1 / 0

State of Hawaii Symantec Protection Suite Briefing

State of Hawaii Symantec Protection Suite Briefing. Bill Musson, CISSP. Senior Systems Engineer. 1. 1. Agenda. Symantec Endpoint Protection SEP11 Overview Symantec Endpoint Protection SEP12 Overview Symantec Insight Symantec Online Network for Advanced Response (SONAR)

colman
Download Presentation

State of Hawaii Symantec Protection Suite Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State of HawaiiSymantec Protection Suite Briefing

    Bill Musson, CISSP Senior Systems Engineer 1 1
  2. Agenda Symantec Endpoint Protection SEP11 Overview Symantec Endpoint Protection SEP12 Overview Symantec Insight Symantec Online Network for Advanced Response (SONAR) Centralized Security Management Symantec Management Platform IT Analytics for SEP Workflow SPC v1 SPC v2

  3. Symantec Endpoint Protection 11

    3
  4. Symantec Endpoint Protection 11 Increased Protection, Control & Manageability Reduced Cost, Complexity & Risk Exposure SEP 11 NAC 11 Single Agent, Single Console Network AccessControl Results: Device and Application Control IntrusionPrevention Firewall Antispyware Antivirus Managed by Symantec Endpoint Protection Manager
  5. Gartner Magic Quadrant for EPP

  6. Symantec Endpoint Protection 12

    Symantec Insight Symantec Online Network for Advanced Response (SONAR) 6
  7. The ProblemNo Existing Protection Addresses the “Long Tail” Today, both good and bad software obey a long-tail distribution. Good Files Bad Files Unfortunately neither technique works well for the tens of millions of files with low prevalence. (But this is precisely where the majority of today’s malware falls) Prevalence For this long tail a new technique is needed. Whitelisting works well here. Blacklisting works well here.
  8. The Inspiration Only malware mutates So . . . if an executable is unique, it’s suspicious . . . but how to know if a file is unique?
  9. How many copies of this file exist? How new is this program? Is it signed? How often has this file been downloaded? How many people are using it? Where is it from? Does it have a security rating? Have other users reported infections? Is the source associated with infections? How will this file behave if executed? What rights are required? Is the file associated with files that are linked to infections? Does the file look similar to malware? How old is the file? Is the source associated with SPAM? Have other users reported infections? Who created it? Is the source associated with many new files? Who owns it? What does it do?
  10. Achilles Heel of Mutated Threats B7 93 8F 4C 15 FE Unrivaled Security Hackers mutate threats to evade fingerprints Mutated threats stick out like a sore thumb Virus Writer’s Catch-22 Mutate too much = Insight finds it Mutate too little = Easy to discover & fingerprint
  11. Symantec Insight The context of a file is as telling as its content How will this file behave if executed? What rights are required? Is the file associated with files that are linked to infections? Does the file look similar to malware? How old is the file? Is the source associated with SPAM? OR OR Have other users reported infections? Who created it? BAD LOW NEW OLD HI GOOD The context you need Prevalence Reputation Age
  12. How it works Check the DB during scans Rate nearly every file on the internet 1 2 4 3 5 Build a collection network Is it new? Bad reputation? Allow Deny Look for associations Provide actionable data Associations
  13. First Insight is used for manual scans of endpoints. What are other ways that Symantec leverages Insight in Symantec Endpoint Protection 12?
  14. Download Insight Download Insight is a technology that checks the reputation of binaries being downloaded and blocks them if they are “Bad”. Download Insight scans files when they are downloaded using what we term a portal application (IE. Firefox, IE)
  15. Faster Scans On a typical system, 70% of active applications can be skipped! ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü Traditional Scanning Has to scan every file Insight - Optimized Scanning Skips any file we are sure is good,leading to much faster scan times 17
  16. Scan Speed Symantec Endpoint Protection Scans: 3.5X faster than McAfee 2X faster than Microsoft Ranked 1st in overall Performance! PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport 18
  17. Create Policies based on Risk Tolerance Only software with at least 10,000 users over 2 months old. Can install medium-reputation software with at least 100 other users. No restrictions but machines must comply with access control policies. Finance Dept Help Desk Developers
  18. Symantec Online Network for Advanced Response (SONAR) Artificial Intelligence Based Classification engine Human-authored Behavioral Signatures Behavioral Policy Lockdown This information enables three new features
  19. Now, lets review how Symantec Insight and SONAR are utilized to strengthen and augment security in SEP 11 as well as reduce false positives.
  20. The Security Stack – for 32 & 64 bit systems IPS & Browser Protection Firewall Network & Host IPS Monitors vulnerabilities Monitors traffic Looks for system changes Stops stealth installs and drive by downloads Focuses on the vulnerabilities, not the exploit Improved firewall supports IPv6, enforces policies 23
  21. Insight – Provides Context Insight Reputation on 2.5 Billion files Adding 31 million per week Identifies new and mutating files Feeds reputation to our other security engines Only system of its kind 24
  22. File Scanning File Scanning Cloud and Local Signatures New, Improved update mechanism Heuristics & Signature Scan Most accurate heuristics on the planet. Uses Insight to prevent false positives 25
  23. SONAR – Completes the Protection Stack SONAR Monitors processes and threads as they execute Rates behaviors Feeds Insight Only hybrid behavioral-reputation engine on the planet Monitors 400 different application behaviors Selective sandbox (ex Adobe) 26
  24. What about the actual performance impact on the client with SEP 12.
  25. SEP Client Impact on Memory Use Memory Usage Symantec Endpoint Protection uses: 66% less memory than McAfee 76% less memory than Microsoft PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport 28
  26. Will SEP 12 do anything to continue improving performance for guests in virtual environments.
  27. SEP 12 Built for Virtual Environments Virtual Client Tagging Virtual Image Exception Shared Insight Cache Resource Leveling Together – up to 90% reduction in disk IO 30

  28. Centralized Security Management PlusConvergence and Integration with Operational Tools

    Symantec Management Platform IT Analytics for SEP Workflow SPC v1 SPC v2 31
  29. Symantec Management PlatformPath to Full PC Lifecycle Management Altiris Software Delivery Suite Altiris Client Management Suite Symantec Endpoint Protection Integrated Component Apply Patches Ensure software is installed and stays installed Report machines not connecting Identify missing hard-drives Streamline migrations Initiate scans or agent health tasks Dashboards integrate security and operational information Policy-based software delivery Application Management Software Virtualization Patch Management Backup and Recovery Application Usage Remote Control
  30. Enhanced Reporting - IT Analytics for SEP Ad-hoc Data Mining – Pivot Tables Data from multiple Symantec Endpoint Protection Servers Break down by virus occurrences, computer details, history of virus definition distribution . . . Charts, Reports and Trend Analysis Alert & risk categorization trends over time Monitor trends of threats & infections detected by scans Dashboards Overview of clients by version Summary of threat categorization and action taken for a period of time Summary of Virus and IPS signature distribution 33
  31. WorkflowIntegrate IT Tools to Match Business Processes Graphical tool Integration across products 3rd party integration Process control Timeouts Escalations Delegation Auditing 34
  32. Symantec Protection Center v1 Centralized Security Console Features Single Sign-On Central Access to Products Reports and Dashboards Basic Gin Feeds Product Coverage Symantec Endpoint Protection Symantec Network Access Control Symantec Data Loss Prevention Symantec Critical Systems Protection IT Analytics Symantec Brightmail Gateway
  33. Symantec Protection Center v2 Symantec Protection Center Cross Product Automation Cross Product Reports & Dashboards Native Management for select products Single Sign On and Console Access Symantec Protection Suites Endpoint Management Data Loss Prevention Control Compliance Suite Symantec EP and NAC Encryption 3rd Party / Cloud Based Products Data Feeds GIN Feeds Protection Center Appliance 36
  34. Bill Musson William_musson@symantec.com 808-220-4061 Thank You! 37 37
More Related