading AV solution Most (33) consecutive VB100 Awards Antivirus Symantec: Submitted all supported environments for analysis since Nov. 99 ONLY vendor to obtain 33 consecutive VB100 Awards Endpoint Security 8
Ingredients for Endpoint Protection Antispyware Best rootkit detection and removal VxMS engine = Superior Rootkit Protection Antispyware Antivirus Source: Thompson Cyber Security Labs, August 2006 Endpoint Security 9
Intrusion Prevention System (IPS) Combined technologies offer best defense Intrusion Prevention (IPS) (N)IPS Network IPS (H)IPS Host IPS Generic Exploit Blocking Vulnerability-based (Sigs for vulnerability) TruScan Behavior-based (Whole Security) Deep packet inspection Signature based (Can create custom sigs, SNORT-like) Application Control Rules-based (System lockdown by controlling an application s ability to read, write, execute and network connections) 10
TruScan Detects 1,000 threats/month not detected by top 5 leading antivirus engines 6 months testing with Norton consumer technology Very low false positive rate (0.004%) Only 40 FP for every 1M computers No set up or configuration required 11
Generic Exploit Blocking (GEB) Vulnerability Announcement Vulnerability Exploit Virus Signature 0 Day <24 HOURS 6-7 Days ~3 hours later Number of Variants Blocked Single GEB Signature Threat Generic Exploit Blocking Vulnerability-Based Signature Based on vulnerabilities characteristics 814 426 394 250 MS RPC DCOM BO MS_RPC_NETD DE_BO MS LSASS BO RPC_NETAPI32_ BO Blaster W32.Mytob.IM @mm Sasser W97M.Invert.B 121 NetBIOS MS NO (TCP) W32.Gaobot.A AY
Ingredients for Endpoint Protection Device Control Device Control Intrusion Prevention Prevents data Loss (slurping), social engineering Restrict Access to devices (USB keys, CD- RW drives) W32.SillyFDC (May 2007) W32.SillyFDC targets removable memory sticks spreads by copying itself onto removable drives such as USB memory sticks Firewall automatically runs when the device is next connected to a computer Antispyware Antivirus Endpoint Security 13
New Console & Reporting Comprehensive Reporting 50+ canned reports Customizable Dashboard Monitors Multiple Domains
New Packaging Symantec Endpoint Protection Symantec Endpoint Protection Small Business Edition Symantec Multi-tier Protection Antivirus Antispyware Desktop Firewall Intrusion Prevention Device Control Mail Security MS Exchange MS Exchange/Domino/SMTP Gateway Antivirus for Mac and Linux
Entitlement Plan Existing Product Entitlement with Existing Maintenance Symantec AntiVirus Corporate Edition Symantec Client Security Confidence Online Corp PC s (Whole Security) Symantec Sygate Enterprise Protection Symantec Endpoint Protection 11.0 Symantec AntiVirus Enterprise Edition Symantec Multi-tier Protection 11.0 Symantec AntiVirus Groupware Symantec Client Security Groupware Symantec Endpoint Protection Small Business Edition 11.0 Symantec Network Access Control Symantec Network Access Control 11.0 Symantec Network Access Control (if only licensing Gateway Enforcement and or CNAC Enforcement) Symantec Sygate Enterprise Edition (with Self Enforcement) Symantec Network Access Control Starter Edition 11.0 Endpoint Security 16
Incremental Value SNAC enabled Device Control Enhanced Spyware/Rootkit protection Antispyware Antivirus Intrusion Prevention Firewall Extensive Intrusion Prevention functions (TruScan-GEB) SAV CE 10.x Antispyware Antivirus Firewall/Device Control and Network Access Control Ready Symantec Endpoint Protection 11.0
Flexible Deployment Options Standard deployment Intrusion Prevention* Antispyware Antivirus *includes TruScan-GEB Comprehensive Endpoint Protection deployment Device Control Firewall Intrusion Prevention Antispyware Antivirus Complete Endpoint Security Solution Network Access Control Device Control Firewall Intrusion Prevention Antispyware Antivirus Security Functions enabled as needed
Migration from Symantec AntiVirus Single Server Symantec System Center Server New Endpoint Protection Manager Step 1: Install SEPM Can be installed on server running parent server or separate server Step 2: Move Group & Policy Information from Symantec System Center Conversion tool provided Step 3: Install SEP 11.0 Clients will connect to SEPM Step 4: Decommission Parent Server
Reporting Migration SAV 10.x System Center Legacy Legacy Parent Parent Server Server reporting reporting agents agents can can be be reconfigured reconfigured to to push push data data to to SEPM SEPM DB DB Symantec Endpoint Protection Manager Look Look & Feel, Feel, MS MS SQL SQL support support and and reporting reporting engine engine remain remain the the same same SAV Parent Servers SQL Reporting Reporting in in SEP SEP 11 11 will will support support SAV SAV 10.1 10.1 reports, reports, plus plus new new reports reports SQL agent agent agent agent SAV Parent Servers SAV Parent Servers SEPM Servers SEPM Servers
Migration Made Easy Overview What is it? A free tool to help customers migrate to Symantec Endpoint Protection Symantec Integrated Component Product offered with pre-configures templates to remove previously installed solutions Symantec Competitive Where do I get and When? Downloadable early November at www.altiris.com/dowload.aspx Altiris Client Management Suite 30 Day Trial available today Who can use this? Any customer or partner may leverage the Symantec Endpoint Protection Integrated Component.
Compliment Security with Management Symantec Endpoint Protection Integrated Component Altiris Software Delivery Suite Altiris Client Management Suite Streamline migrations Initiate scans or agent health tasks Dashboards integrate security and operational information Apply Patches Ensure software is installed and stays installed Report machines not connecting Identify missing hard-drives Policy-based software delivery Application Management Software Virtualization Patch Management Backup and Recovery Application Usage Remote Control
Migration Assistance online http://www.symantec.com/enterprise/support/endpointsecurity/migrate/index.jsp
Non Symantec Security Accounts Special Competitive pricing for McAfee, Trend Micro, Microsoft (Forefront) customers Customers paying for maintenance portion only Step 1 Step 2 Step 3 Add protection against Zero-Day, unknown and internal threats Enforces Endpoint Compliance and manages devices Network Access Control Complete Endpoint Security Solution Network Access Control Protection against known threats Device Control Intrusion Prevention Firewall Symantec Endpoint Protection Device Control Intrusion Prevention Firewall Competitive AS Symantec AS Competitive AV Symantec AV
Is Endpoint Protection Enough Protection? What Are The Most Common Sources Of Automated Internet Worm Attacks? Employee Laptop 43% Internet Through Firewall 39% Non-Employee Laptop 34% VPN Home System 27% Don t Know 8% Other 8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
Complete Endpoint Security: Endpoint Protection + Endpoint Compliance Protection Viruses Worms ID Theft 1010101 1010101 1010101 Unknown Attacks Compliance Endpoint Security Policy Antivirus On Antivirus Signature Updated Personal Firewall On Service Pack Updated Patch Updated Status Endpoint Security 26
Symantec Endpoint Compliance Process Step 1 Endpoint Attaches To Network Configuration Is Determined Step 4 Monitor Endpoint To Ensure Ongoing Compliance IT Policy Step 2 Compliance Of Configuration Against Policy Is Checked Step 3 Take Action Based On Outcome Of Policy Check Patch Quarantine Virtual Desktop
Network Access Control Benefits Reduces propagation of malicious code Increases control of unmanaged and managed endpoints accessing the corporate network Increases network availability and reduces disruption of services for end-users Reduces help desk calls support costs Provides organizational compliance information through real-time endpoint compliance data
SNAC Packaging Simplified Product Line, Easier to sell Enforcement Type Agent Type Endpoint (Uses SEP Desktop Firewall) Gateway (Appliance) DHCP (Appliance/Plug-in) LAN-802.1x (Appliance) Client (Persistent) On-Demand (Dissolvable) Agentless (Scanner) Symantec Network Access Control 11.0 Symantec Network Access Control Starter Edition 11.0 requires additional purchase Endpoint Security 29
Symantec Network Access Control Key Advantages SNAC is fully integrated with Symantec Endpoint Protection SNAC is OS, hardware and network neutral Works with existing solutions or independently SNAC fits any customer s environment with no infrastructure upgrade required More Enforcement Options Endpoint Security 30
Solution for Endpoint Compliance Network Access Control Device Control Network Access Control Network Access Control ready Agent is included, no extra agent deployment Simply license SNAC when you wish Intrusion Prevention Firewall Antispyware AntiVirus Endpoint Security 31
Important Resources -Installation and Migration Web Site http://www.symantec.co m/enterprise/support/en dpointsecurity/migrate/ Version Upgrade http://www.symantec. com/enterprise/licensi ng/upgrades/index.jsp Endpoint Security Microsite www.symantec.com/endpo intsecurity Licensing portal: https://licensing.symantec.com FileConnect https://fileconnect.symantec.co m. FAQ Factsheet Flash tours White paper
Thank You! Bernard Laroche Sr. Product Marketing Manager Bernard_laroche@symantec.com Copyright 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.