SR B19: Symantec Endpoint Protection 12 Customer Panel Piero DePaoli, Director, Product Marketing Scott Sawoya, Senior Manager, Product Management 1
Panelists Jeff Marsh Christian Sosa David Nguyen Presentation Identifier Goes Here 2
Symantec Endpoint Protection 12 Unrivaled Security Blazing Performance Built for Virtual Environments Powered by Insight Real Time Behavior Monitoring with SONAR Up to 70% reduction in scan overhead Smarter Updates Faster Management Tested and optimized for virtual environments Higher VM densities 3
Symantec Insight Proactive Protection from New, Targeted Threats Leverages anonymous telemetry data from 210M+ machines to construct a massive nexus of files, machines and domains Tracks nearly every binary in the world 3.1 billion files, adding 37 million every week Uses age, prevalence, source and other attributes to assign a reputation rating to files Can accurately identify and block threats even if just a single Symantec user encounters them Bad Safety Rating File is blocked No Safety Rating Yet IT can set block/ allow thresholds Good Safety Rating File is whitelisted 4
SONAR Proactive Threat Protection Against: Heuristic Threats Determines if an unknown file behaves suspiciously and might be a high risk or low risk. System Changes Bad Behavior from Trusted Applications Identifies applications or files that try to modify DNS settings or a host file on a client computer. Detects suspicious behavior from trusted files. Removes bad applications before they can do damage. Symantec Vision 2012 5
Symantec Protection Model Defense in Depth File Network Website/ Domain/ IP address Network File Reputation Behavioral Repair Network-based Reputation- Protection Stops malware as it travels over the network and tries to take up residence on a system Protocol aware IPS Browser Protection File-based Protection Looks for and eradicates malware that has already taken up residence on a system Antivirus Engine Auto Protect Malheur based Protection Establishes information about entities e.g. websites, files, IP addresses to be used in effective security Domain Reputation File Reputation (INSIGHT) Behavioralbased Protection Looks at processes as they execute and uses malicious behaviors to indicate the presence of malware SONAR Behavioral Signatures Remediation Tools Aggressive tools for hard to remove infections Boot to a clean OS Power Eraser uses aggressive heuristics Threat-specific tools 6
Insight Faster, Smarter, Fewer Scans On a typical system, 70% of files can be skipped! Traditional Scanning Has to scan every file Insight - Optimized Scanning Skips any file we are sure is good, leading to much faster scan times 7
Virtualization Features Virtual Client Tagging Virtual Image Exception Shared Insight Cache Offline Image Scanning Resource Leveling Together up to 90% reduction in disk IO 8
Kaspersky Trend Micro Microsoft McAfee Symantec Sophos 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Third Party Testing Results 0% 1.9% 13.5% 98.1% 3.8% 82.7% 4% false positive Blocked Partial Infected 32.7% 3.8% 15.4% 63.5% 26.9% 57.7% 40.4% 44.2% 5.8% 53.8% 3.8% 51.9% 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 100% 64% Symantec Endpoint Protection 12.1 20% 16% Trend Deep Security 8 (Agentless) Compromised Neutralized Defended 160 Ranked 1 st in overall Performance! 140 120 100 80 60 40 20 0 SEP 12.1 Scans: 3.5X faster than McAfee 2X faster than Microsoft 9
Panelists Jeff Marsh Christian Sosa David Nguyen 10
Other Symantec Endpoint Protection Sessions Time Topic Speaker(s) Location Wednesday 1:00pm-2:00pm Wednesday 4:45pm-5:45pm Thursday 10:15am-11:15am Wednesday 2:15pm-3:15pm Thursday 09:00am-10:00am Thursday 10:15am-11:15am 1:00pm-2:00pm Thursday 11:30am-12:30pm SR B20: Symantec Endpoint Protection 12.1 Overview SR B27: SONAR, Insight, Skeptic, GIN The Symantec Secret Sauce SR B23: The Roadmap for Symantec Infrastructure Protection Products SR L06: Migrating to Symantec Endpoint Protection 12.1 Michael Marfise Scott Sawoya Kevin Haley Archana Rajan Louis Fiorello Jason Nadeau Paul Murgatroyd Josh Etsten Elisha Riedlinger RM 116 RM 116 RM 311 RM 121 SR L08: Troubleshooting SEP 12.1 Paul Murgatroyd RM 121 SR L07: Configuring Protection Technologies with Symantec Endpoint Protection 12.1 Scott Sawoya RM 121 11
Thank you! Piero DePaoli piero_depaoli@symantec.com +1 415 203 5991 Scott Sawoya scott_sawoya@symantec.com +1 310 721 4076 Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 12