Teleworking and Security: IT All Begins with Endpoints Jim Jessup Solutions Manager, Information Risk Management June 19, 2007
Agenda 1 Today s Landscape 2 Trends at the Endpoint 3 Endpoint Security 4 Network Access Control 5 A Complete Enterprise Security Solution Copyright Symantec Corporation 2007 2
Today s landscape New technologies are changing the way we communicate Government agencies see the need to share information across their extended enterprises Agencies are moving towards a mobile workforce: Teleworking, COOP, Remote Access: Traditional perimeter defenses are not enough. New technologies are also introducing new security risks No longer focused on just the device it s about the information and interactions Phishing, ID theft, malicious users and non-compliance are all risks Must keep the threats out, and ensure the information stays inside Internal Threats Such As Data Theft and Data Leakage New Policies and Regulations (FIPS, FISMA, HIPAA etc) change the way we think about security Security Policy and Reporting mandated Adequate Controls Or Evidence Collection Standard Desktop Configuration Required Copyright Symantec Corporation 2007 3
Network Is Continually Exposed Internet Kiosks & Shared Computers Guests WANs & Extranets Consultants Employees Working at Home Wireless Networks Web Applications SSL VPN IPsec VPN Copyright Symantec Corporation 2007 Because of worms and other threats, you can no longer leave your networks open to unscreened devices and users. Protect Your Network with a NAC Process, Gartner ID# G00124992
Symantec Global Intelligence Network 4 Symantec SOCs + 74 Symantec Monitored Countries 40,000+ Registered Sensors + in 180+ Countries + 8 Symantec Security Response Centers 200,000 120 Millions Hundreds malware Systems of security threat of submissions MSS Worldwide reports alerts customers per per 30% month month of World s email Traffic + >6,200 Managed Security Devices + + Advanced Honeypot Network Tokyo, Japan Calgary, Canada San Francisco, CA Redwood City, CA Santa Monica, CA Dublin, Ireland Twyford, England Munich, Germany Taipei, Taiwan Alexandria, VA Pune, India Sydney, Australia Copyright Symantec Corporation 2007 5
It Begins At The Endpoint Compromised and non-compliant endpoints endanger the network and your data Every user accesses the network and the Internet from an endpoint But not all endpoints are protected and compliant For employees, the endpoint may be Company-issued laptop that hasn t had a patch or AV update in two weeks Personal computer desktop or laptop Kiosk computer in an airport, hotel, or office center For guests, the endpoint could be anything, with no ability to know its security health Endpoints are at risk even when not connected to the corporate network How do I ensure that all the nodes on my network are protected and compliant? Copyright Symantec Corporation 2007
Problems at the Endpoint Endpoint management costs are increasing Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources Complexity is increasing as well Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming Growing number of known and unknown threats Number of Zero Day threats Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007 Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more Copyright Symantec Corporation 2007 7
Causes of Sensitive Data Loss The leading causes of sensitive data loss are: User error Violations of policy Internet threats, attacks and hacks ITPolicyCompliance.com, Taking Action to Protect Sensitive Data, Feb. 2007 Copyright Symantec Corporation 2007 8
Protection From External Malicious Threats Protection Starts At The Endpoint Broad Range Of Client Devices : Laptop, Desktop, Cell Phone Broad Range Of Threats : Virus, Worms, Spyware Crimeware Crimeware Spyware Worm Virus Windows Smartphone Symbian Device Laptop PC Desktop PC Copyright Symantec Corporation 2007 9
Is Endpoint Protection Enough Protection? What Are The Most Common Sources Of Automated Internet Worm Attacks? Employee Laptop 43% Internet Through Firewall 39% Non-Employee Laptop 34% VPN Home System 27% Don t Know 8% Other 8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention Copyright Symantec Corporation 2007 10
The Need for Complete Endpoint Security: Endpoint Protection + Endpoint Compliance Protection Viruses Worms ID Theft 1010101 1010101 1010101 Unknown Attacks Compliance Endpoint Security Policy Antivirus On Antivirus Signature Updated Personal Firewall On Service Pack Updated Patch Updated Status Copyright Symantec Corporation 2007 11
Symantec Endpoint Compliance Process Step 1 Endpoint Attaches to Network Configuration Is Determined Step 4 Monitor Endpoint to Ensure Ongoing Compliance IT Policy Step 2 Compliance of Configuration Against Policy Is Checked Step 3 Take Action Based on Outcome of Policy Check Patch Quarantine Virtual Desktop Copyright Symantec Corporation 2007 12
Symantec Network Access Control Ensures endpoints are protected and compliant prior to accessing network resources Choose quarantine, remediation or federated access Enforce policy before access is granted Execute updates, programs, services, etc Limit connection to VLAN, etc Broadest enforcement options of any vendor Remote connectivity (IPSec, SSL VPN) LAN-based, DHCP, Appliance Standards-based, CNAC, MSNAP Copyright Symantec Corporation 2007 13
Symantec On-Demand Protection Layered security technology solution for unmanaged endpoints Thin Client/Server Applications Traditional Client/Server Applications Web-based Applications File Share Ideal for use with: Outlook Web Access (OWA) Web-enabled applications Most complete On-Demand security solution Virtual Desktop Malicious Code Prevention Cache Cleaner Mini personal firewall Host Integrity Adaptive Policies Public Kiosk Traveling Executives Partner Extranet Copyright Symantec Corporation 2007 14
Network Access Control + On-Demand Protection Complete security compliance regardless of network access method Managed Devices: laptops, mobile phones Unmanaged Devices: Guest, contractor, partners, kiosks OWA Kiosk Partner Temp Windows Smartphone Symbian Device Laptop PC Desktop PC Copyright Symantec Corporation 2007 15
Today s Endpoint Problems Addressed by Too Many Technologies Endpoint Exposures Zero-hour attacks, Malware, Trojans, application injection Always on, always up-todate Applications Protection Technology Host integrity & remediation Anti crimeware Slurping, IP theft, malware I/O Devices Device controls Buffer Overflow, process injection, key logging Malware, Rootkits, day-zero vulnerabilities Worms, exploits & attacks Viruses, Trojans, malware & spyware Memory/ Processes Operating System Network Connection Data & File System Buffer overflow & exploit protection O/S Protection Network IPS Client Firewall Antivirus Antispyware Copyright Symantec Corporation 2007 16
even from Symantec Endpoint Exposures Always on, always up-todate Protection Technology Host integrity & remediation Symantec Solution Symantec Network Access Control Zero-hour attacks, Malware, Trojans, application injection Applications Anti crimeware Symantec Confidence Online Slurping, IP theft, malware I/O Devices Device controls Buffer Overflow, process injection, key logging Malware, Rootkits, day-zero vulnerabilities Memory/ Processes Operating System Buffer overflow & exploit protection O/S Protection Symantec Sygate Enterprise Protection Worms, exploits & attacks Network Connection Network IPS Client Firewall Viruses, Trojans, malware & spyware Data & File System Antivirus Antispyware Symantec AntiVirus Copyright Symantec Corporation 2007 17
Ingredients for Endpoint Protection AntiVirus Worlds leading AV solution Most (30) consecutive VB100 Awards Virus Bulletin Feb 2007 Antivirus Copyright Symantec Corporation 2007 18
Ingredients for Endpoint Protection Antispyware Best rootkit detection and removal Raw Disk Scan (VxMS) = superior rootkit protection Antispyware Antivirus Source: Thompson Cyber Security Labs, August 2006 Copyright Symantec Corporation 2007 19
Ingredients for Endpoint Protection Firewall Industry leading endpoint firewall technology Gartner MQ Leader 4 consecutive years Rules based FW can dynamically adjust port settings to block threats from spreading Firewall Antispyware Antivirus Copyright Symantec Corporation 2007 20
Ingredients for Endpoint Protection Intrusion Prevention Intrusion Prevention Combines NIPS (network) and HIPS (host) Generic Exploit Blocking (GEB) one signature to proactively protect against all variants Granular application access control Proactive Threat Scans (SONAR) - Very low (0.002%) false positive rate Firewall No False Alarm 16M Installations Antispyware Antivirus Only 20 False Positives for every 1 Million PC s False Alarms Copyright Symantec Corporation 2007 21
Ingredients for Endpoint Protection Device Control Device Control Intrusion Prevention Prevents data leakage Restrict Access to devices (USB keys, Backup drives) W32.SillyFDC (May 2007) W32.SillyFDC targets removable memory sticks spreads by copying itself onto removable drives such as USB memory sticks Firewall automatically runs when the device is next connected to a computer Antispyware Antivirus Copyright Symantec Corporation 2007 22
Ingredients for Endpoint Compliance Network Access Control Device Control Network Access Control Network access control ready Agent is included, no extra agent deployment Simply license SNAC Server Intrusion Prevention Firewall Antispyware Antivirus Copyright Symantec Corporation 2007 23
Unmatched Protection Symantec Endpoint Protection Secure Simple Seamless Unmatched combination of technologies Much more than antivirus Backed by the industry standard Symantec Global Intelligence Network Single agent Single console Single license Single support program Fits into your network Easily configurable, use only what you need Combines essential Protection and compliance functions Copyright Symantec Corporation 2007 24
For More Information www.symantec.com/endpointsecurity Copyright Symantec Corporation 2007 25
Thank You! www.symantec.com Jim Jessup James_Jessup@Symantec.com Copyright 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Copyright Symantec Corporation 2007 26