Redefining Endpoint Security

Alexander ParalManager Pre Sales Consulting19.11.2008

2

Environment and Endpoint Challenges11

Symantec Endpoint Protection22

Symantec Network Access Control44

Agenda

Entitlement/Deployment/Migration33

Available Now55

3

Corporate Network is Continually Exposed

WirelessNetworks

WebApplications

Guests

Consultants

IPsec VPN

EmployeesWorking at Home

WANs& Extranets

SSL VPN

Internet Kiosks& Shared

Computers

4

Business Problems at the Endpoint

Source: Internet Security Threat Report Vol. XIII; Mar 2008Source: Internet Security Threat Report Vol. XIII; Mar 2008

Significant Increase in Malicious New Code Threats

55

Key Ingredients for Endpoint Protection

Antivirus

AntiVirus

• World’s leading AV solution

• Most (40) consecutive VB100 Awards

Virus Bulletin – October 2008Virus Bulletin – October 2008

SymantecPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASSPASS

400

66

Key Ingredients for Endpoint Protection

Antivirus

Antispyware

Antispyware

• Best rootkit detection and removal

• VxMS = superior rootkit protection

Source: Thompson Cyber Security Labs, August 2006

Viruses, Trojans, WormsViruses, Trojans, Worms

77

Key Ingredients for Endpoint Protection

Antivirus

Antispyware

Firewall

Firewall

• Industry leading endpoint firewall technology

• Gartner MQ “Leader” – 4 consecutive years

• Rules based FW can dynamically adjust port settings to block threats from spreading

Viruses, Trojans, WormsViruses, Trojans, Worms

Spyware, RootkitsSpyware, Rootkits

88

Key Ingredients for Endpoint Protection

Antivirus

Antispyware

Firewall

IntrusionPrevention

Intrusion Prevention

• Combines NIPS (network) and HIPS (host)

• Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants

• Granular application access control

• TruScanTM - Proactive Threat Scanning technology - Very low (0.0049%) false positive rate

• Detects 1,000 new threats/month - not detected by leading av engines

No False Alarm

False Alarms

25M Installations25M Installations

Fewer than 50 False Positives for every 1 MM PC’s

Fewer than 50 False Positives for every 1 MM PC’s

Worms, SpywareWorms, Spyware

Spyware, RootkitsSpyware, Rootkits

Viruses, Trojans, WormsViruses, Trojans, Worms

9

Intrusion Prevention System (IPS)Combined technologies offer best defense

(N)IPSNetwork IPS

(H)IPSHost IPS

Deep packet inspectionAttack-facing(Symantec sigs. via LiveUpdate, Custom sigs, SNORT-like)

IntrusionPrevention

(IPS)

TruScanTM Behavior-based (Proactive Threat Scan technology)

Generic Exploit Blocking Vulnerability-facing (Signatures for vulnerability)

System Lockdown

White listing (tightly control which applications can run)

10

Detects 1,000 threats/month not detected by top 5 leading antivirus engines

TruScanTM - Proactive Threat Scan

• 6 months testing with Norton consumer technology

• Very low false positive rate (0.004%)

• Fewer than 50 False Positives for every 1M computers

• No set up or configuration required

1111

Key Ingredients for Endpoint Protection

Antivirus

Antispyware

Firewall

IntrusionPrevention

Device and ApplicationControl

Device and Application Control

• Prevents data leakage

• Restrict Access to devices (USB keys, Back-up drives)

• Whitelisting – allow only “trusted” applications to run

W32.SillyFDC

• targets removable memory sticks

• spreads by copying itself onto removable drives

such as USB memory sticks

• automatically runs when the device is next

connected to a computer

Spyware, RootkitsSpyware, Rootkits

Viruses, Trojans, WormsViruses, Trojans, Worms

Worms, SpywareWorms, Spyware

0-day, Key Logging0-day, Key Logging

1212

Key Ingredient for Endpoint Compliance

Antivirus

Antispyware

Firewall

IntrusionPrevention

Device and Application Control

Network AccessControl

Network Access Control

• Comes ready for Network Access Control – add on

• Agent is included, no extra agent deployment

• Simply license SNAC Enforcement

1313

Next Generation Symantec AntiVirus

Results:

Reduced Cost, Complexity &

Risk Exposure

Increased Protection, Control &

Manageability

Antivirus

Antispyware

Firewall

IntrusionPrevention

Device and ApplicationControl

Network AccessControl

Single Agent, Single ConsoleSingle Agent, Single Console

Managed by Symantec Endpoint Protection Manager

Managed by Symantec Endpoint Protection Manager

Symantec Network Access Control 11.0

Symantec Endpoint Protection 11.0

14

Next Generation Management

Comprehensive Reporting

• 50+ canned reports

• Customizable Dashboard

• Monitors

15

What analysts are saying

Organizations should consider Symantec Endpoint Protection if they ….. are looking for a more complete protection platform that supports the selection of multiple styles of protection from an extensible agent framework and managed from a single console.

Organizations should consider Symantec Endpoint Protection if they ….. are looking for a more complete protection platform that supports the selection of multiple styles of protection from an extensible agent framework and managed from a single console.

Gartner Magic QuadrantEndpoint Protection Platforms, 12/2007

1616

Productivity Impact:Open Word and PowerPoint Faster with Symantec

Microsoft Office 2007/Vista File “Open” Times

(Increase Over Unprotected System)

Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008)

Symantec100% Faster

Symantec800% Faster

17

Altiris

Client ManagementSuite

• Policy-based software delivery• Application Management• Software Virtualization• Patch Management• Backup and Recovery• Application Usage• Remote Control

Altiris

Software Delivery Suite

•Apply Patches •Ensure software is installed and stays installed

• Report machines not connecting•Identify missing hard-drives

Complement Security with Management

Symantec

Endpoint Protection Integrated Component

• Streamline migrations• Initiate scans or agent health tasks• Dashboards integrate security and

operational information

18

Is Endpoint Protection Enough Protection?

Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Employee Laptop

Internet Through Firewall

Non-Employee Laptop

VPN Home System

Don’t Know

Other

43%

39%

34%

27%

8%

8%

“What Are The Most Common Sources Of Automated Internet Worm Attacks ?”

19

Challenge:Access to Corporate Networks

Corporate Network

Partners

Consultants

AuditorsHome PC

Hotel Business Center

Partners

Open access to corporate networks meanshigher risk for infection

Consultants

Solution:Network Access Control

• Checks adherence to endpoint security policies Antivirus installed and current?

Firewall installed and running?

Required patches and service packs?

Required configuration?

• Fixes configuration problems

• Controls guest access

Network Access Control helps prevent malware from spreading throughout the network

NAC is process that creates a much

more secure network

Network Access Control (continued)

• Restricts access to your network by creating a closed system

• Offers automatic endpoint remediation before access is granted

• Checks adherence to endpoint security policies even when connected to network

Corporate Network

Employees Non-employees

ManagedUnmanaged

On-site Remote

22

Symantec Network Access Control 3 Key Components

1. Central Management Console

2. Endpoint Evaluation Technology

3. Enforcer

23

1. Central Management Console

• Policy Management

• Web-based GUI

• Enterprise class/scale

• Role-based access

• Hierarchical views

• Integration with Active Directory

Symantec Endpoint Protection Manager

Same Management Console used for Symantec Endpoint Protection 11.0

24

2. Endpoint Evaluation Technologies

Symantec Endpoint Protection 11.0 agentis SNAC ready

Dissolvable Agents‘Unmanaged’ Endpoints

Better

Remote Scanner‘Unmanagable’ Endpoints

Good

Persistent Agents‘Managed’ Endpoints

Best

25

3. Enforcers

Symantec LAN Enforcer-802.1X

Symantec DHCP Enforcer

Symantec Gateway Enforcer

Symantec Self-Enforcement

Ho

st-b

ased

Net

wo

rk-b

ased

(o

pti

on

al)

Best

Better

Good

26

How SNAC is Packaged

Central Management Console

Endpoint Evaluation Technology

Endpoint Evaluation Technology

Symantec Endpoint Protection Manager

Persistent Agent (SNAC Agent)

Dissolvable Agent (On-Demand Agent)

Remote Vulnerability Scanner

Self - Enforcement

Gateway Enforcement

DHCP Enforcement

LAN (802.1x) Enforcement

*

*

Add On

Add On

Add On

Add On

*

SymantecNetworkAccess Controlv 11.0

SymantecNetworkAccess Control

Starter Editionv 11.0

* Required purchase of an enforcer appliance

27

Symantec NAC Self-Enforcement:How It Works

Onsite or Remote Laptop

Symantec Endpoint

Protection Manager

RemediationResources

Client connects to network and

validates policy

PersistentAgent

performs self-

compliance checks

Compliance fail: Apply “Quarantine”

firewall policy

Compliance pass: Apply “Office” firewall policy

Host Integrity Rule Status

Anti-Virus On Anti-Virus Updated Personal Firewall On Service Pack Updated

Patch Updated

Persistent Agent

Protected Network

Quarantine

Patch Updated

28

Satelliteoffice

Where Endpoint Security Fits

Corporate Network

Home PC

Homeoffice

CoffeeHouse

Mobile Device

Mobileoffice

File Server

Web Server

CD

USB

Server

Endpoint Protection Endpoint EncryptionAdvanced Server Protection

Mobile Security Network Access Control

Partners

SymantecTM Endpoint Protection

SymantecTM

Endpoint Encryption

SymantecTM Critical System Protection

SymantecTM

Mobile Security

SymantecTM

Network Access Control

29

Available Today

• Customers with valid maintenance will automatically receive an email notification from which they can easily download the software

• Download software by directly visiting Symantec’s electronic software distribution website (“FileConnect”- serial number required)

– http://www.symantec.com/downloads/fileconnect/index.jsp

• Visit Symantec’s Licensing Portal that delivers multi-function capabilities in one easy-to-navigate portal (serial and/or account number required)

– http://www.symantec.com/enterprise/licensing/index.jsp?src=symsug_us

3030

Symantec™ Global Intelligence Network

> 7,000 Managed Security Devices + 120 Million Systems Worldwide + 2Million Probe Network + Advanced Honeypot Network

Reading, England

Alexandria, VA

Sydney, Australia

Mountain View, CA

Culver City, CA

Calgary, Canada

San Francisco, CA

Dublin, Ireland

Pune, India

Taipei, Taiwan

Tokyo, Japan

4 Symantec SOCs80 Symantec Monitored

Countries40,000+ Registered Sensors

in 180+ Countries11 Symantec Security

Response Centers

Austin, TX

Chengdu, China

Chennai, India

• Received 40 consecutive Virus Bulletin 100% Certification awards*

• TruScanTM technology catches 1,000 more threats per month than other AV vendors**

* Source: virusbtn.org; ** Source: Symantec

Thank You!

Alexander Paral, Manager Pre Sales Consulting

M: +43 (664) 5013926

@: alexander_paral@symantec.com

Copyright © 2007 Symantec Corporation. All rights reserved.  Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.  Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising.  All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law.  The information in this document is subject to change without notice.