360 likes | 371 Views
Learn about Symantec's enterprise security strategy and the importance of protecting interactions, information, and infrastructure. Discover how Symantec offers real-time defense against threats, from viruses to data theft, and enables comprehensive endpoint protection with a unified agent. Gain insight into the common sources of internet attacks and the need for robust endpoint security policies for compliance and threat prevention.
E N D
Symantec Endpoint Security Because IT begins at the endpoint. Tony Brockman Technical Product Marketing Manager October 10, 2006
Enterprise Security Strategy Security Foundation Strategic Direction Questions Today's Discussion Topics 1 2 3 4
A Common Scenario These Days… • The CISO… And Often Their Staff, ask: “Well I Know You Guys Bought A Bunch Of Companies… And Then I Saw You Got Out The Appliance Business… And Haven’t You Done A Merger ? So, What’s Going On ?”
Symantec Company Strategy – Protection Protecting Interactions Protecting Information Protecting Infrastructure
Enterprise Security – Focus On Protection Of Information Protecting Interactions Protecting Information Protecting Infrastructure
Protecting Information – From What ? • External Threats Such As Viruses, Spyware & Crimeware • Exploiting System Vulnerabilities • Internal Threats Such As Data Theft • Exploit Lack Of Supervision For Corporate Information Flow • Non-Compliance With Policy Or Regulation (SOX, FISMA) • Lack Of Adequate Controls Or Evidence Collection
Information Security Security Foundation Security Foundation & Information Security • Provides A Real Time Defense Against Malicious Activity Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server
Security Management Information Security ! i Security Foundation Analysis, Audit & Compliance Policy Management Vulnerability Management Information Management Event & Log Management Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server
Protection From External Malicious Threats • Protection Starts At The Corporate Endpoint • Broad Range Of Client Devices : Laptop, Desktop, Cell Phone • Broad Range Of Threats : Virus, Worms, SpyWare … CrimeWare Crimeware SpyWare Worm Virus SymbianDevice LaptopPC DesktopPC WindowsSmartphone
Silent Noisy & Visible OLD NEW Highly Targeted Indiscriminate Few, Named Variants Overwhelming Variants As Threat Landscape Changes, Technology Must as Well From Hackers & Spies… To Thieves Moving from Disrupting Operations To Damaging Trust and Reputations
Office&PSTs KeyStrokes Thieves Want To Steal Information DeviceBlocking SymbianDevice LaptopPC DesktopPC WindowsSmartphone Anti-Fraud
Crimeware SpyWare Worm Virus Symantec Client Security – Complete Endpoint Protection • Unified Agent • Single Agent Footprint For Each Device • Unified Administration • Single Point Of Control For Policy, Events & Reporting SymbianDevice LaptopPC DesktopPC WindowsSmartphone
Crimeware SpyWare Worm Virus Symantec Client Security – Complete Endpoint Protection • Supports The Broadest Range Of Enterprise Devices • Eliminates The Broadest Range Of External Malicious Threats SymbianDevice LaptopPC DesktopPC WindowsSmartphone
Pass: Detected all "In the Wild viruses" in comparative tests (with no false positives) • Fail: Missed detection after three attempts • —: Chose not to submit for testing Endpoint protection built on Symantec AntiVirus • Symantec: • Submitted all supported environments for analysis since Nov. ‘99 • ONLY vendor to obtain 26 consecutive VB100 Awards
Is Endpoint Protection Enough Protection ? “What Are The Most Common Sources Of Automated Internet Worm Attacks ?” 43% Employee Laptop 39% Internet Through Firewall 34% Non-Employee Laptop 27% VPN Home System 8% Don’t Know 8% Other Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
Protection Viruses UnknownAttacks Trojans Spyware Worms Endpoint Security Policy Status Compliance Anti-Virus On Anti-VirusSignatureUpdated PersonalFirewallOn ServicePackUpdated Patch Updated The Need for Endpoint Security
Step 1 Endpoint Attaches To Network Configuration Is Determined Discover ✗ Monitor Endpoint ToEnsure Ongoing Compliance Step 4 Monitor Enforce ü ü Step 2 Compliance Of ConfigurationAgainst Policy Is Checked Remediate PatchQuarantineVirtual Desktop Step 3 Take Action Based OnOutcome Of Policy Check Symantec Endpoint Compliance Process
Symantec Network Access Control Ensures endpoints are protected and compliant prior to accessing network resources • Choose quarantine, remediation or federated access • Enforce policy before access is granted • Execute updates, programs, services, etc. • Limit connection to VLAN, etc • Broadest enforcement options of any vendor • Remote connectivity (IPSec, SSL VPN) • LAN-based, DHCP, Appliance • Standards-based, CNAC, MSNAP
Web-basedApplications ThinClient/ServerApplications TraditionalClient/ServerApplications FileShare PartnerExtranet PublicKiosk TravelingExecutives Symantec On-Demand Protection • Ideal for use with: • Outlook Web Access (OWA) • Web-enabled applications • Most complete On-Demand security solution • Virtual Desktop • Malicious Code Prevention • Cache Cleaner • Mini personal firewall • Host Integrity • Adaptive Policies Layered security technology solution for unmanaged endpoints
OWA Kiosk Partner Temp Network Access Control + On-Demand Protection • Complete security compliance regardless of network access method • Managed Devices: laptops, mobile phones • Unmanaged Devices: Guest, contractor, partners, kiosks SymbianDevice LaptopPC DesktopPC WindowsSmartphone
1010101 1010101 1010101 Servers Are Endpoints Too • Data Center Servers Are Exposed To A Broad Range Of Threats • Malicious Code… Malicious Users LoosePrivileges SystemDevices BufferOverflow BackDoor FileServer EmailServer ApplicationServer Database Server
1010101 1010101 1010101 Symantec Critical System Protection 5.1 • Eliminates The Broadest Range Of Malicious Server Threats • Runs On The Broadest Range Of Operating Systems LoosePrivileges SystemDevices BufferOverflow BackDoor FileServer EmailServer ApplicationServer Database Server
Network Protection Exploit Prevention Auditing & Alerting System Controls Symantec Critical System Protection 5.1Multi-layer protection for critical systems • Close back doors (block ports) • Limit network connectivity by application • Restrict traffic flow inbound and outbound • Restrict apps & O/S behaviors • Protect systems from buffer overflow • Intrusion prevention for day-zero attacks Symantec Critical System Protection 5.1 • Monitor logs, system settings & user • auth for security events • Consolidate & forward logs for archival • Smart event response for quick action • Lock down configuration & settings • Enforce security policy • De-escalate user privileges • Prevent removable media use
Security Foundation Client Security + Critical System Protection • Think Of It As Your “Security Foundation” • Managed From A Single, Integrated Operational Console Symantec Client Security Symantec Critical System Protection Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server
Enforcement Host Integrity OSProtection Adaptive Policies IPS FW Symantec Sygate Enterprise Protection • Add the industry’s best managed firewallto your existing anti-virus protection Enterprise Management • Personal firewall with application control • Buffer overflow protection and IDS • Location awareness • Peripheral device control • Powerful system compliance checking • Network Access Control integration • Centralized scalable management
Gartner Personal Firewall Magic Quadrant – June 2006 Regarding Vision: (page 10) • “Symantec made two acquisitions in 2005 that not only earned it the top vision rating, but also challenged other vendors to show improved vision.” Regarding integration of Sygate and WholeSecurity:(page 10) • “…Symantec will recover quickly to offer the most complete set of protections across the largest number of platforms and OSs.” Regarding the competition:(pages 9 & 10) • “Microsoft's Windows XP Firewall doesn't measure up to third-party products.” • “CSA is integrated with CNAC via the Cisco Trust Agent (CTA), but it is not a broad HIPS suite capable of challenging a company such as Symantec.” Publication Date: 27 June 2006/ID Number: G00139942
Critical SystemProtection Client Security Critical SystemProtection Critical SystemProtection Client Security Critical SystemProtection Security Foundation Client Security Protecting the Security Foundation Cell Phone Laptop Desktop File Server Application Server Messaging Server Database Server
ProtectionTechnology Symantec Solution Symantec Network Access Control Host integrity & remediation Symantec ConfidenceOnline Anti crimeware Hamlet* Devicecontrols Buffer overflow &exploit protection Symantec SygateEnterprise Protection O/S Protection Network IPS Client Firewall AntiVirus SymantecAntiVirus Anti-spyware Comprehensive Endpoint Security Requires a Complete Approach Endpoint Exposures Always on, always up-to- date Zero-hour attacks, Malware, Trojans, application injection Applications I/O Devices Slurping, IP theft, malware Buffer Overflow, process injection, key logging Memory/ Processes Malware, Rootkits, day-zero vulnerabilities Operating System Network Connection Worms, exploits & attacks Viruses, Trojans, malware & spyware Data & FileSystem * Future
A look toward the Future – Hamlet (1H’07) SAV 9.x & 10.xSymantec AntiVirus Hamlet SCS 3.xSymantec Client Security Agent Symantec AntiVirus 11Symantec Client Security 4 SSEP 5.xSymantec Protection Agent 5.x Symantec EndpointSecurity Manager SCS 3.x & SAV 10.x(Symantec System Center) Management Console Symantec SygatePolicy Manager
Consulting Education TechnicalSupport ManagedSecurity Services EarlyWarning Services • Advisory Services • Enablement Services • Technology Deployment • Operational Integration • Residency Services • Operational Services • Skills Assessment • Classroom Training • Customized Training • Virtual Academy • Self-study • Business Critical Service Assessments • Incident Management • Problem Resolution • Onsite Support & Best Practices • Monitor • Manage • Respond • DeepSight Threat Management System • DeepSight Alert Services Symantec Global Services –Integrated to meet all your service needs Symantec Global Services provides you with the right people, process, and technology to optimize your IT infrastructure and service delivery while managing your business risk. We keep your enterprise up, running, and growing – no matter what happens.
Assessment Services SAV Check-Up SSEP Policy Audit Design and Implementation Services SAV, SCSP, SSEP, SNAC, SoDP Migration Services Sygate Enterprise Protection (SSE) / SSEP SAV Competitive Migration Residency Services for on-going management Continuous on-site technology and business expertise, allowing clients to realize the full value of technology investments and optimize resources in support of core business strategies Symantec Endpoint Security Consulting Services Extensive knowledge and insight, experienced business, industry and technology experts, and flexible consulting approach to deliver endpoint security solutions that proactively protect the infrastructure and improve operational performance Manage Assess Business / IT Alignment Implement Design People Process Technology
Why Train With Symantec: Faster, more successful product implementation Better return on security investment Unrivaled product training expertise with the most up-to-date content available Certified instructors with real-world experience Flexible delivery options Available Training: Symantec AntiVirus 10.x (Classroom or Virtual Academy) Symantec AntiVirus Tech Center (Subscription) Sygate Enterprise Protection 5.x (Classroom) Sygate Enterprise Protection 201 (Classroom) Symantec Critical System Protection 5.0 (Classroom) Symantec Endpoint Security Education Services Classroom Training eLearning Live Training Self-Paced Onsite Training Onsite Training
Three levels of Supportoffer Flexibility and Choice: Personalized, proactive support from elite technical experts, coordinated by a single point of contact and featuring Symantec’s highest levels of response Business Critical Services Around-the clock access to Symantec’s technical experts, with faster response times and access to all product upgrades* Essential Support Lowest price option including access to product upgrades and business hour support Basic Maintenance * Response time targets are faster for Essential Support than for Basic Maintenance • UNIQUE EXPERTISE • COMMITMENT TO CUSTOMER ADVOCACY • INNOVATIVE APPLICATION OF SUPPORT TECHNOLOGIES • FLEXIBLE SUPPORT OFFERINGS
Questions? Because IT begins at the endpoint.