Comprehensive Endpoint Security. Chris Quinn Systems Engineer March 24, 2009

Similar documents
Introducing Next Generation Symantec AntiVirus: Symantec Endpoint Protection. Bernard Laroche Endpoint security Product marketing

Teleworking and Security: IT All Begins with Endpoints. Jim Jessup Solutions Manager, Information Risk Management June 19, 2007

Agenda. Today s IT Challenges. Symantec s Collaborative Architecture. Symantec TM Endpoint Management Suite. Connecting Symantec Technologies Today

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Symantec Endpoint Protection

Symantec Multi-tier Protection

Symantec Endpoint Protection 11.0

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Symantec Network Access Control Starter Edition

Symantec Endpoint Protection 14

: Administration of Symantec Endpoint Protection 14 Exam

The Convergence of Management and Security. Stephen Brown, Sr. Product Manager December 2008

Symantec Enterprise Solution Product Guide

Internet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008

A Secure Foundation for Your Business. Lauren Duda - Product Marketing Manager March 13th, 2007

Cybercrime e minacce informatiche: trend emergenti e soluzioni innovative u

Symantec Multi-tier Protection

Symantec Client Security. Integrated protection for network and remote clients.

Symantec Endpoint Protection

SR B25 Symantec.cloud Security Solutions: Expert Insights into , Web, Endpoint and IM Security Best Practices

Changing face of endpoint security

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Cisco Network Admission Control (NAC) Solution

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

SYMANTEC DATA CENTER SECURITY

Cisco Self Defending Network

Novell ZENworks Network Access Control

Symantec Protection Suite Add-On for Hosted Security

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

CA Host-Based Intrusion Prevention System r8

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

McAfee Embedded Control

Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection

EM L01 Introduction to Mobile

McAfee Public Cloud Server Security Suite

NetDefend Firewall UTM Services

ConnectWise Automate. What is ConnectWise Automate?

Understanding Network Access Control: What it means for your enterprise

Putting Trust Into The Network Securing Your Network Through Trusted Access Control

Symantec Endpoint Protection 12

Symantec Small Business Solutions

for businesses with more than 25 seats

Angelo Gentili Head of Business Development, EMEA Region, PartnerNET

Key Features. DATA SHEET

for businesses with more than 25 seats

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Securing Your Most Sensitive Data

Why ESET. We help more than 100,000,000 users worldwide to Enjoy Safer Technology. The only vendor with record-breaking protection

Secure & Manage The World s Information

McAfee Embedded Control for Retail

Symantec Endpoint Protection and Management Seminar May 13, 2008

White Paper February McAfee Policy Enforcer. Securing your endpoints for network access with McAfee Policy Enforcer.

Symantec Reference Architecture for Business Critical Virtualization

KEEP YOUR BUSINESS SECURE WITH ESET. Proven. Trusted.

Trend Micro Deep Security

Seqrite Endpoint Security

AT&T Endpoint Security

Stopping Advanced Persistent Threats In Cloud and DataCenters

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Real-time, Unified Endpoint Protection

Deployment of security devices can result in significant financial savings from reduction or redirection of IT staff resources needed to deploy,

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Product Line Guide Corporate Antimalware PLUS Network Visibility PLUS Systems Management

ForeScout ControlFabric TM Architecture

Future-ready security for small and mid-size enterprises

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

TREND MICRO SMART PROTECTION SUITES

Endpoint Protection : Last line of defense?

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

Simplify Your Network Security with All-In-One Unified Threat Management

Reducing Security Administration Time by 60 percent for More Efficient City Government with Symantec and Novacoast

Get BitDefender Client Security 2 Years 30 PCs software suite ]

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Free Download BitDefender Client Security 1 Year 50 PCs softwares download ]

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Securing the SMB Cloud Generation

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

A Unified Threat Defense: The Need for Security Convergence

Wireless and Network Security Integration Solution Overview

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

CIH

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Securing Today s Mobile Workforce

Symantec and VMWare why 1+1 makes 3

Intrusion Prevention Signature Failures Symantec Endpoint Protection

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Building Resilience in a Digital Enterprise

IBM Europe, Middle East, and Africa Services Announcement ZS , dated October 6, 2009

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

A NEW DIMENSION FOR DELL SOFTWARE SOFTWARE SOLUTIONS APRIL 2009

Networks with Cisco NAC Appliance primarily benefit from:

Ryan KS office thesee

Transcription:

Comprehensive Endpoint Security Chris Quinn Systems Engineer March 24, 2009

Agenda 1 Today s Security Challenges 2 Symantec Endpoint Protection, NAC, and Open Collaborative Architecture 3 Why Symantec? 4 Next Steps Endpoint Security 3

Today s Challenges Internet Kiosks & Shared Computers Guests WANs & Extranets Consultants SSL VPN Employees Working at Home IPsec VPN Wireless Networks Web Applications Endpoint Security 4

The Complexity Challenge What s wrong with the current world? Multiple vendors without a complete product offering Agent bloat Too many endpoint agents to manage Too many consoles Too many silo d point solutions Specialized talent / resources needed for to configure and manage each application Endpoint Security 5

Multiple Complex Consoles/Agents Endpoint Security 6

Benefits of a Comprehensive Endpoint Solutions Threat Protection Keep the Bad things Out Protect against malware Protect from known and unknown threats Manage multiple endpoint technologies Network Access Control Trust, but Verify Enforce Endpoint Security policies Allow guest access to the network Provide access only to properly secured endpoints Data Loss Prevention & Encryption Keep the Good things In Discover confidential data Monitor its use Enforce policies to prevent its loss Encrypt to prevent unauthorized access Endpoint Management Keep the Wheels On Integrates security, data loss and management Provides automation Increases visibility and control Lowers total cost of ownership by managing multiple endpoint technologies Endpoint Security 7

Keeping the bad things out Endpoint Security 8

Business Problems at the Endpoint Endpoint management costs are increasing Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources Complexity is increasing as well Complexity and resources needed to manage disparate endpoint protection technologies are inefficient and time consuming Growing number of known and unknown threats Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more Source: Internet Security Threat Report Vol. XIII; Mar 2008 Endpoint Security 9

Keeping up with threats Endpoint Security 10

Changes in the Threat Landscape From Hackers To Thieves Fame motivated Financially motivated Noisy and highly visible Silent Indiscriminate Highly targeted Few named variants Overwhelming variants Endpoint Security 11

Key Ingredients for Endpoint Protection AntiVirus World s leading AV solution Most (41) consecutive VB100 Awards Virus Bulletin December 2008 Antivirus Endpoint Security 12 12

Key Ingredients for Endpoint Protection Antispyware Best rootkit detection and removal VxMS = superior rootkit protection Antispyware Viruses, Trojans, Worms Antivirus Source: Thompson Cyber Security Labs, August 2006 Endpoint Security 13 13

Key Ingredients for Endpoint Protection Firewall Industry leading endpoint firewall technology Gartner MQ Leader 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading Firewall Spyware, Rootkits Antispyware Viruses, Trojans, Worms Antivirus Endpoint Security 14 14

Key Ingredients for Endpoint Protection Intrusion Prevention Intrusion Prevention Worms, Spyware Firewall Spyware, Rootkits Antispyware Combines NIPS (network) and HIPS (host) Generic Exploit Blocking (GEB) one signature to proactively protect against all variants Granular application access control TruScan TM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate Detects 1,000 new threats/month - not detected by leading av engines No False Alarm 25M Installations Viruses, Trojans, Worms Antivirus False Alarms Fewer than 50 False Positives for every 1 MM PC s Endpoint Security 15 15

Intrusion Prevention System (IPS) Combined technologies offer best defense Intrusion Prevention (IPS) (N)IPS Network IPS (H)IPS Host IPS Deep packet inspection Attack-facing (Symantec sigs. via LiveUpdate, Custom sigs, SNORT-like) System Lockdown White listing (tightly control which applications can run) Generic Exploit Blocking Vulnerability-facing (Signatures for vulnerability) TruScan TM Behavior-based (Proactive Threat Scan technology) Endpoint Security 16

Exploit Timeline Vulnerability Announcement Vulnerability Exploit Virus Signature 0 Day <24 Hours 6-7 Days ~3 Hours Later Generic Exploit Blocking Vulnerability-Based Signature Based on vulnerabilities characteristics Number of Variants Blocked 814 426 Single GEB Signature MS RPC DCOM BO MS_RPC_NETDD E_BO Threat Blaster W32.Mytob.IM@ mm 394 MS LSASS BO Sasser TruScan TM Proactive Threat Scan technology Behavior Analysis 250 121 RPC_NETAPI32_B O NetBIOS MS NO (TCP) W97M.Invert.B W32.Gaobot.AA Y Endpoint Security 17 17

TruScan TM - Proactive Threat Scan Detects 1,000 threats/month not detected by top 5 leading antivirus engines 6 months testing with Norton consumer technology Very low false positive rate (0.004%) Fewer than 50 False Positives for every 1M computers No set up or configuration required Endpoint Security 18

Key Ingredients for Endpoint Protection Device and Application Control Device and Application Control 0-day, Key Logging Intrusion Prevention Prevents data leakage Restrict Access to devices (USB keys, Back-up drives) Whitelisting allow only trusted applications to run Worms, Spyware Firewall Spyware, Rootkits Antispyware Viruses, Trojans, Worms Antivirus W32.SillyFDC targets removable memory sticks spreads by copying itself onto removable drives such as USB memory sticks automatically runs when the device is next connected to a computer Endpoint Security 19 19

Symantec Endpoint Protection 11.0 Protect Against Unauthorized Applications The Risks Users installing unauthorized applications like Skype, BitTorrent, LimeWire, emule, etc. The Solution Block unauthorized applications using Application Control Only an Endpoint Security solution with full device control capabilities can protect against all threats Application Control included in base product; no extra cost Endpoint Security 20 20

Symantec Endpoint Protection 11.0 Protect Against FireWire and Bluetooth Attacks The Risks Physical attacks against endpoints Exploit PoC winlockpwn can break into a Windows machine using just FireWire connection Vulnerability by design in FireWire that will not be fixed Windows may be vulnerable to Bluetooth attacks that can take complete control over the system Microsoft recently released a critical Bluetooth security patch (MS08-030) to address this The Solution Block FireWire and Bluetooth using Device Control Only an Endpoint Security solution with full device control capabilities can protect against all threats Device Control included in base product; no extra cost Endpoint Security 21 21

Key Ingredient for Endpoint Compliance Network Access Control Device and Application Control Network Access Control Comes ready for Network Access Control add on Agent is included, no extra agent deployment Simply license SNAC Enforcement Intrusion Prevention Firewall Antispyware Antivirus Endpoint Security 22 22

How to Protect Against Threats with a Single Agent, Single Console Network Access Control Benefits: Device and Application Control Intrusion Prevention Increased Protection, Control & Manageability Firewall Reduced Cost, Complexity & Risk Exposure Antispyware Antivirus Symantec Endpoint Protection 11.0 Symantec Network Access Control 11.0 Endpoint Security 23

Incremental Value SNAC enabled Device and Application Control Enhanced Spyware/Rootkit protection Antispyware Antivirus Intrusion Prevention Firewall Extensive Intrusion Prevention functions (TruScan) SAV CE 10.x Antispyware Antivirus Firewall/Device Control and Network Access Control Ready Symantec Endpoint Protection 11.0 Endpoint Security 24

Flexible Deployment Options Standard deployment Intrusion Prevention* Antispyware Antivirus Comprehensive Endpoint Protection deployment Device and Application Control Firewall Intrusion Prevention Antispyware Antivirus Complete Endpoint Security Solution Network Access Control Device and Application Control Firewall Intrusion Prevention Antispyware Antivirus Security Functions enabled as needed Endpoint Security 25

Medium Large Organizations (100+) Symantec Endpoint Protection (SEP) Install SEP with antivirus and antispyware options enabled Enable additional protection features at own pace Migrate from Symantec AntiVirus at own pace For desktops, laptops and network servers Symantec Multi-tier Protection* SEP and additional solutions to protect multiplatform network environments, mobile devices, mail servers and SMTP gateways Excellent choice for organizations with Microsoft Exchange For organizations with multiple network servers and many workstations or laptops Symantec Multi-tier Protection* and SNAC Enforcers** SEP and additional solutions to protect multiplatform network environments, mobile devices, mail servers and SMTP gateways SNAC enforcer options provide greatest flexibility For organizations with multiple network servers and many workstations or laptops *SMP includes SEP plus Antivirus for Mac, Linux, Windows Mobile, as well as Mail Security for Exchange, Domino, Premium Antispam and 8300 Virutal Edition **SNAC Enforcers verify that a host is compliant with minimum security policies. Typical types are Gateway, LAN, DHCP and Self Enforcement Endpoint Security 27 27

Symantec Global Intelligence Network 4 Symantec SOCs 80 Symantec Monitored Countries 40,000+ Registered Sensors in 180+ Countries 11 Symantec Security Response Centers > 7,000 Managed Security Devices + 120 Million Systems Worldwide + 2Million Probe Network + Advanced Honeypot Network Tokyo, Japan Calgary, Canada Dublin, Ireland San Francisco, CA Mountain View, CA Reading, England Chengdu, China Culver City, CA Austin, TX Alexandria, VA Pune, India Taipei, Taiwan Chennai, India Sydney, Australia Received 41 consecutive Virus Bulletin 100% Certification awards* TruScan TM technology catches 1,000 more threats per month than other AV vendors** * Source: Endpoint virusbtn.org; Security ** Source: 28 Symantec 28

Trust, but verify Endpoint Security 29

What is Network Access Control? Restricts access to your network by creating a closed system Offers automatic endpoint remediation before access is granted Checks adherence to endpoint security policies even when connected to network Employees Non-employees Unmanaged Managed On-site Remote Corporate Network Endpoint Security 30

Solution: Network Access Control Checks adherence to endpoint security policies NAC is process that creates a much more secure network Antivirus installed and current? Firewall installed and running? Required patches and service packs? Required configuration? Fixes configuration problems Controls guest access Network Access Control helps prevent malware from spreading throughout the network Endpoint Security 31

Symantec Network Access Control 3 Key Components 1. Central Management Console 2. Endpoint Evaluation Technology 3. Enforcer Endpoint Security 32

1. Central Management Console Symantec Endpoint Protection Manager Policy Management Web-based GUI Enterprise class/scale Role-based access Hierarchical views Integration with Active Directory Same Management Console used for Symantec Endpoint Protection 11.0 Endpoint Security 33

2. Endpoint Evaluation Technologies Unmanagable Endpoints Remote Scanner Good Unmanaged Endpoints Dissolvable Agents Better Managed Endpoints Persistent Agents Best Symantec Endpoint Protection 11.0 agent is SNAC ready Endpoint Security 34

3. Enforcers Host-based Network-based (optional) Symantec Self-Enforcement Symantec Gateway Enforcer Symantec DHCP Enforcer Symantec LAN Enforcer-802.1X Good Better Best Endpoint Security 35

Why Symantec s NAC Symantec makes implementing a NAC less daunting & costly Neutral Deployable Today Flexible Primary Differentiators: Greater diversity of NAC approaches than any other vendor Operational Efficiencies Field-proven NAC solution with hundreds of customers Deployable today No need to wait for standards or upgrades Award winning solution Endpoint Security 36

Symantec NAC Self-Enforcement: How It Works Persistent Agent Symantec Endpoint Protection Manager Onsite or Remote Laptop Quarantine Protected Network Remediation Resources Client connects to network and validates policy Persistent Agent performs selfcompliance checks Compliance pass: Apply Office firewall policy Compliance fail: Apply Quarantine firewall policy Host Integrity Rule Anti-Virus On Anti-Virus Updated Personal Firewall On Service Pack Updated Status Patch Updated Endpoint Security 37 37

Keeping the good things in Endpoint Security 38

Keep the Wheels On Endpoint Security 39

Single Centrally Managed Console Symantec Endpoint Protection Symantec Network Access Control Symantec Endpoint Encryption Symantec Data Loss Prevention Endpoint Symantec Management Console Endpoint Security 40

Migration Made Easy Overview What is it? A free tool to help customers migrate to Symantec Endpoint Protection Symantec Integrated Component Product offered with pre-configures templates to remove previously installed solutions Symantec Competitive Where do I get and When? Download now at http://www.altiris.com/download.aspx Altiris Client Management Suite 30 Day Trial available today Who can use this? Any customer or partner may leverage the Symantec Endpoint Protection Integrated Component, but we recommend that customers consider that they are deploying the Altiris management platform. Endpoint Security 41

Complement Security with Management Symantec Endpoint Protection Integrated Component Altiris Software Delivery Suite Altiris Client Management Suite Streamline migrations Initiate scans or agent health tasks Dashboards integrate security and operational information Apply Patches Ensure software is installed and stays installed Report machines not connecting Identify missing hard-drives Policy-based software delivery Application Management Software Virtualization Patch Management Backup and Recovery Application Usage Remote Control Endpoint Security 42

Driving to Convergence Situation Solution Integration on Open Collaborative Architecture CMDB Duplication of tasks Gaps require manual processes Multiple consoles and agents Various data repositories Overlapping policies Native integration Single view of compliance Consolidated status reporting Pre-built workflow processes Endpoint Security 43 43

Why Open Collaborative Architecture? Security 3 rd Party Mgmt Solutions Symantec Collaborative Solutions Endpoint, Data, IT policy Compliance Mgmt Industry, Financial, IT policy Collaborative solution INFORMATION RISK INFRASTRUCTURE SECURITY STORAGE BUSINESS Business Continuity & COMPLIANCE OPERATIONS CONTINUITY Protect, retain, recover, HA/DR Resource Mgmt Asset, TCO, capacity, Performance Incident Resolution Helpdesk, Notify, Problem mgmt Open Collaborative Architecture Infrastructure Mgmt Discover, Deploy, Config, Change Evolving Evolving product product requirements requirements Tie Tie into into multiple multiple levels levels Cross 3 rd Party Cross multiple Products multiple processes processes and and disciplines disciplines Management Cooperate Cooperate in in cross cross vendor Product vendor environments / environments Leverage Leverage Symantec Services Symantec configuration, configuration, metadata, metadata, operations, operations, policy/task policy/task control control Data, Task & Operational Services Console, Workflow, Security, CMDB Altiris Endpoint Management SEP Endpoint Security Management SSIM Security Information Management Symantec Products CCS Control & Compliance Suite EV Information Risk & Compliance Vontu Data Loss Prevention NBU / BE Backup & Recovery SF / CC Storage Management VCS(-One) HA/DR & Server Management Symantec Endpoint Technology Security Solutions 44 44

Why Symantec? Endpoint Security 45

Why Symantec? Greater Security Greater Control Endpoint Security 46

Analysts Position Symantec as a Leader Altiris Platform Endpoint Security 47

Analysts Position Symantec as a Leader Symantec Endpoint Protection Altiris Platform Endpoint Security 48

Analysts Position Symantec as a Leader Symantec Network Access Control Symantec Endpoint Protection Altiris Platform Endpoint Security 49

Analysts Position Symantec as a Leader Symantec Endpoint Encryption Symantec Network Access Control Symantec Symantec Endpoint Protection Altiris Platform Endpoint Security 50

Analysts Position Symantec as a Leader Symantec Data Loss Prevention Endpoint Symantec Endpoint Encryption Symantec Network Access Control Symantec Endpoint Protection Altiris Platform Endpoint Security 51

Who Trusts Symantec Over 100 Million Endpoints Protected Endpoint Security 52

Questions? Chris Quinn Systems Engineer, Symantec chris_quinn@symantec.com Endpoint Security 54

Thank You! Copyright 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Endpoint Security 55

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback